ROPSHELL 
ropshell> use 56b034b9ab67b78d8cf316af38dc5177 (download)
name         : VBoxDD.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 24103

ropshell> suggest "load mem"
> 0x1800fbaae : mov rax, [rcx]; ret
> 0x1800fbaaf : mov eax, [rcx]; ret
> 0x180101810 : mov rax, [rcx + 0x58]; ret
> 0x18012804d : mov eax, [rcx + 0x10]; ret
> 0x180127eca : mov eax, [rdx + 0x10]; ret
> 0x18005c541 : movzx eax, [r8 + 0x25]; ret
> 0x18005c553 : movzx ecx, [rax + 0x27]; or eax, ecx; ret
> 0x18005c552 : movzx ecx, [r8 + 0x27]; or eax, ecx; ret
> 0x1800c0873 : mov rax, [rsi + 0xb8]; call rax
> 0x180030d61 : mov rax, [rdi + 0xb0]; call rax
> 0x18007b5df : mov rcx, [rbx + 0x278]; call rdx
> 0x180077611 : mov rcx, [rdi + 0x18]; call rax
> 0x1800d50ba : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18002e869 : mov rdi, [r11 + 0x28]; mov rsp, r11; pop r12; ret
> 0x1800e3c71 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop rsi; ret
> 0x1800986fe : mov r12, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x1800c0874 : mov eax, [rsi + 0xb8]; call rax
> 0x180030d62 : mov eax, [rdi + 0xb0]; call rax
> 0x18007b5e0 : mov ecx, [rbx + 0x278]; call rdx
> 0x180077612 : mov ecx, [rdi + 0x18]; call rax
> 0x1800478fd : mov edx, [rbx + 0x69c]; call rax
> 0x18001c8ac : movzx edx, [rcx + 2]; mov [r9], edx; ret
> 0x1800d50bb : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18002e86a : mov edi, [rbx + 0x28]; mov rsp, r11; pop r12; ret
> 0x1800e3c72 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop rsi; ret
> 0x180074230 : mov rax, [rdx]; mov [r8], rax; xor eax, eax; ret
> 0x1801109d9 : mov rax, [rdi]; call [rax + 0x40]
> 0x1800321ef : mov rax, [r8]; call [rax + 0x10]
> 0x180098b9b : mov rcx, [rbp]; call [rbp + 8]
> 0x180094b78 : mov rdx, [rcx]; call [rdx + 0x10]
> 0x180074231 : mov eax, [rdx]; mov [r8], rax; xor eax, eax; ret
> 0x1801109da : mov eax, [rdi]; call [rax + 0x40]
> 0x1800cccf6 : mov ecx, [rax]; mov [rax], ecx; xor eax, eax; ret
> 0x180098b9c : mov ecx, [rbp]; call [rbp + 8]
> 0x1800cccf5 : mov ecx, [r8]; mov [rax], ecx; xor eax, eax; ret
> 0x180094b79 : mov edx, [rcx]; call [rdx + 0x10]
> 0x1800eb5ea : mov rax, [r8 + 0x1ca0]; movzx eax, [rcx + rax]; ret
> 0x18004695b : mov rcx, [rax + 0x18]; mov [rcx + 0x6a4], r8d; ret
> 0x180129cf4 : mov eax, [rbx + 0xc]; mov rbx, [rsp + 8]; ret
> 0x180129cf3 : mov eax, [r11 + 0xc]; mov rbx, [rsp + 8]; ret
> 0x18010d5d1 : movzx ecx, [rdx + 2]; shr r8d, cl; mov eax, r8d; ret
> 0x18010fb17 : mov ebp, [rax + 0x33000000]; jmp [rsi - 0x39]
