ROPSHELL 
ropshell> use 4252e39aafeb85e37dc47cefc9d4e391 (download)
name         : DiscordHook64.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 5995

ropshell> suggest "load mem"
> 0x1800369a0 : mov rax, [rcx]; ret
> 0x1800369a1 : mov eax, [rcx]; ret
> 0x18003942c : movzx eax, [rsi]; pop rsi; ret
> 0x18001e0e0 : mov rax, [rcx + 0x10]; ret
> 0x18001e0e1 : mov eax, [rcx + 0x10]; ret
> 0x1800ac0fe : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x180036923 : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x180036913 : mov rcx, [rdx + 8]; mov [rax], rcx; ret
> 0x1800b3324 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800a54e3 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18008fda0 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop r14; ret
> 0x18009fb5d : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x180036914 : mov ecx, [rdx + 8]; mov [rax], rcx; ret
> 0x1800b3325 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800a54e4 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18008fda1 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop r14; ret
> 0x18006ad08 : mov rax, [rdx + 8]; mov [rcx + 8], rax; ret
> 0x18008f168 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18003191f : mov eax, [rdx + 0x40]; mov [rcx + 0x5dd64], eax; ret
> 0x18002cd63 : mov rcx, [r8]; mov r8, [rip + 0xd029b]; jmp r8
> 0x18002cd64 : mov ecx, [rax]; mov r8, [rip + 0xd029b]; jmp r8
> 0x18006ae91 : mov rbx, [rbp + 0xe8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x180057998 : mov rcx, [rbx + 0x120]; mov edx, 0x7530; call rsi
> 0x18006ae92 : mov ebx, [rbp + 0xe8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x180057999 : mov ecx, [rbx + 0x120]; mov edx, 0x7530; call rsi
> 0x18008ebe0 : mov rax, [rbx]; mov r9, [rip + 0x6e41e]; call r9
> 0x1800a6c4e : mov rax, [rdx]; mov [rax], cl; inc [rdx]; movzx eax, cl; ret
> 0x180060cfb : mov rcx, [r15]; lea rdx, [rsp + 0x98]; call rsi
> 0x18008ebe1 : mov eax, [rbx]; mov r9, [rip + 0x6e41e]; call r9
> 0x1800a6c4f : mov eax, [rdx]; mov [rax], cl; inc [rdx]; movzx eax, cl; ret
> 0x180060cfc : mov ecx, [rdi]; lea rdx, [rsp + 0x98]; call rsi
> 0x1800339c4 : mov rcx, [r8 + 8]; mov [rcx + 0x18], 1; pop rdi; pop rsi; ret
> 0x1800c0ae4 : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800339c5 : mov ecx, [rax + 8]; mov [rcx + 0x18], 1; pop rdi; pop rsi; ret
> 0x1800c0ae5 : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x18002c9a2 : mov edx, [rcx]; mov r8, [rip + 0xd065d]; mov ecx, 0x88eb; jmp r8
> 0x1800a54df : mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18005e4bd : mov rcx, [rax + 0x38]; xor edx, edx; xor r8d, r8d; call r14
> 0x18008e163 : mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x180059542 : mov r14, [rsi + 8]; mov r12, [rip + 0x87083]; call r12
> 0x18008f164 : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18005f18a : mov rcx, [rsi + 0x110]; mov rdx, rbx; mov r8d, 1; mov r9, r15; call r13
> 0x18002cd5f : mov rdx, [rcx + 0x10]; mov rcx, [r8]; mov r8, [rip + 0xd029b]; jmp r8
> 0x18005f18b : mov ecx, [rsi + 0x110]; mov rdx, rbx; mov r8d, 1; mov r9, r15; call r13
> 0x18002cd60 : mov edx, [rcx + 0x10]; mov rcx, [r8]; mov r8, [rip + 0xd029b]; jmp r8
> 0x18005953f : mov rsi, [rcx]; mov r14, [rsi + 8]; mov r12, [rip + 0x87083]; call r12
> 0x1800904c3 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x180059540 : mov esi, [rcx]; mov r14, [rsi + 8]; mov r12, [rip + 0x87083]; call r12
> 0x1800c1f05 : mov rcx, [rax]; mov edx, 1; mov rax, [rcx]; mov rcx, r8; call [rip + 0x3b0ef]; add rsp, 0x28; ret
> 0x1800acfe0 : movsxd rcx, [r9]; lea rax, [r9 + 4]; mov [r8 + 8], rax; mov [r8 + 0x30], rcx; ret
> 0x18005e4b9 : mov rax, [rbx + 8]; mov rcx, [rax + 0x38]; xor edx, edx; xor r8d, r8d; call r14
> 0x18008e15f : mov rdi, [rbp + 0x40]; mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18005e4ba : mov eax, [rbx + 8]; mov rcx, [rax + 0x38]; xor edx, edx; xor r8d, r8d; call r14
> 0x1800b4e16 : mov edx, [rax + 0x10]; mov ecx, ebx; mov rax, rsi; mov r8, [rip + 0x481f3]; call r8
> 0x18008e160 : mov edi, [rbp + 0x40]; mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18008fc2f : mov ecx, [r8 + 0x14]; mov rax, [rdx]; mov rcx, [rcx + rax]; mov [r9], rcx; mov rax, r9; ret
> 0x180043c95 : mov r8, [rcx]; mov r9, [rip + 0xb9369]; mov rcx, rax; mov edx, 1; mov rax, r8; add rsp, 0x28; jmp r9
> 0x180057f48 : mov rcx, [rdi + 0x70]; call [rip + 0x88506]; mov [rdi + 0x70], -1; mov r14, [rip + 0x886bf]; call r14
> 0x180057f49 : mov ecx, [rdi + 0x70]; call [rip + 0x88506]; mov [rdi + 0x70], -1; mov r14, [rip + 0x886bf]; call r14
> 0x1800ad036 : mov eax, [r8 + 0x48]; mov edx, [r9 - 4]; shr edx, cl; add eax, edx; mov [r8 + 8], r9; mov [r8 + 0x30], rax; ret
> 0x180036475 : mov ecx, [rbp + 0x70]; mov [rsp + 0x20], ecx; mov rcx, rsi; mov rdx, rdi; mov r8d, r13d; mov r9d, r14d; call rbx
> 0x18008f15c : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18002cd57 : mov r8, [rcx + 8]; mov rcx, [rcx + 0x10]; mov rdx, [rcx + 0x10]; mov rcx, [r8]; mov r8, [rip + 0xd029b]; jmp r8

© 2014 - 2019 - Powered by ROPEME | Contact