ROPSHELL 
ropshell> use 4c2d2746bb12863c464ebafac7e93bd5 (download)
name         : paycalc (x86_64/RAW)
base address : 0x0
total gadgets: 10019

ropshell> suggest "load mem"
> 0x0006e7ab : mov eax, [rdx]; ret
> 0x000b4846 : mov edi, [rdx]; ret
> 0x0005f632 : mov eax, [rsi]; pop rbx; ret
> 0x0000f9b0 : mov rax, [rdi + 0x68]; ret
> 0x0000f9b1 : mov eax, [rdi + 0x68]; ret
> 0x00096d6b : mov rax, [rdx]; add rsp, 8; ret
> 0x00096db0 : mov rax, [rsi]; add rsp, 8; ret
> 0x00019673 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x000254d3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0001cf53 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0000f680 : mov rcx, [rdi]; mov [rdx], rcx; ret
> 0x0002be60 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000969bb : mov rsi, [rbp]; call r14
> 0x00096967 : mov rsi, [r15]; call r14
> 0x0003dbe7 : mov rdi, [rbx]; call r12
> 0x0003dbd8 : mov rdi, [rbp]; call r12
> 0x0000751c : mov rdi, [r12]; call r13
> 0x0007d48b : mov rdi, [r13]; call r12
> 0x0003c066 : mov rdi, [r14]; call rbx
> 0x0003c0a7 : mov rdi, [r15]; call rbx
> 0x0000f681 : mov ecx, [rdi]; mov [rdx], rcx; ret
> 0x0005f4c8 : mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x00096968 : mov esi, [rdi]; call r14
> 0x000969bc : mov esi, [rbp]; call r14
> 0x0003dbe8 : mov edi, [rbx]; call r12
> 0x0003c067 : mov edi, [rsi]; call rbx
> 0x0003dbd9 : mov edi, [rbp]; call r12
> 0x0001979f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00040ad9 : mov rdi, [rbx + 0x18]; call rax
> 0x00040ada : mov edi, [rbx + 0x18]; call rax
> 0x00031520 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00095e98 : mov rdx, [r12]; mov edi, 1; call rax
> 0x000977d8 : mov rdx, [r15]; mov rdi, rbx; call rbp
> 0x0003c838 : mov rsi, [rbx]; mov rdi, r12; call rbp
> 0x0002fd36 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x000977d9 : mov edx, [rdi]; mov rdi, rbx; call rbp
> 0x0003c839 : mov esi, [rbx]; mov rdi, r12; call rbp
> 0x0007d110 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0007d0f0 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0007d104 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0007d111 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0003a0d1 : mov eax, [rcx + 4]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0003a0d0 : mov eax, [r9 + 4]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00095e35 : mov ebx, [rax + 0x48000000]; add esp, 8; pop rbx; pop rbp; ret
> 0x0007d0f1 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0007d105 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00007519 : mov rsi, [r14]; mov rdi, [r12]; call r13
> 0x00098668 : mov r8, [rax]; add rax, 8; mov [rbx], r8; pop rbx; ret
> 0x000705f7 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x0002bdf4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00096463 : mov rdx, [r13]; mov esi, 1; mov edi, 1; call rax
> 0x00044728 : mov rdx, [r14]; mov rsi, r13; call [rbx + 8]
> 0x0003c4a2 : mov rdi, [rax]; mov [rsp + 8], rax; call rbx
> 0x000705f8 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x00096464 : mov edx, [rbp]; mov esi, 1; mov edi, 1; call rax
> 0x0003c4a3 : mov edi, [rax]; mov [rsp + 8], rax; call rbx
> 0x00031646 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0006cd43 : mov rax, [r12 + 0x10]; add rax, [rbx]; call rax
> 0x0006c693 : mov rax, [r14 + 0x10]; add rax, [r15]; call rax
> 0x0006cc11 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x000407a4 : mov rdi, [rax + 0x18]; mov [rbp - 0x68], rax; call rcx
> 0x0005e79b : mov eax, [rdx + 0x48]; cmp eax, [rdx + 0x4c]; cmovne eax, ecx; ret
> 0x0006c694 : mov eax, [rsi + 0x10]; add rax, [r15]; call rax
