ROPSHELL 
ropshell> use 42c5eb56ae8be10f34b53bef76caa24e (download)
name         : cygwin1.dll (x86_64/PE)
base address : 0x180041000
total gadgets: 12275

ropshell> suggest "load mem"
> 0x1800cc680 : movzx eax, [rcx]; ret
> 0x1801e0dc0 : movzx eax, [r8]; pop rbx; ret
> 0x1801f9cd0 : mov rax, [rcx + 0x120]; ret
> 0x180073be0 : movsxd rax, [rdx + 0x18]; ret
> 0x1801f9cd1 : mov eax, [rcx + 0x120]; ret
> 0x1800914f0 : movzx eax, [rdx + 0x18]; ret
> 0x18009d969 : mov rcx, [rax]; call r13
> 0x1801b9d1e : mov rcx, [rbx]; call rsi
> 0x18007d46b : mov rdx, [rsi]; call rax
> 0x18005e16c : mov rdx, [rdi]; call rax
> 0x18009d96a : mov ecx, [rax]; call r13
> 0x1801b9d1f : mov ecx, [rbx]; call rsi
> 0x1800bc35d : mov edx, [rax]; call rsi
> 0x18007d46c : mov edx, [rsi]; call rax
> 0x18005e16d : mov edx, [rdi]; call rax
> 0x1800ce4a0 : mov rax, [rcx]; jmp [rax + 0x20]
> 0x1801b72c3 : mov rax, [rbp + 0x18]; call rax
> 0x1800ba717 : mov rcx, [rax + 0x30]; call rbp
> 0x1801b600a : mov rcx, [rbp + 0x15c0]; call rbx
> 0x1800e2ead : mov rdx, [rax + 0x60]; call rsi
> 0x1801e021d : mov rdx, [rbx + 0x90]; call rax
> 0x18015162c : mov rdx, [rcx + 8]; mov [rdx - 0x1c08], rax; ret
> 0x1801b72c4 : mov eax, [rbp + 0x18]; call rax
> 0x1800ba718 : mov ecx, [rax + 0x30]; call rbp
> 0x1801b600b : mov ecx, [rbp + 0x15c0]; call rbx
> 0x1800e2eae : mov edx, [rax + 0x60]; call rsi
> 0x1801e021e : mov edx, [rbx + 0x90]; call rax
> 0x18015162d : mov edx, [rcx + 8]; mov [rdx - 0x1c08], rax; ret
> 0x18013d544 : mov rax, [rbx]; call [rax + 0x20]
> 0x1801b9c43 : mov rdx, [rax]; mov rcx, rdi; call rbp
> 0x18013d545 : mov eax, [rbx]; call [rax + 0x20]
> 0x180198a4a : mov edx, [rcx]; xor eax, eax; test edx, edx; sete al; ret
> 0x1800bf53e : mov eax, [r9 + 0xc]; sub eax, [r9 + 0x14]; ret
> 0x1801533f0 : mov rcx, [rbx + 0x60]; call [rbx + 0x58]
> 0x18015351c : mov rcx, [rsi + 8]; call [rsi]
> 0x1801533f1 : mov ecx, [rbx + 0x60]; call [rbx + 0x58]
> 0x18015351d : mov ecx, [rsi + 8]; call [rsi]
> 0x1800b38bd : mov rax, [rsi]; mov rcx, rsi; call [rax + 0x20]
> 0x18009fc50 : mov rax, [rdi]; mov rcx, rdi; call [rax + 0x20]
> 0x1800655d5 : mov rax, [rbp]; mov rcx, rbp; call [rax + 0x20]
> 0x1800d0088 : mov rax, [r11]; mov rcx, r11; call [rax + 0x20]
> 0x180041c2d : mov rax, [r12]; mov rcx, r12; call [rax + 0x20]
> 0x1800f13e4 : mov rax, [r13]; mov rcx, r13; call [rax + 0x20]
> 0x18014fec4 : mov rax, [r14]; mov rcx, r14; call [rax + 0x20]
> 0x1800b2632 : mov rax, [r15]; mov rcx, r15; call [rax + 0x48]
> 0x18014fec5 : mov eax, [rsi]; mov rcx, r14; call [rax + 0x20]
> 0x1800b2633 : mov eax, [rdi]; mov rcx, r15; call [rax + 0x48]
> 0x1800f13e5 : mov eax, [rbp]; mov rcx, r13; call [rax + 0x20]
> 0x18007d468 : mov eax, [rbx + 0x10]; mov rdx, [rsi]; call rax
> 0x1800a919c : mov edx, [r8 + 0x28]; mov [rax + 0x54], edx; xor eax, eax; ret
> 0x18019c9dc : mov rcx, [rdx + 0x18]; mov rdx, [rdx + 0x10]; mov [rdx], rcx; ret
> 0x1801e01be : movsxd r10, [rbx + 0xa0]; add rdx, r10; sub r8d, r10d; call rax
> 0x1800ee874 : mov r10, [rcx + 0x20]; mov [rdx], r9; mov [rdx + 8], r10; ret
> 0x18019c9dd : mov ecx, [rdx + 0x18]; mov rdx, [rdx + 0x10]; mov [rdx], rcx; ret
> 0x18015536d : mov rdx, [rcx]; mov [rsp + 0x3c], eax; call [rdx + 8]
> 0x1801006dd : mov r8, [rax]; mov rdx, rbx; mov rcx, rax; call [r8 + 0x18]