> 0x1800e1a42 : mov eax, [r8]; mov [r10 + 0x82c], eax; xor eax, eax; ret
> 0x18003268b : mov rax, [rbx + 0x140]; call [rax + 0x20]
> 0x1800e4020 : mov rax, [rdx + 0x48]; mov [r8], rax; xor eax, eax; ret
> 0x1800d5e82 : mov rax, [r12 + 0x10]; call [rax + 0x48]
> 0x180078e08 : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r14; pop r13; pop r12; ret
> 0x1800bbe54 : mov rcx, [rdx + 0x10]; call [rdx + 8]
> 0x180011849 : mov rcx, [rsi + 0x40]; mov rdx, rsi; call rax
> 0x18000fa13 : mov rcx, [r10 + 0x40]; call [r10 + 0x70]
> 0x1800b6184 : mov rcx, [r12 + 0x30]; mov rdx, r12; call rax
> 0x1800a3827 : mov rdx, [rcx + 0x20]; call [rdx + 0x58]
> 0x18000b998 : mov rsi, [rcx + 0x18]; call [rax + 0x20]
> 0x18005e898 : movzx eax, [r9 + 2]; cmp r11, rax; setae al; add rsp, 8; ret
> 0x18007dce0 : mov eax, [r10 + 0x10ce4]; mov [r9], eax; xor eax, eax; ret
> 0x18001184a : mov ecx, [rsi + 0x40]; mov rdx, rsi; call rax
> 0x1800cd293 : mov ecx, [r10 + 0x1c]; mov [r9], ecx; add rsp, 0x38; ret
> 0x18000b999 : mov esi, [rcx + 0x18]; call [rax + 0x20]
> 0x1800d036c : mov rax, [rbx]; mov rcx, rax; call [rax + 8]
> 0x180031ef7 : mov rax, [rsi]; mov rcx, rbp; call [rax + 0x10]
> 0x18011369d : mov rax, [r9]; mov rcx, r9; call [rax + 8]
> 0x180112125 : mov rax, [ecx]; xor edx, edx; call [rax + 0x20]
> 0x1800ce44d : mov rdx, [rbx]; mov rcx, rax; call [rax + 0x20]
> 0x1800d4a9c : mov rdx, [rdi]; mov rcx, r11; call [r11 + 0x20]
> 0x180098400 : mov rdx, [r14]; mov rcx, r14; call [rdx + 0x68]
> 0x18009815c : mov r11, [rdi]; mov rcx, rdi; call [r11 + 0x60]
> 0x1800d036d : mov eax, [rbx]; mov rcx, rax; call [rax + 8]
> 0x180031ef8 : mov eax, [rsi]; mov rcx, rbp; call [rax + 0x10]
> 0x18001b9d5 : mov eax, [r10]; mov [r9], eax; xor eax, eax; add rsp, 0x28; ret
> 0x18009815d : mov ebx, [rdi]; mov rcx, rdi; call [r11 + 0x60]
> 0x1800ce44e : mov edx, [rbx]; mov rcx, rax; call [rax + 0x20]
> 0x180098401 : mov edx, [rsi]; mov rcx, r14; call [rdx + 0x68]
> 0x1800d4a9d : mov edx, [rdi]; mov rcx, r11; call [r11 + 0x20]
> 0x180065e94 : mov rdx, [rax + 0x10]; mov rcx, rdx; jmp [rdx + 8]
> 0x180065e95 : mov edx, [rax + 0x10]; mov rcx, rdx; jmp [rdx + 8]
> 0x18007b5e1 : mov edi, [rax + 2]; add [rax], al; call rdx
> 0x1800917f1 : mov rcx, [rdi]; mov rax, [rcx]; call [rax + 0x60]
> 0x1800917f2 : mov ecx, [rdi]; mov rax, [rcx]; call [rax + 0x60]
> 0x1800584b2 : mov rax, [rbp + 0x140]; mov rcx, rbp; call [rax + 0x18]
> 0x180027057 : mov rax, [r9 + 0x10]; mov rcx, rax; call [rax + 8]
