ROPSHELL 
ropshell> use 57ac5701b83e83c59df7e83362f69bcb (download)
name         : cygwin1.dll (x86_64/PE)
base address : 0x180041000
total gadgets: 12614

ropshell> suggest "load mem"
> 0x1800d87f0 : movzx eax, [rcx]; ret
> 0x180213860 : mov rax, [rcx + 0x128]; ret
> 0x180077b80 : movsxd rax, [rdx + 0x18]; ret
> 0x180213861 : mov eax, [rcx + 0x128]; ret
> 0x1800a0dd0 : movzx eax, [rdx + 0x18]; ret
> 0x1800b6441 : mov eax, [rdx]; add rsp, 0x48; ret
> 0x1800aa226 : mov rcx, [rax]; call r10
> 0x1801d4c9d : mov rcx, [r12]; call rbx
> 0x1800b789b : mov rdx, [rax]; call r15
> 0x18005f431 : mov rdx, [rbx]; call rax
> 0x180080f87 : mov rdx, [r12]; call rax
> 0x1800aa227 : mov ecx, [rax]; call r10
> 0x1800b789c : mov edx, [rax]; call r15
> 0x18005f432 : mov edx, [rbx]; call rax
> 0x1800b98d1 : mov rax, [rcx]; jmp [rax + 0x38]
> 0x1801e1a35 : mov rax, [rbp + 8]; call rax
> 0x18017915f : mov rcx, [rax + 0x30]; call rsi
> 0x18017e673 : mov rdx, [rax + 0x60]; call rsi
> 0x1801e1a36 : mov eax, [rbp + 8]; call rax
> 0x180179160 : mov ecx, [rax + 0x30]; call rsi
> 0x18017e674 : mov edx, [rax + 0x60]; call rsi
> 0x1801b516a : movzx edx, [rcx + 0xc]; mov [rax - 0x2884], dx; ret
> 0x1801233d7 : mov rax, [rsi]; call [rax + 0x50]
> 0x1801539d5 : mov rax, [r12]; call [rax + 0x18]
> 0x1800f28e1 : mov rax, [r13]; call [rax + 0x20]
> 0x1801233d8 : mov eax, [rsi]; call [rax + 0x50]
> 0x1800f28e2 : mov eax, [rbp]; call [rax + 0x20]
> 0x1801b6965 : mov edx, [rcx]; xor eax, eax; test edx, edx; sete al; ret
> 0x1800d2fe1 : mov eax, [r9 + 0xc]; sub eax, [r9 + 0x14]; ret
> 0x180153b11 : mov rcx, [rsi + 8]; call [rsi]
> 0x1801ace33 : mov rdx, [rbx + 0x38]; mov rcx, r12; call rax
> 0x1801b16f2 : mov rdx, [r12 + 0x38]; mov rcx, r13; call rax
> 0x1800b7878 : mov r15, [rax + 0x338]; call [rax + 0x50]
> 0x180153b12 : mov ecx, [rsi + 8]; call [rsi]
> 0x1801ace34 : mov edx, [rbx + 0x38]; mov rcx, r12; call rax
> 0x1800b7879 : mov edi, [rax + 0x338]; call [rax + 0x50]
> 0x180069151 : movzx ebp, [rbx + rdx]; call [rax + 0x58]
> 0x1800f6748 : mov rax, [rbx]; mov rcx, rbx; call [rax + 0x10]
> 0x180042638 : mov rax, [rdx]; mov rcx, rdx; call [rax + 0x20]
> 0x1800de33e : mov rax, [rbp]; mov rcx, rbp; call [rax + 0x20]
> 0x18009d3a0 : mov rax, [r10]; mov rcx, r10; call [rax + 0x20]
> 0x180108c34 : mov rax, [r14]; mov rcx, r14; call [rax + 0x20]
> 0x1800dbb0e : mov rax, [r15]; mov rcx, r15; call [rax + 0x20]
> 0x1801f6e98 : mov rcx, [rbx]; add rdx, r9; sub r8d, r9d; call rax
