ROPSHELL 
ropshell> use 50135faec9a232afe60f0628a2ba925d (download)
name         : etms (x86_64/ELF)
base address : 0x404ff0
total gadgets: 6941

ropshell> suggest "load mem"
> 0x004a9110 : mov rax, [rdi]; ret
> 0x004a1e56 : mov eax, [rdi]; ret
> 0x004bb2f1 : mov rax, [rdx + 0x18]; ret
> 0x004b4fa1 : mov rax, [rdi + 0x10]; ret
> 0x004bb2f2 : mov eax, [rdx + 0x18]; ret
> 0x004a6129 : mov eax, [rdi + 0x10]; ret
> 0x004b4faf : mov eax, [rbx + 0xc]; pop rbx; ret
> 0x004caaf5 : mov rdi, [rbx]; call rax
> 0x004b758f : mov r12, [rdi]; call rbp
> 0x004b5e7e : mov eax, [rbx]; pop rbx; pop rbp; pop r12; ret
> 0x004caaf6 : mov edi, [rbx]; call rax
> 0x004a6333 : mov rsi, [rdi + 0xd8]; jmp rax
> 0x004a6334 : mov esi, [rdi + 0xd8]; jmp rax
> 0x004c1ca2 : mov rax, [rbx]; inc [rax + 4]; pop rbx; ret
> 0x004b75cb : mov rax, [rdx]; mov [rax + 8], rdx; ret
> 0x004b75b2 : mov rax, [rsi]; mov [rax + 8], rsi; ret
> 0x004b773d : mov rcx, [rax]; mov [rcx + 8], rdx; ret
> 0x004d5036 : mov rdx, [rax]; mov [rdx + 8], 0; ret
> 0x004b75fb : mov rdx, [rsi]; mov [rdx + 8], rax; ret
> 0x004b75cc : mov eax, [rdx]; mov [rax + 8], rdx; ret
> 0x004b75b3 : mov eax, [rsi]; mov [rax + 8], rsi; ret
> 0x004b773e : mov ecx, [rax]; mov [rcx + 8], rdx; ret
> 0x004bb2f6 : mov ecx, [rdi]; mov eax, esi; shr eax, cl; ret
> 0x004d5037 : mov edx, [rax]; mov [rdx + 8], 0; ret
> 0x004b75fc : mov edx, [rsi]; mov [rdx + 8], rax; ret
> 0x004aa33e : mov rax, [rbx + 0x1a0]; pop rbx; pop rbp; pop r12; ret
> 0x004be2c0 : mov rdi, [rbx + 0x10]; call rax
> 0x004aec12 : mov rdi, [rcx + 0x10]; call rax
> 0x004aed4b : mov rdi, [rsi + 0x10]; call rax
> 0x004aecd3 : mov rdi, [rbp + 0x10]; call rax
> 0x004a4f24 : mov edx, [rax + 4]; call r9
> 0x004c0cc1 : mov edx, [rdi + 4]; mov [rsi], edx; ret
> 0x004be2c1 : mov edi, [rbx + 0x10]; call rax
> 0x004aec13 : mov edi, [rcx + 0x10]; call rax
> 0x004aed4c : mov edi, [rsi + 0x10]; call rax
> 0x004aecd4 : mov edi, [rbp + 0x10]; call rax
> 0x004b608c : mov rax, [rsi + 8]; mov [rdi + 0x60], rax; ret
> 0x004be17d : mov rsi, [rcx + 0x10]; add rsp, 0x28; jmp rax
> 0x004bee10 : mov eax, [rsi + 4]; mov [rdi + 8], eax; ret
> 0x004be17e : mov esi, [rcx + 0x10]; add rsp, 0x28; jmp rax
> 0x004b11f9 : mov rcx, [rax + 0x60]; call [rax + 0x58]