> 0x18006367d : mov rax, [r13 + 0x40]; mov rcx, rax; call [rax + 0x10]
> 0x1800d176d : mov rax, [r14 + 0x20]; mov rcx, rax; call [rax + 0x38]
> 0x18006ed74 : mov rax, [r15 + 0x40]; mov rcx, rax; call [rax]
> 0x1800057ed : mov rcx, [r9 + 0x60]; call [rip + 0x12e6c1]; xor eax, eax; add rsp, 0x28; ret
> 0x18005f022 : mov rcx, [r11 + 0x1c0]; call [rip + 0xd4739]; xor eax, eax; add rsp, 0x28; ret
> 0x180034b30 : mov rdx, [rbx + 0x1240]; mov rcx, rdi; call [rax + 0x18]
> 0x1800a67ab : mov rdx, [rsi + 0x18]; mov rcx, rax; call [rax]
> 0x18003ab89 : mov rdx, [rdi + 0x11f0]; mov rcx, rbx; call [rax + 0x18]
> 0x180106087 : mov rdx, [r12 + 0x60]; mov rcx, rax; call [rax + 0x60]
> 0x180107e46 : mov rdx, [r13 + 0x288]; mov rcx, rax; call [rax + 0x40]
> 0x1800ce699 : mov r8, [rax + 0x20]; mov rcx, r8; call [r8 + 0x20]
> 0x18011b0ae : mov r8, [rbx + 0xd8]; mov rdx, rbx; mov rcx, rdi; call rax
> 0x1800e438a : mov r8, [rsi + 0x28]; mov rcx, r8; call [r8 + 0x30]
> 0x18001e198 : mov r8, [rdi + 0x133e8]; mov rcx, rbx; call [rbx]
> 0x1800a928e : mov r9, [rax + 0x48]; mov rcx, r9; call [r9 + 0x18]
> 0x180024f31 : mov r10, [r15 + 8]; mov rcx, r10; call [r10]
> 0x180005cdf : mov r11, [rbx + 0x178]; mov rcx, r11; call [r11 + 0x10]
> 0x1800206be : mov r11, [rsi + 0x228]; mov rcx, r11; call [r11 + 0x18]
> 0x1800a087c : mov r11, [rdi + 0x150]; mov rcx, r11; call [r11 + 0x10]
> 0x1800584b3 : mov eax, [rbp + 0x140]; mov rcx, rbp; call [rax + 0x18]
> 0x1800d49e3 : movzx ebx, [rcx + 0x4a]; mov rcx, rax; call [rax + 0x20]
> 0x1800206bf : mov ebx, [rsi + 0x228]; mov rcx, r11; call [r11 + 0x18]
> 0x1800a087d : mov ebx, [rdi + 0x150]; mov rcx, r11; call [r11 + 0x10]
> 0x1800d9cac : mov ebx, [rbp + 0x20]; mov rcx, rax; call [rax + 0x20]
> 0x1800d49e2 : movzx ebx, [r9 + 0x4a]; mov rcx, rax; call [rax + 0x20]
> 0x1800a67ac : mov edx, [rsi + 0x18]; mov rcx, rax; call [rax]
> 0x18003ab8a : mov edx, [rdi + 0x11f0]; mov rcx, rbx; call [rax + 0x18]
> 0x18007a92b : mov edx, [rbp + 0x13514]; mov rcx, rax; call [rax + 0x78]
> 0x18007a92a : mov edx, [r13 + 0x13514]; mov rcx, rax; call [rax + 0x78]
> 0x1800d64e1 : mov edi, [rsi + rax]; mov rcx, rax; call [rax]
> 0x1800553be : movsxd rax, [rbp]; movzx r9d, [rax + r12 - 0x11]; call [rdi]
> 0x180031ba7 : mov rdx, [rsi]; movzx r8d, bp; mov rcx, rbx; call [rax + 0x10]
> 0x1800f5c86 : mov rdx, [rbp]; movzx r8d, si; mov rcx, rdi; call [rax + 0x10]
> 0x180053cf8 : mov rdx, [r12]; movzx r8d, di; mov rcx, rbx; call [rax + 0x10]
> 0x18002f6cf : mov rdx, [r13]; movzx r8d, r15w; mov rcx, rdi; call [rax + 0x10]