> 0x180195550 : mov rcx, [rdx]; movq [rax + 8], xmm0; mov [rax], rcx; ret
> 0x1801e1a31 : mov rdx, [rbp]; mov rax, [rbp + 8]; call rax
> 0x1800f6749 : mov eax, [rbx]; mov rcx, rbx; call [rax + 0x10]
> 0x1800dbb0f : mov eax, [rdi]; mov rcx, r15; call [rax + 0x20]
> 0x1801f6e99 : mov ecx, [rbx]; add rdx, r9; sub r8d, r9d; call rax
> 0x180195551 : mov ecx, [rdx]; movq [rax + 8], xmm0; mov [rax], rcx; ret
> 0x1801e1a32 : mov edx, [rbp]; mov rax, [rbp + 8]; call rax
> 0x18018a341 : mov rax, [r10 + 0x10]; add rax, r8; pop rbx; pop rsi; pop rdi; pop rbp; ret
> 0x180204bb5 : mov rcx, [rbp + 0x230]; mov rax, [rbp - 0x28]; call rax
> 0x180080f84 : mov eax, [rbx + 0x10]; mov rdx, [r12]; call rax
> 0x180204bb6 : mov ecx, [rbp + 0x230]; mov rax, [rbp - 0x28]; call rax
> 0x18006c772 : mov edx, [r8 + 0x28]; mov [rax + 0x50], edx; xor eax, eax; ret
> 0x1800c7153 : mov rax, [r8]; mov [rcx + 0x1d0], rax; xor eax, eax; add rsp, 0x48; ret
> 0x18006915b : mov rbx, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x180123f4d : mov rsi, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x180069749 : mov rdi, [rax]; mov rax, [r12]; call [rax + 0x58]
> 0x1801233d4 : mov r12, [rax]; mov rax, [rsi]; call [rax + 0x50]
> 0x180069115 : mov r13, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x18006915c : mov ebx, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x180123f4e : mov esi, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x18006974a : mov edi, [rax]; mov rax, [r12]; call [rax + 0x58]
> 0x180069116 : mov ebp, [rax]; mov rax, [r12]; call [rax + 0x50]
> 0x180167968 : mov rdx, [rcx + 8]; mov [rcx], r8; mov [rdx + rax - 1], 0; ret
> 0x1800fa6c4 : mov r9, [rcx + 0x20]; mov [rdx], r8; mov [rdx + 8], r9; ret
> 0x1801efa95 : mov ebx, [rsi + 0xc]; add [rcx], al; ror [rax + 0x63], cl; ret
> 0x180155975 : mov rdx, [rcx]; mov [rsp + 0x3c], eax; call [rdx + 8]
> 0x1800daf3d : mov rax, [r8 + 8]; mov [rcx + 0x20], rax; mov [rcx + 0x10], 0; ret
> 0x1801be36e : movsxd r9, [rbx + 0x20]; mov [rbx], r8; call [rbx + 0x40]
> 0x180110754 : mov eax, [r8]; and eax, 7; mov [r9 + 8], eax; xor eax, eax; add rsp, 0x48; ret
> 0x1801d0f72 : mov r8, [rbp + 0x15c0]; movsxd r9, eax; mov [rsp + 0x20], rdi; call rbx
> 0x1800712c4 : mov eax, [r8 + 0xa4]; movsxd rax, [r10 + rax*4]; add rax, r10; jmp rax
> 0x180144df8 : mov rdx, [r8]; mov [rsp + 0x4c], eax; mov rcx, r8; call [rdx + 0x20]
> 0x1800b9082 : mov rdx, [r13]; mov [rsp + 0x4c], eax; mov rcx, r13; call [rdx + 0x20]