> 0x004a6303 : mov rcx, [rbx + 0xc8]; mov rdi, rbx; call rax
> 0x004c2241 : mov rsi, [rax + 0x18]; call [rax + 0x10]
> 0x004aa4fa : mov rsi, [rbx + 0xd0]; mov rdi, rbx; pop rbx; jmp rax
> 0x004d38f6 : mov rsi, [rbp + 0x20]; call [rbp + 0x18]
> 0x004bbfb6 : mov rsi, [r12 + 0x10]; mov rdi, r13; call r14
> 0x004ae673 : mov rdi, [rdx + 0x38]; call [rdx + 0x20]
> 0x004b11fa : mov ecx, [rax + 0x60]; call [rax + 0x58]
> 0x004a6304 : mov ecx, [rbx + 0xc8]; mov rdi, rbx; call rax
> 0x004c2242 : mov esi, [rax + 0x18]; call [rax + 0x10]
> 0x004aa4fb : mov esi, [rbx + 0xd0]; mov rdi, rbx; pop rbx; jmp rax
> 0x004d38f7 : mov esi, [rbp + 0x20]; call [rbp + 0x18]
> 0x004ae674 : mov edi, [rdx + 0x38]; call [rdx + 0x20]
> 0x004bb497 : mov rdi, [rax + 0x18]; mov [rsp], rax; call r15
> 0x004b15c9 : mov eax, [r12 + 0xc8]; mov [rbp], eax; pop rbx; pop rbp; pop r12; ret
> 0x004bb498 : mov edi, [rax + 0x18]; mov [rsp], rax; call r15
> 0x004caf8f : mov rdx, [rcx + 0x28]; mov esi, ebp; mov rdi, rbx; call rax
> 0x004ae79a : mov rdi, [r13 + 0x10]; mov rsi, r12; call [rbx]
> 0x004ae930 : mov rdi, [r14 + 0x10]; mov rdx, [rsp + 0x30]; call rbp
> 0x004caf90 : mov edx, [rcx + 0x28]; mov esi, ebp; mov rdi, rbx; call rax
> 0x004c0c6a : mov rdx, [rdi + 8]; mov [rdx + rax], 0; mov eax, [rdi + 4]; ret
> 0x00484bab : mov rcx, [rdx]; mov rdx, [rbp - 0x28]; mov rsi, rbx; mov rdi, rcx; call rax
> 0x00484bac : mov ecx, [rdx]; mov rdx, [rbp - 0x28]; mov rsi, rbx; mov rdi, rcx; call rax
> 0x00442599 : mov rcx, [rdx + 0x28]; mov rdx, rsi; mov esi, ebx; mov rdi, rcx; call rax
> 0x004b1a3c : mov rdx, [r13 + 0x60]; mov rsi, [rbp + 0xd0]; mov rdi, rbp; call rax
> 0x004a4f1e : mov r8, [rbx + 0x30]; xor esi, esi; mov edx, [rax + 4]; call r9
> 0x004a5685 : mov r8, [rbp + 0x30]; xor ecx, ecx; mov edx, r14d; call [rbp + 0x28]
> 0x004a5686 : mov eax, [rbp + 0x30]; xor ecx, ecx; mov edx, r14d; call [rbp + 0x28]
> 0x0044259a : mov ecx, [rdx + 0x28]; mov rdx, rsi; mov esi, ebx; mov rdi, rcx; call rax
> 0x004b1a3d : mov edx, [rbp + 0x60]; mov rsi, [rbp + 0xd0]; mov rdi, rbp; call rax
> 0x00464fd8 : mov rdx, [rax + 0x38]; mov rax, [rbp - 0x48]; mov esi, ecx; mov rdi, rdx; call rax
> 0x0044e365 : mov rbx, [rdx]; mov rcx, [rbp - 0x88]; mov edx, 0; mov rsi, rbx; mov rdi, rcx; call rax