> 0x180013540 : mov rdx, [r15]; mov r8, rdi; mov rcx, rbx; call [rax + 0x30]
> 0x1801136d7 : mov r8, [rcx]; lea edx, [rbx + 1]; call [r8 + 0x40]
> 0x18010f851 : mov r9, [rcx]; mov rdx, rax; mov rsi, rax; call [r9 + 0x30]
> 0x18004be74 : mov eax, [r9]; mov [rdx + r8 + 0x2618], eax; xor eax, eax; add rsp, 0x28; ret
> 0x18002f6d0 : mov edx, [rbp]; movzx r8d, r15w; mov rcx, rdi; call [rax + 0x10]
> 0x1801321f2 : mov rcx, [rbp + 0x18]; dec [rbp + 0x34]; call [rbp + 0x28]
> 0x180096484 : mov rcx, [r14 + 0x38a0]; mov rax, [rcx]; call [rax + 0x10]
> 0x1800945bb : mov eax, [r14 + 0x74]; mov rax, [rcx]; call [rax + 0x70]
> 0x1801321f3 : mov ecx, [rbp + 0x18]; dec [rbp + 0x34]; call [rbp + 0x28]
> 0x18012c5f2 : mov rcx, [rax]; mov [rdx], rcx; mov rcx, r8; call [r8 + 0x10]
> 0x18000de25 : mov rdx, [rbp + 0x148]; mov rcx, rbp; mov esi, eax; call [rdx + 0x28]
> 0x180040799 : mov r10, [rcx + 0x10]; mov [rsp + 0x20], eax; call [r10 + 0x6c8]; add rsp, 0x38; ret
> 0x180098d83 : movzx edx, [r11 + 0x44]; mov [rsp + 0x20], eax; call [r10 + 0x40]
> 0x180094eff : mov rax, [r10]; lea rdx, [rsp + 0x78]; mov rcx, r10; call [rax + 0x68]
> 0x1800e3089 : mov rax, [r13]; lea rdx, [rip + 0x6ec7c]; mov rcx, rax; call [rax]
> 0x18011c570 : mov rbx, [r8]; lea rdx, [rip + 0x68126]; mov rcx, rdi; call [rdi]
> 0x1800d49df : mov rdx, [r9]; movzx ebx, [r9 + 0x4a]; mov rcx, rax; call [rax + 0x20]
> 0x1800c1664 : mov r8, [rbx]; lea rdx, [rip + 0xab43a]; mov rcx, rdi; call [rdi]
> 0x180088a11 : mov eax, [rbp]; lea rcx, [rsp + 0x58]; mov r9d, ebx; mov edx, r12d; call rax
> 0x18011c571 : mov ebx, [rax]; lea rdx, [rip + 0x68126]; mov rcx, rdi; call [rdi]
> 0x18000f8a8 : movzx ebx, [rcx]; mov rax, [rcx + 0x148]; mov edx, 0xa40; call [rax + 0x20]
> 0x18000f8a7 : movzx ebx, [r9]; mov rax, [rcx + 0x148]; mov edx, 0xa40; call [rax + 0x20]
> 0x1800d4a98 : mov r11, [rbp + 0x78]; mov rdx, [rdi]; mov rcx, r11; call [r11 + 0x20]
> 0x1800d46b9 : movzx ebx, [rdx + 0x4a]; mov rdx, [rdx]; mov rcx, rax; call [rax + 0x20]
> 0x1800945b7 : mov rcx, [r13]; mov eax, [r14 + 0x74]; mov rax, [rcx]; call [rax + 0x70]
> 0x1800f96e1 : mov ebp, [rbx]; or [rax], al; mov r8, r13; mov rcx, rbx; call [rbx]
> 0x1800c7f99 : mov rax, [r10 + 0x10]; mov r9d, 1; xor edx, edx; mov rcx, r10; call [rax + 0x6e8]; add rsp, 0x28; ret
> 0x1800f9be6 : mov rax, [ebx + 0x30]; lea rdx, [rsp + 0x30]; mov rcx, rax; call [rax + 0x10]
> 0x18012df96 : mov rbx, [rcx + 0xb0]; mov rcx, rbx; mov rax, [rbx + 0x48]; call [rax + 0x58]