> 0x1800fa6d0 : mov r8, [rcx]; mov r9, [rcx + 8]; mov [rdx], r8; mov [rdx + 8], r9; ret
> 0x1800b7885 : mov r8, [rax]; mov rax, [r14]; mov [rsp + 0x30], r8; call [rax + 0x48]
> 0x1801f5bb8 : mov rax, [r12 + 8]; lea rdx, [rsp + 0x2c]; mov rcx, r12; call [rax + 0x40]
> 0x1800a9fc4 : mov rcx, [r12 + 0x18]; xor r9d, r9d; lea r8, [rsp + 0x8c]; mov rdx, r15; call r10
> 0x18005f425 : mov r8, [rbx + 8]; lea rcx, [rdx + rcx + 0x4700]; mov rdx, [rbx]; call rax
> 0x1800fa6c0 : mov r8, [rcx + 0x18]; mov r9, [rcx + 0x20]; mov [rdx], r8; mov [rdx + 8], r9; ret
> 0x180212725 : mov esi, [rdx + 0x10]; add [rax], al; mov [rip + 0x545e8], 0; mov [rip + 0x545ed], 0; ret
> 0x18010d8fa : mov rcx, [rdx + 0x80]; mov rdx, [rdx + 0x88]; add [rax + 0x80], rcx; add [rax + 0x88], rdx; ret
> 0x1801096cd : mov rdx, [r8 + 0x18]; mov [rcx + 0x28], rax; mov [rcx + 0x30], rdx; movups xmm[rcx + 0x18], xmm0; ret
> 0x18010d8fb : mov ecx, [rdx + 0x80]; mov rdx, [rdx + 0x88]; add [rax + 0x80], rcx; add [rax + 0x88], rdx; ret
> 0x180075630 : mov eax, [rsi + 0xa0]; lea rdx, [rip + 0x20988b]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x18007323d : movzx edx, [rsi + rdx]; lea rcx, [rip + 0x20b948]; movsxd rdx, [rcx + rdx*4]; add rdx, rcx; jmp rdx
> 0x18007323c : movzx edx, [r14 + rdx]; lea rcx, [rip + 0x20b948]; movsxd rdx, [rcx + rdx*4]; add rdx, rcx; jmp rdx
> 0x1800c76f4 : mov r8, [rax + 0x38]; mov [rcx + 0x38], r8; mov [rdx + 0x38], rcx; mov [rax + 0x38], rdx; add rsp, 0x28; ret
> 0x1801b93c9 : movsxd r8, [rdx + 8]; lea rax, [rax + r8*8]; mov rcx, [rax]; mov [rdx], rcx; mov [rax], rdx; ret
> 0x1800adccb : mov rcx, [rbx + 0x18]; xor r9d, r9d; lea r8, [rsp + 0x7c]; mov rdx, r15; mov [rsp + 0x20], 0; call r14
> 0x1802042cb : mov rdx, [rbp + 0x18]; mov r8, r13; mov rcx, [rbp + 0x230]; movsxd r9, eax; mov [rsp + 0x20], rdi; call rbx
> 0x1800adccc : mov ecx, [rbx + 0x18]; xor r9d, r9d; lea r8, [rsp + 0x7c]; mov rdx, r15; mov [rsp + 0x20], 0; call r14
> 0x1802042cc : mov edx, [rbp + 0x18]; mov r8, r13; mov rcx, [rbp + 0x230]; movsxd r9, eax; mov [rsp + 0x20], rdi; call rbx
> 0x1802042c7 : mov rdi, [rbp + 0x20]; mov rdx, [rbp + 0x18]; mov r8, r13; mov rcx, [rbp + 0x230]; movsxd r9, eax; mov [rsp + 0x20], rdi; call rbx
> 0x1802042c8 : mov edi, [rbp + 0x20]; mov rdx, [rbp + 0x18]; mov r8, r13; mov rcx, [rbp + 0x230]; movsxd r9, eax; mov [rsp + 0x20], rdi; call rbx

© 2014 - 2019 - Powered by ROPEME | Contact