ROPSHELL 
ropshell> use 4c2d2746bb12863c464ebafac7e93bd5 (download)
name         : paycalc (x86_64/ELF)
base address : 0x4003b0
total gadgets: 8712

ropshell> suggest "load mem"
> 0x0046e7ab : mov eax, [rdx]; ret
> 0x0045f632 : mov eax, [rsi]; pop rbx; ret
> 0x0040f9b0 : mov rax, [rdi + 0x68]; ret
> 0x0040f9b1 : mov eax, [rdi + 0x68]; ret
> 0x00496d6b : mov rax, [rdx]; add rsp, 8; ret
> 0x00496db0 : mov rax, [rsi]; add rsp, 8; ret
> 0x00419673 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x004254d3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0041cf53 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0040f680 : mov rcx, [rdi]; mov [rdx], rcx; ret
> 0x0042be60 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x004969bb : mov rsi, [rbp]; call r14
> 0x00496967 : mov rsi, [r15]; call r14
> 0x0043dbe7 : mov rdi, [rbx]; call r12
> 0x0043dbd8 : mov rdi, [rbp]; call r12
> 0x0040751c : mov rdi, [r12]; call r13
> 0x0047d48b : mov rdi, [r13]; call r12
> 0x0043c066 : mov rdi, [r14]; call rbx
> 0x0043c0a7 : mov rdi, [r15]; call rbx
> 0x0040f681 : mov ecx, [rdi]; mov [rdx], rcx; ret
> 0x0045f4c8 : mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x00496968 : mov esi, [rdi]; call r14
> 0x004969bc : mov esi, [rbp]; call r14
> 0x0043dbe8 : mov edi, [rbx]; call r12
> 0x0043c067 : mov edi, [rsi]; call rbx
> 0x0043dbd9 : mov edi, [rbp]; call r12
> 0x0041979f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00440ad9 : mov rdi, [rbx + 0x18]; call rax
> 0x00440ada : mov edi, [rbx + 0x18]; call rax
> 0x00431520 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00495e98 : mov rdx, [r12]; mov edi, 1; call rax
> 0x004977d8 : mov rdx, [r15]; mov rdi, rbx; call rbp
> 0x0043c838 : mov rsi, [rbx]; mov rdi, r12; call rbp
> 0x0042fd36 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x004977d9 : mov edx, [rdi]; mov rdi, rbx; call rbp
> 0x0043c839 : mov esi, [rbx]; mov rdi, r12; call rbp
> 0x0047d110 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0047d0f0 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0047d104 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0047d111 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0043a0d1 : mov eax, [rcx + 4]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0043a0d0 : mov eax, [r9 + 4]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00495e35 : mov ebx, [rax + 0x48000000]; add esp, 8; pop rbx; pop rbp; ret
> 0x0047d0f1 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0047d105 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00407519 : mov rsi, [r14]; mov rdi, [r12]; call r13
> 0x00498668 : mov r8, [rax]; add rax, 8; mov [rbx], r8; pop rbx; ret
> 0x004705f7 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x0042bdf4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00496463 : mov rdx, [r13]; mov esi, 1; mov edi, 1; call rax
> 0x00444728 : mov rdx, [r14]; mov rsi, r13; call [rbx + 8]
> 0x0043c4a2 : mov rdi, [rax]; mov [rsp + 8], rax; call rbx
> 0x004705f8 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x00496464 : mov edx, [rbp]; mov esi, 1; mov edi, 1; call rax
> 0x0043c4a3 : mov edi, [rax]; mov [rsp + 8], rax; call rbx
> 0x00431646 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0046cd43 : mov rax, [r12 + 0x10]; add rax, [rbx]; call rax
> 0x0046c693 : mov rax, [r14 + 0x10]; add rax, [r15]; call rax
> 0x0046cc11 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x004407a4 : mov rdi, [rax + 0x18]; mov [rbp - 0x68], rax; call rcx
> 0x0045e79b : mov eax, [rdx + 0x48]; cmp eax, [rdx + 0x4c]; cmovne eax, ecx; ret
> 0x0046c694 : mov eax, [rsi + 0x10]; add rax, [r15]; call rax