> 0x0044e366 : mov ebx, [rdx]; mov rcx, [rbp - 0x88]; mov edx, 0; mov rsi, rbx; mov rdi, rcx; call rax
> 0x0044391e : mov rbx, [rdx + 0x1a0]; mov ecx, 0; mov edx, 0; mov esi, 0; mov rdi, rbx; call rax
> 0x004afbcd : mov rdx, [rbx + 0x170]; mov rsi, [rbx + 0x148]; mov edi, [rbx + 0x18]; call rax
> 0x004ae7ff : mov rsi, [rdx + 0x18]; mov rdi, [rdx + 0x10]; mov rdx, [rsp + 8]; call r15
> 0x004ae92c : mov rsi, [r14 + 0x18]; mov rdi, [r14 + 0x10]; mov rdx, [rsp + 0x30]; call rbp
> 0x0044391f : mov ebx, [rdx + 0x1a0]; mov ecx, 0; mov edx, 0; mov esi, 0; mov rdi, rbx; call rax
> 0x004afbce : mov edx, [rbx + 0x170]; mov rsi, [rbx + 0x148]; mov edi, [rbx + 0x18]; call rax
> 0x004ae800 : mov esi, [rdx + 0x18]; mov rdi, [rdx + 0x10]; mov rdx, [rsp + 8]; call r15
> 0x004be172 : mov rdx, [rsi + 0xa8]; mov rdi, [rdi + 8]; mov rsi, [rcx + 0x10]; add rsp, 0x28; jmp rax
> 0x004be173 : mov edx, [rsi + 0xa8]; mov rdi, [rdi + 8]; mov rsi, [rcx + 0x10]; add rsp, 0x28; jmp rax
> 0x004bba9d : mov rcx, [rdi + 8]; mov si, [rdi + 2]; mov [rcx + rdx*2], si; mov [rdi + 6], ax; ret
> 0x00469731 : mov rdx, [rbp + 0x20]; mov esi, [rbp - 0xec]; mov rbx, [rbp - 0xe8]; mov r8, rdi; mov rdi, rbx; call rax
> 0x004c427c : mov rdx, [r10 + 0x90]; mov [rsp + 4], r9d; mov rsi, rsp; mov edi, [rdi + 0x1c]; call rax
> 0x00490eb5 : mov ebx, [rcx + 0x100]; mov rdi, [rbp - 0x30]; lea rcx, [rbp - 0x90]; mov r8, rdi; mov edi, ebx; call rax
> 0x004bb277 : mov ecx, [rdi + 4]; and eax, [rdi + 8]; and ecx, edx; inc edx; or eax, ecx; mov [rdi + 0xc], edx; ret
> 0x004aea05 : mov rax, [rcx]; mov [rdi + 0x10], esi; inc [rdi + 0x14]; mov [rdi + 8], rax; mov rax, [rax + 0x18]; ret
> 0x004aea06 : mov eax, [rcx]; mov [rdi + 0x10], esi; inc [rdi + 0x14]; mov [rdi + 8], rax; mov rax, [rax + 0x18]; ret
> 0x004c3c08 : mov rcx, [rsi + 0x80]; mov rdx, [rdi + 0x28]; lea rsi, [rdi + 0x198]; mov edi, [rdi + 0x1c]; call rax
> 0x004c3c09 : mov ecx, [rsi + 0x80]; mov rdx, [rdi + 0x28]; lea rsi, [rdi + 0x198]; mov edi, [rdi + 0x1c]; call rax
> 0x004b8299 : mov ebx, [rax + 2]; add [rax], al; lea rdx, [rsp + 0x110]; lea rsi, [rbx + 0x118]; mov rdi, rbx; call rbp
> 0x00490bc8 : mov rbx, [rcx + 0xe8]; lea r9, [rbp - 0x90]; mov ecx, [rbp - 0x6c]; mov rdi, [rbp - 0x58]; mov [rsp], rdi; mov rdi, rbx; call rax

© 2014 - 2019 - Powered by ROPEME | Contact