> 0x1801533f7 : mov r8, [rbx]; mov rdx, rax; mov rcx, rbx; call [r8 + 0x18]
> 0x1801a797c : mov ecx, [rdx]; movsxd rcx, [r9 + rcx*4]; add rcx, r9; jmp rcx
> 0x1800ceecd : mov rax, [r8 + 8]; mov [rcx + 0x10], 0; mov [rcx + 0x20], rax; ret
> 0x1800fe337 : mov rdx, [r8 + 0x18]; mov [rcx + 0x28], rax; mov [rcx + 0x30], rdx; ret
> 0x1801502c4 : mov rdx, [r12]; mov [rbp - 4], eax; mov rcx, r12; call [rdx + 0x20]
> 0x180154511 : mov rdx, [rbx]; mov [rsp + 0x2c], eax; mov rcx, rbx; call [rdx + 8]
> 0x180063687 : mov rdx, [rbp]; mov [rsp + 0x4c], eax; mov rcx, rbp; call [rdx + 0x20]
> 0x180124310 : mov r9, [rax]; mov r8, rbp; xor edx, edx; mov rcx, rax; call [r9]
> 0x1800ee880 : mov r9, [rcx]; mov r10, [rcx + 8]; mov [rdx], r9; mov [rdx + 8], r10; ret
> 0x1800425c8 : mov r10, [rax]; xor edx, edx; mov r8, rbp; mov rcx, rax; call [r10]
> 0x180154512 : mov edx, [rbx]; mov [rsp + 0x2c], eax; mov rcx, rbx; call [rdx + 8]
> 0x180063688 : mov edx, [rbp]; mov [rsp + 0x4c], eax; mov rcx, rbp; call [rdx + 0x20]
> 0x1801e975c : mov ecx, [rbp]; mov rdx, r15; mov rcx, [rbp + 0x230]; mov rax, [rbp - 0x18]; call rax
> 0x1801ded15 : mov rax, [rbx + 8]; lea rdx, [rsp + 0x2c]; mov rcx, rbx; call [rax + 0x40]
> 0x1801e8f71 : mov rdx, [rbp + 0x20]; mov [rsp + 0x20], rcx; mov rcx, [rbp + 0x230]; call rbx
> 0x18019c9a0 : mov r8, [rdx + 0x10]; mov rdx, rcx; shr rdx, 1; test r9b, r9b; cmovg rcx, rdx; mov [r8], rcx; ret
> 0x1800ee870 : mov r9, [rcx + 0x18]; mov r10, [rcx + 0x20]; mov [rdx], r9; mov [rdx + 8], r10; ret
> 0x1800bc198 : mov r14, [rax + 0x38]; lea rdi, [rsp + 0x4e]; mov rcx, [rsp + 0x30]; call r14
> 0x1801e8f72 : mov edx, [rbp + 0x20]; mov [rsp + 0x20], rcx; mov rcx, [rbp + 0x230]; call rbx
> 0x1800bc199 : mov esi, [rax + 0x38]; lea rdi, [rsp + 0x4e]; mov rcx, [rsp + 0x30]; call r14
> 0x1800b0570 : mov eax, [rdx]; sbb [rax], al; add [rcx + rcx + 0x48], dh; lea esp, [rbp - 0x28]; pop rbx; pop rbp; ret
> 0x180144bca : mov edx, [r12]; mov rcx, rbx; mov [rax], edx; mov rax, [rbx]; call [rax + 0x20]
> 0x18009adaa : mov rcx, [r15 + 0x18]; mov [rsp + 0x20], 0; lea r8, [rsp + 0x8c]; mov rdx, rbx; call r10
> 0x18009adab : mov ecx, [rdi + 0x18]; mov [rsp + 0x20], 0; lea r8, [rsp + 0x8c]; mov rdx, rbx; call r10
> 0x1800b0a41 : mov r8, [rcx + 0x38]; mov [rax + 0x38], r8; mov [rdx + 0x38], rax; mov [rcx + 0x38], rdx; add rsp, 0x28; ret
> 0x18019f966 : movsxd r9, [rbx + 0x20]; mov rcx, rsi; mov rdx, [rbx + 0x38]; mov [rbx], r8; call [rbx + 0x40]
> 0x18005e260 : mov r8, [rdi + 8]; lea rbp, [rip + 0x1d25f9]; lea rcx, [rdx + rcx + 0x4700]; mov rdx, [rdi]; call rax
> 0x18005e261 : mov eax, [rdi + 8]; lea rbp, [rip + 0x1d25f9]; lea rcx, [rdx + rcx + 0x4700]; mov rdx, [rdi]; call rax
> 0x1801de6b2 : movsx rax, [rdx]; lea rdx, [rsp + 0x28]; mov [rsp + 0x28], rax; mov rax, [rcx + 8]; call [rax + 8]
> 0x18019f962 : mov r8, [rbx + 0x18]; movsxd r9, [rbx + 0x20]; mov rcx, rsi; mov rdx, [rbx + 0x38]; mov [rbx], r8; call [rbx + 0x40]
> 0x18005e25c : mov rcx, [rdi + 0x20]; mov r8, [rdi + 8]; lea rbp, [rip + 0x1d25f9]; lea rcx, [rdx + rcx + 0x4700]; mov rdx, [rdi]; call rax
> 0x180132cfb : mov r10, [rdx + 0xa8]; mov [rax + 0xa0], r9; mov [rax + 0xa8], r10; mov rdx, [rcx + 0x2e08]; mov [rax + 0xa8], rdx; mov [rcx + 0x2e08], rax; ret

© 2014 - 2019 - Powered by ROPEME | Contact