> 0x1800dbf20 : mov rbx, [r13 + 0x140]; lea rdx, [rip + 0x5ccca]; mov rcx, rdi; call [rdi]
> 0x18000d3ae : mov rcx, [r13 + 0x40]; mov r8, rsi; mov rax, [rcx + 0x10]; call [rax + 0x30]
> 0x1800d5fcb : mov rdi, [rbp + 0x98]; lea rdx, [rip + 0x9aef7]; mov r8, rdi; call [rsi]
> 0x1800d6144 : mov r13, [rbp + 0x98]; lea rdx, [rip + 0x9acb6]; mov r8d, r13d; call [rsi]
> 0x180129ced : mov ecx, [r11 + 0x18]; mov [rbx], ecx; mov eax, [r11 + 0xc]; mov rbx, [rsp + 8]; ret
> 0x1800d5fcc : mov edi, [rbp + 0x98]; lea rdx, [rip + 0x9aef7]; mov r8, rdi; call [rsi]
> 0x18008a5f0 : mov r8, [r13]; lea rdx, [rip + 0xd62dd]; mov r9d, r12d; mov rcx, r14; call [r14]
> 0x1800a7375 : mov r9, [rdi]; lea rdx, [rsp + 0x60]; mov r8, rax; mov rcx, r9; call [r9]
> 0x1800a7883 : mov r9, [r12]; lea rdx, [rsp + 0xa0]; mov rcx, r9; mov r8, rax; call [r9]
> 0x1800a76d9 : mov r9, [r13]; lea rdx, [rsp + 0x70]; mov rcx, r9; mov r8, rax; call [r9]
> 0x18000d791 : mov ecx, [rbx]; lea rdx, [rip + 0x12b07e]; mov r8d, edi; mov rcx, rsi; call [rsi]
> 0x18001e0b1 : movzx ecx, [rsi]; lea rdx, [rip + 0x11d4e5]; mov r8d, edi; mov rcx, rbx; call [rbx]
> 0x1800972d4 : mov rsi, [rbp + 0x60]; mov rcx, [rsp + 0x40]; mov rax, [rcx]; call [rax + 0x70]
> 0x1800a1f2b : mov rdi, [rsi + 0x18]; mov rcx, rsi; call [rax + 0x818]; mov rcx, rbp; call [rbp + 0x28]
> 0x1800cec80 : mov r9, [rsi + 0x20]; mov rdx, [rdi]; mov rcx, r9; mov r8d, eax; call [r9 + 0x60]
> 0x1800972d5 : mov esi, [rbp + 0x60]; mov rcx, [rsp + 0x40]; mov rax, [rcx]; call [rax + 0x70]
> 0x18007d99b : mov rdi, [rdx + 0x100]; mov rsi, rdx; mov rbx, rcx; mov dl, 1; mov rcx, rax; call [rax + 0x20]
> 0x1800d5e8a : mov r8, [r12 + 0x10]; mov rdx, [rbp + 0x1a0]; mov rcx, r12; mov rbx, rax; call [r8 + 0x20]
> 0x1800dbc5f : mov r8, [r13 + 0x10]; mov rdx, [rsi + 0x3458]; mov rcx, r13; mov rbx, rax; call [r8 + 0x20]
> 0x1800e0b6a : mov r15, [rbx + 0x80]; xor r9d, r9d; mov rcx, r15; mov [rsp + 0x20], 2; call [r15 + 0x18]
> 0x18007d99c : mov edi, [rdx + 0x100]; mov rsi, rdx; mov rbx, rcx; mov dl, 1; mov rcx, rax; call [rax + 0x20]
> 0x18010f25a : mov r10, [rcx]; mov r11d, r9d; mov r9, r8; mov r8d, r11d; mov [rsp + 0x20], eax; call [r10 + 0x58]
> 0x1800cecae : mov r9, [rdi + 0x50]; mov r8, [rdi + 0x48]; mov rdx, [rdi]; mov rcx, rax; call [rax + 0x48]
> 0x180068ef6 : mov rax, [r11 + 0x30]; mov [r11 - 0x20], rax; mov rax, [rsp + 0x70]; mov [r11 - 0x28], rax; call [r10 + 0x40]
> 0x1800c16e9 : mov ebp, [rsi + 0x340]; lea rdx, [rip + 0xab36a]; shr r14d, 4; mov rcx, rdi; mov r8d, r14d; call [rdi]
