ROPSHELL 
ropshell> use 5a67b4ad4c288dc4904c72d5b69d0a3c (download)
name         : emptyspaces (x86_64/ELF)
base address : 0x4004d0
total gadgets: 8704

ropshell> suggest "load mem"
> 0x00412bc0 : movzx eax, [rdx]; ret
> 0x0048e071 : mov rax, [rsi + 0x10]; ret
> 0x00418630 : mov rax, [rdi + 0x68]; ret
> 0x0047e68c : mov eax, [rdx + 4]; ret
> 0x0048e072 : mov eax, [rsi + 0x10]; ret
> 0x00418631 : mov eax, [rdi + 0x68]; ret
> 0x00425bf3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0042bf73 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0042bab3 : movzx edx, [rsi]; sub eax, edx; ret
> 0x004182d4 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00435540 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0048dc9f : mov rdx, [rbp]; call r12
> 0x0048dc54 : mov rsi, [r14]; call r12
> 0x0044a69d : mov rdi, [rbx]; call r12
> 0x0044a6c3 : mov rdi, [rbp]; call r12
> 0x00473cf9 : mov rdi, [r12]; call rbp
> 0x0044b29b : mov rdi, [r13]; call r12
> 0x0048dca0 : mov edx, [rbp]; call r12
> 0x0044a69e : mov edi, [rbx]; call r12
> 0x0044a6c4 : mov edi, [rbp]; call r12
> 0x0042a228 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00470f0f : mov eax, [rsi]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0040ea03 : mov rdi, [rax + 0x20]; call rdx
> 0x0040ea04 : mov edi, [rax + 0x20]; call rdx
> 0x00442410 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0048cdd8 : mov rdx, [r12]; mov edi, 1; call rax
> 0x0048eb88 : mov rdx, [r15]; mov rdi, r13; call r14
> 0x00442491 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x0048eb89 : mov edx, [rdi]; mov rdi, r13; call r14
> 0x00484de8 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00484dc8 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00484ddc : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00484de9 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00484dc9 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00484ddd : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00470d2c : mov edx, [rax]; add rsp, 8; mov eax, edx; pop rbx; pop rbp; ret
> 0x004107f0 : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x004107f1 : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x00486c2e : mov rax, [r12]; add rax, [rdx + 8]; call rax
> 0x004354d4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0044ab40 : mov rsi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0048edaa : mov rsi, [r15]; mov rdi, [rsp + 0x10]; call r14
> 0x0048add8 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; ret
> 0x0044ab41 : mov esi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0048edab : mov esi, [rdi]; mov rdi, [rsp + 0x10]; call r14
> 0x00442536 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0047cba5 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x004424e4 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00471e7b : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x00425bd4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x0044bc45 : mov rax, [rbx]; mov [rip + 0x26e521], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0048cd57 : mov rax, [rdx]; mov [rbx + 0x98], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0044abd8 : mov rsi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x0044bc46 : mov eax, [rbx]; mov [rip + 0x26e521], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0044abd9 : mov esi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x004442b4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x004441c3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00411e0a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00413cf8 : mov rbp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x00411068 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x004112b5 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x00411e0b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00413cf9 : mov ebp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x00416664 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0048eb84 : mov rsi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x00416665 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0048eb85 : mov esi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x0047c78e : mov r15, [rbx]; mov rax, [rbx + 0x10]; add rax, [r14]; call rax
> 0x00411807 : mov rcx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00482673 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00411808 : mov ecx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00416bc1 : movzx esi, [r14]; mov rdi, r12; lea r15, [r14 + 1]; call [rbx + 0x18]
> 0x0045dd0c : mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x004709d1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0044bf35 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x0044bf36 : mov edx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00469226 : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x00450a76 : movsx r9, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret
> 0x0048266f : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0046bccb : movzx ecx, [rdi + rax]; lea rax, [rip + 0x24b24a]; mov rax, [rax + rcx*8]; mov ecx, 1; jmp rax
> 0x00482670 : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0045dd08 : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x00473f59 : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x00469222 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x004709c9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x004709ca : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00450a6f : movsx rcx, [rdx + 0x19]; mov [rax + 0x4c], ecx; movsx ecx, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact