Free Online ROP Gadgets Search

ropshell> use 4f096d96285e06cd51aef7d2d3de04da (download)
name         : msvcp100.dll (x86_64/PE)
base address : 0x79631000
total gadgets: 5666

ropshell> suggest "load mem"
> 0x7963853c : mov rax, [rcx]; ret
> 0x7963853d : mov eax, [rcx]; ret
> 0x7963bd10 : movzx eax, [rdx]; ret
> 0x79666d80 : mov rax, [rcx + 0x10]; ret
> 0x7963a7b4 : mov eax, [rcx + 0x10]; ret
> 0x7963cc74 : mov rdx, [rcx]; sub rax, rdx; ret
> 0x7963bdc7 : mov edx, [rax]; movsxd rax, edx; ret
> 0x7963cc75 : mov edx, [rcx]; sub rax, rdx; ret
> 0x7963b9bf : mov rax, [rdx]; movzx eax, [rax]; ret
> 0x79631790 : mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x796373bf : mov rdi, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x79631791 : mov esi, [rbx + 0x20]; mov rsp, r11; pop rdi; ret
> 0x796373c0 : mov edi, [rbx + 0x20]; mov rsp, r11; pop rbp; ret
> 0x79641ab7 : mov rcx, [rax]; lea rax, [rcx + rdx*2]; ret
> 0x79641ab8 : mov ecx, [rax]; lea rax, [rcx + rdx*2]; ret
> 0x79633a69 : mov ebp, [rdi]; add al, 0; int3 ; add rsp, 0x48; ret
> 0x79631c4f : mov rax, [rbp + 0x1d0]; call [rax + 8]
> 0x796342aa : mov rbx, [rcx + 0x18]; call [r8 + 0x40]
> 0x79642c37 : movsxd rcx, [rax + 4]; add rcx, rbx; call rdx
> 0x796336fa : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x79646893 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x7964dc18 : movzx eax, [rdi + 0xa]; call [rax + 0x10]
> 0x79631c50 : mov eax, [rbp + 0x1d0]; call [rax + 8]
> 0x796342ab : mov ebx, [rcx + 0x18]; call [r8 + 0x40]
> 0x796330dc : mov edx, [rcx + 0x10]; call [rax + 0x38]
> 0x796336fb : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x7965aef4 : mov rax, [rbx]; mov rcx, rbx; call [rax + 0x10]
> 0x7966cb6b : mov rax, [rsi]; mov rcx, rsi; call [rax + 0x10]
> 0x796595e9 : mov rax, [rdi]; mov rcx, rdi; call [rax + 0x10]
> 0x79641bcc : mov rax, [rbp]; mov rcx, rbp; call [rax + 0x38]
> 0x7963b178 : mov rax, [r8]; mov rcx, r8; call [rax + 0x30]
> 0x7963c8d2 : mov rax, [r9]; mov rcx, r9; call [rax + 0x18]
> 0x7965ba1f : mov rax, [r12]; mov rcx, r12; call [rax + 0x10]
> 0x79660696 : mov rax, [r14]; mov rcx, r14; call [rax + 0x10]
> 0x79659e1d : mov rax, [r15]; mov rcx, r15; call [rax + 0x10]
> 0x79632659 : mov r8, [rcx]; mov edx, 1; call [r8 + 8]
> 0x79632773 : mov r9, [rax]; mov rcx, rax; call [r9 + 8]
> 0x796323b8 : mov r11, [rbx]; mov rcx, rbx; call [r11 + 0x18]
> 0x7963292b : mov r11, [rdi]; mov rcx, rdi; call [r11 + 0x18]
> 0x79656a1f : mov r11, [r13]; mov rcx, r13; call [r11 + 8]
> 0x7966dfc1 : mov r11, [r14]; mov rcx, r14; call [r11 + 8]
> 0x7965aef5 : mov eax, [rbx]; mov rcx, rbx; call [rax + 0x10]
> 0x79660697 : mov eax, [rsi]; mov rcx, r14; call [rax + 0x10]
> 0x79659e1e : mov eax, [rdi]; mov rcx, r15; call [rax + 0x10]
> 0x79641bcd : mov eax, [rbp]; mov rcx, rbp; call [rax + 0x38]
> 0x7966dfc2 : mov ebx, [rsi]; mov rcx, r14; call [r11 + 8]
> 0x7963292c : mov ebx, [rdi]; mov rcx, rdi; call [r11 + 0x18]
> 0x79656a20 : mov ebx, [rbp]; mov rcx, r13; call [r11 + 8]
> 0x7963fd50 : movzx edx, [rbp]; mov rcx, rsi; call [rax + 0x18]
> 0x79641e44 : movzx edx, [r12]; mov rcx, rbp; call [rax + 0x18]
> 0x7963aef0 : mov rax, [rdx + 0x40]; mov [rcx + 0x40], rax; mov rax, rcx; ret
> 0x7963aef1 : mov eax, [rdx + 0x40]; mov [rcx + 0x40], rax; mov rax, rcx; ret
> 0x796675b3 : mov rbx, [r11 + 0x18]; mov rdi, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x79635c69 : mov rdx, [rbx + 0x1b0]; mov rcx, rax; call [r9 + 8]
> 0x7964015a : mov rdx, [rcx + 0x40]; mov rax, [rdx]; dec rax; mov [rdx], rax; ret
> 0x79632b87 : mov rdx, [rdi + 0x78]; mov rcx, rbx; call [r11 + 0x40]
> 0x7964d630 : movzx eax, [rbx + 0xa]; mov rcx, rsi; call [rax + 0x10]
> 0x79635c6a : mov edx, [rbx + 0x1b0]; mov rcx, rax; call [r9 + 8]
> 0x79633843 : mov edx, [rsi + 8]; mov rcx, rbp; call [rax + 0x20]
> 0x79632b88 : mov edx, [rdi + 0x78]; mov rcx, rbx; call [r11 + 0x40]
> 0x7963cbe0 : mov rax, [r13]; mov rdx, r15; mov rcx, r13; call [rax + 8]
> 0x79632e61 : mov r8, [rbx]; mov rdx, rax; mov rcx, rbx; call [r8 + 0x10]
> 0x79635848 : mov r8, [rdi]; mov rdx, r14; mov rcx, rdi; call [r8 + 8]
> 0x79635855 : mov r8, [r12]; mov rdx, r13; mov rcx, r12; call [r8 + 8]
> 0x7963cc24 : mov r8, [r13]; mov rdx, r12; mov rcx, r13; call [r8 + 0x20]
> 0x79638ed5 : mov r10, [rcx]; mov [rsp + 0x20], rax; call [r10 + 0x30]
> 0x7963ac8d : mov rcx, [r9 + 0x40]; mov [r9 + 0x40], rax; mov [rdx + 0x40], rcx; ret
> 0x79642da0 : movsxd rdx, [rax + 4]; lea rax, [rip + 0x3d2c5]; mov [rdx + rcx - 0x18], rax; ret
> 0x7963692f : mov rax, [rbx + 0x110]; lea rcx, [rbx + 0x110]; call [rax + 0x28]
> 0x79635dd5 : mov rax, [rdi + 0x110]; lea rcx, [rdi + 0x110]; call [rax + 0x28]
> 0x7963c863 : mov rcx, [rbx + 0x18]; mov rdx, rdi; mov rax, [rcx]; call [rax + 0x20]
> 0x796353cf : mov rcx, [rdi + 0xa8]; mov rax, [rcx]; mov rdx, rsi; call [rax + 8]
> 0x7965bf76 : movzx ebx, [rdi + 0xa]; mov rax, [r12]; mov rcx, r12; call [rax + 8]
> 0x7963c864 : mov ecx, [rbx + 0x18]; mov rdx, rdi; mov rax, [rcx]; call [rax + 0x20]
> 0x796353d0 : mov ecx, [rdi + 0xa8]; mov rax, [rcx]; mov rdx, rsi; call [rax + 8]
> 0x79641ab0 : movsxd rdx, [rax]; mov rax, [rcx + 0x40]; mov rcx, [rax]; lea rax, [rcx + rdx*2]; ret
> 0x79635acd : mov edx, [rbp + 8]; lea r8, [rdi + 0x110]; mov rcx, r12; call [rax + 0x20]
> 0x79676f0e : mov rcx, [rbp]; call [rip + 0x8178]; mov rbx, rax; call [rip + 0x84af]; mov [rbp], rax; call rbx
> 0x79676f0f : mov ecx, [rbp]; call [rip + 0x8178]; mov rbx, rax; call [rip + 0x84af]; mov [rbp], rax; call rbx
> 0x7963c9ad : mov rbx, [rdi + 0x10]; mov rax, [r13]; mov r9, r15; mov r8, r14; mov rdx, rbx; mov rcx, r13; call [rax]
> 0x7963d5ff : mov rdx, [rsi + 0x30]; mov rcx, [rbx + 0x30]; mov rdx, [rdx + rdi*8]; mov rcx, [rcx + rdi*8]; call r14
> 0x79668bbe : mov ecx, [rax + 4]; mov [rsp + 0x30], ecx; call [rip + 0x168f5]; mov [rsp + 0x34], eax; mov rax, [rsp + 0x30]; add rsp, 0x28; ret
> 0x7964d780 : mov rcx, [rbp + 0x67]; mov [rsp + 0x20], rcx; lea r9, [rbp - 0x39]; lea r8, [rbp - 0x29]; lea rdx, [rbp - 0x11]; mov rcx, r10; call [rax + 0x38]
> 0x7964d781 : mov ecx, [rbp + 0x67]; mov [rsp + 0x20], rcx; lea r9, [rbp - 0x39]; lea r8, [rbp - 0x29]; lea rdx, [rbp - 0x11]; mov rcx, r10; call [rax + 0x38]
> 0x79648961 : mov r10, [r12]; mov [rsp + 0x28], ecx; mov [rsp + 0x20], al; lea r8, [rsp + 0x50]; lea rdx, [rsp + 0x60]; mov rcx, r12; call [r10 + 0x38]