> 0x00419654 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x004407a5 : mov edi, [rax + 0x18]; mov [rbp - 0x68], rax; call rcx
> 0x0043e245 : mov rax, [rbx]; mov [rip + 0x289f71], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0043e246 : mov eax, [rbx]; mov [rip + 0x289f71], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00435f44 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00435e53 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0044e66b : mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x00471349 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00409eae : mov rbp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0040a6d0 : mov r15, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x0044e66c : mov edx, [rbp + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x0047134a : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00409eaf : mov ebp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x004977d4 : mov rsi, [r14 + 8]; mov rdx, [r15]; mov rdi, rbx; call rbp
> 0x0049690d : mov rdi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x00472872 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0040227c : mov eax, [rbp + 8]; sub eax, [rbx + 8]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0049690e : mov edi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x0043c8ea : mov rsi, [rax]; mov rdi, [rbp - 0x40]; mov r15d, r14d; mov rax, [rbp - 0x48]; call rax
> 0x0043c8eb : mov esi, [rax]; mov rdi, [rbp - 0x40]; mov r15d, r14d; mov rax, [rbp - 0x48]; call rax
> 0x00411323 : mov rax, [rdx + 0x868]; mov [rip + 0x2b847f], rax; add rsp, 8; mov rax, rdx; pop rbx; pop rbp; ret
> 0x0040c65c : mov rax, [rbp + 0xd8]; mov rdx, r14; mov rsi, r12; mov rdi, rbp; call [rax + 0x78]
> 0x0045f141 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00452bc9 : mov rcx, [rbx + 0x10]; mov [rcx + rdx*8], rax; add rsp, 8; mov eax, ebp; pop rbx; pop rbp; ret
> 0x00471345 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0044e667 : mov rsi, [r13 + 0x18]; mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x0045f142 : mov ecx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00452bca : mov ecx, [rbx + 0x10]; mov [rcx + rdx*8], rax; add rsp, 8; mov eax, ebp; pop rbx; pop rbp; ret
> 0x00471346 : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0044e668 : mov esi, [rbp + 0x18]; mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x00442a9c : movsx r9, [rax + 0xa]; movsx eax, [rax + 0xb]; mov [rdx + 0x50], ecx; mov [rdx + 0x54], eax; ret
> 0x0047286e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046ddf4 : mov r15, [rax]; mov rbx, rax; mov [rip + 0x25c81f], r13; mov rdi, rbp; mov [rax], 0; call r12
> 0x0049695a : mov rdx, [rbp]; mov rdi, [rsp + 8]; lea r15, [r12 + rcx*8]; mov rsi, [r15]; call r14
> 0x0044748e : mov rdi, [r13 + 0x18]; mov r8, r12; mov rcx, rbp; mov rdx, [r14]; mov rsi, rbx; call [r13 + 8]
> 0x004431be : mov rdi, [r14 + 0x18]; mov r8, r15; mov rcx, rbp; mov rdx, [r12]; mov rsi, rbx; call [r14 + 8]
> 0x00442d76 : mov rdi, [r15 + 0x18]; mov r8, r12; mov rcx, rbx; mov rdx, [r13]; mov rsi, rbp; call [r15 + 8]
> 0x004431bf : mov edi, [rsi + 0x18]; mov r8, r15; mov rcx, rbp; mov rdx, [r12]; mov rsi, rbx; call [r14 + 8]
> 0x0044748f : mov edi, [rbp + 0x18]; mov r8, r12; mov rcx, rbp; mov rdx, [r14]; mov rsi, rbx; call [r13 + 8]
> 0x00445579 : mov rcx, [r14]; mov [rsp], rax; mov rsi, [rsp + 0x18]; mov rdi, [rsp + 0x68]; call [r13]
> 0x0047286a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0045f139 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0045f13a : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret

© 2014 - 2019 - Powered by ROPEME | Contact