> 0x1800f95a3 : mov r8, [rdi]; lea rdx, [rip + 0x82cb3]; mov r9d, [r13 + rax*4 + 0xc0]; mov rcx, rbp; call [rbp]
> 0x18007cf7e : mov r9, [rsi]; lea r8, [rbp - 0x20]; lea rdx, [rbp - 0x30]; mov rcx, rax; mov [rsp + 0x20], r14b; call [rax + 0x68]
> 0x1800bb0cb : mov eax, [r14]; mov [rdi + 6], eax; movzx eax, [r14 + 4]; mov [rdi + 0xa], ax; call [rbp + 0x58]
> 0x1801199d4 : mov rcx, [rdx]; mov [rcx + 8], rax; mov rcx, [rdx + 8]; mov rax, [rdx]; mov [rcx], rax; mov [rdx + 8], 0; ret
> 0x1801199d5 : mov ecx, [rdx]; mov [rcx + 8], rax; mov rcx, [rdx + 8]; mov rax, [rdx]; mov [rcx], rax; mov [rdx + 8], 0; ret
> 0x18001e18a : mov rdi, [rcx + 0x18]; mov rbx, rdx; lea rdx, [rip + 0x11d5b0]; mov r8, [rdi + 0x133e8]; mov rcx, rbx; call [rbx]
> 0x18001de84 : mov rbp, [rcx + 0x18]; mov rbx, rdx; lea rdx, [rip + 0x11d69e]; movzx r8d, [rbp + 0x224]; mov rcx, rbx; call [rbx]
> 0x18008c994 : mov r9, [rcx + 0x18]; mov r8d, [rcx + 0x10]; mov rax, rdx; lea rdx, [rip + 0xd408a]; mov rcx, rax; call [rax]
> 0x18007ffb5 : mov r11, [r12 + 0x228]; lea rdx, [rip + 0xd937c]; mov r8d, [r11 + 0x88]; mov rcx, rbx; mov r9d, r8d; call [rbx]
> 0x1800e045c : mov r14, [r13 + 0x18]; lea r8, [rbp - 0x49]; mov rcx, rbx; mov [rbp - 0x49], 0; mov r12d, r9d; mov rdi, rdx; call [rbx + 0x28]
> 0x1800bb560 : movzx eax, [r13 + 0x79]; mov [rcx + 0xa], ax; mov eax, 8; mov [rcx + 0xc], ax; mov rcx, r13; call [r13 + 0x58]
> 0x18001e18b : mov edi, [rcx + 0x18]; mov rbx, rdx; lea rdx, [rip + 0x11d5b0]; mov r8, [rdi + 0x133e8]; mov rcx, rbx; call [rbx]
> 0x18001de85 : mov ebp, [rcx + 0x18]; mov rbx, rdx; lea rdx, [rip + 0x11d69e]; movzx r8d, [rbp + 0x224]; mov rcx, rbx; call [rbx]
> 0x1800f968b : mov ebx, [rbp]; lea rdx, [rip + 0x82c33]; mov r9d, [rdi + r11*4 + 0xc0]; mov r8d, esi; mov rcx, rbx; call [rbx]
> 0x18011a73c : mov rbx, [rdi + 0xc90]; lea rcx, [rbx + 0x10]; call [rip + 0x1975b]; xor r8d, r8d; xor edx, edx; mov rcx, rsi; call [rbx + 0x78]
> 0x18009d101 : mov r10, [rbx + 8]; lea r8, [rip - 0xcc]; mov rcx, r10; mov r9, rsi; movzx edx, r13b; mov [rsp + 0x20], rax; call [r10]
> 0x180106666 : mov rbp, [rdx + 0x70]; mov [rax + 0x20], r12; mov rax, [rdx + 0x58]; mov rdx, [rdx + 0x60]; mov rcx, rax; call [rax + 0x68]
> 0x180106667 : mov ebp, [rdx + 0x70]; mov [rax + 0x20], r12; mov rax, [rdx + 0x58]; mov rdx, [rdx + 0x60]; mov rcx, rax; call [rax + 0x68]
> 0x1800e9d3c : mov r10, [rbp + 0x2570]; lea r8, [rax + 0x20]; lea r9, [rax + 0x30]; mov edx, esi; mov rcx, r10; mov [rsp + 0x20], r12; call [r10]

© 2014 - 2019 - Powered by ROPEME | Contact