> 0x00019654 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x000407a5 : mov edi, [rax + 0x18]; mov [rbp - 0x68], rax; call rcx
> 0x0003e245 : mov rax, [rbx]; mov [rip + 0x289f71], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0003e246 : mov eax, [rbx]; mov [rip + 0x289f71], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00035f44 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00035e53 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0004e66b : mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x00071349 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00009eae : mov rbp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0000a6d0 : mov r15, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x0004e66c : mov edx, [rbp + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x0007134a : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00009eaf : mov ebp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x000977d4 : mov rsi, [r14 + 8]; mov rdx, [r15]; mov rdi, rbx; call rbp
> 0x0009690d : mov rdi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x00072872 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0000227c : mov eax, [rbp + 8]; sub eax, [rbx + 8]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0009690e : mov edi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x0003c8ea : mov rsi, [rax]; mov rdi, [rbp - 0x40]; mov r15d, r14d; mov rax, [rbp - 0x48]; call rax
> 0x0003c8eb : mov esi, [rax]; mov rdi, [rbp - 0x40]; mov r15d, r14d; mov rax, [rbp - 0x48]; call rax
> 0x00011323 : mov rax, [rdx + 0x868]; mov [rip + 0x2b847f], rax; add rsp, 8; mov rax, rdx; pop rbx; pop rbp; ret
> 0x0000c65c : mov rax, [rbp + 0xd8]; mov rdx, r14; mov rsi, r12; mov rdi, rbp; call [rax + 0x78]
> 0x0005f141 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00052bc9 : mov rcx, [rbx + 0x10]; mov [rcx + rdx*8], rax; add rsp, 8; mov eax, ebp; pop rbx; pop rbp; ret
> 0x00071345 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0004e667 : mov rsi, [r13 + 0x18]; mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x0005f142 : mov ecx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00052bca : mov ecx, [rbx + 0x10]; mov [rcx + rdx*8], rax; add rsp, 8; mov eax, ebp; pop rbx; pop rbp; ret
> 0x00071346 : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0004e668 : mov esi, [rbp + 0x18]; mov rdx, [r13 + 0x20]; sub rdx, rsi; call [rax + 0x38]
> 0x00042a9c : movsx r9, [rax + 0xa]; movsx eax, [rax + 0xb]; mov [rdx + 0x50], ecx; mov [rdx + 0x54], eax; ret
> 0x0007286e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0006ddf4 : mov r15, [rax]; mov rbx, rax; mov [rip + 0x25c81f], r13; mov rdi, rbp; mov [rax], 0; call r12
> 0x0009695a : mov rdx, [rbp]; mov rdi, [rsp + 8]; lea r15, [r12 + rcx*8]; mov rsi, [r15]; call r14
> 0x0004748e : mov rdi, [r13 + 0x18]; mov r8, r12; mov rcx, rbp; mov rdx, [r14]; mov rsi, rbx; call [r13 + 8]
> 0x000431be : mov rdi, [r14 + 0x18]; mov r8, r15; mov rcx, rbp; mov rdx, [r12]; mov rsi, rbx; call [r14 + 8]
> 0x00042d76 : mov rdi, [r15 + 0x18]; mov r8, r12; mov rcx, rbx; mov rdx, [r13]; mov rsi, rbp; call [r15 + 8]
> 0x000431bf : mov edi, [rsi + 0x18]; mov r8, r15; mov rcx, rbp; mov rdx, [r12]; mov rsi, rbx; call [r14 + 8]
> 0x0004748f : mov edi, [rbp + 0x18]; mov r8, r12; mov rcx, rbp; mov rdx, [r14]; mov rsi, rbx; call [r13 + 8]
> 0x00045579 : mov rcx, [r14]; mov [rsp], rax; mov rsi, [rsp + 0x18]; mov rdi, [rsp + 0x68]; call [r13]
> 0x0007286a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0005f139 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0005f13a : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret

© 2014 - 2019 - Powered by ROPEME | Contact