ROPSHELL 
ropshell> use 5a67b4ad4c288dc4904c72d5b69d0a3c (download)
name         : emptyspaces (x86_64/RAW)
base address : 0x0
total gadgets: 9958

ropshell> suggest "load mem"
> 0x00012bc0 : movzx eax, [rdx]; ret
> 0x000a7ba6 : mov edi, [rdx]; ret
> 0x0008e071 : mov rax, [rsi + 0x10]; ret
> 0x00018630 : mov rax, [rdi + 0x68]; ret
> 0x0007e68c : mov eax, [rdx + 4]; ret
> 0x0008e072 : mov eax, [rsi + 0x10]; ret
> 0x00018631 : mov eax, [rdi + 0x68]; ret
> 0x00025bf3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0002bf73 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0002bab3 : movzx edx, [rsi]; sub eax, edx; ret
> 0x000182d4 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00035540 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0008dc9f : mov rdx, [rbp]; call r12
> 0x0008dc54 : mov rsi, [r14]; call r12
> 0x0004a69d : mov rdi, [rbx]; call r12
> 0x0004a6c3 : mov rdi, [rbp]; call r12
> 0x00073cf9 : mov rdi, [r12]; call rbp
> 0x0004b29b : mov rdi, [r13]; call r12
> 0x0008dca0 : mov edx, [rbp]; call r12
> 0x0004a69e : mov edi, [rbx]; call r12
> 0x0004a6c4 : mov edi, [rbp]; call r12
> 0x000004cb : mov ebp, [rbx]; add [rsi - 0x70], ah; ret
> 0x0002a228 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00070f0f : mov eax, [rsi]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0000ea03 : mov rdi, [rax + 0x20]; call rdx
> 0x0000ea04 : mov edi, [rax + 0x20]; call rdx
> 0x00042410 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0008cdd8 : mov rdx, [r12]; mov edi, 1; call rax
> 0x0008eb88 : mov rdx, [r15]; mov rdi, r13; call r14
> 0x00042491 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x0008eb89 : mov edx, [rdi]; mov rdi, r13; call r14
> 0x00084de8 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00084dc8 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00084ddc : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00084de9 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00084dc9 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00084ddd : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00070d2c : mov edx, [rax]; add rsp, 8; mov eax, edx; pop rbx; pop rbp; ret
> 0x0009010f : mov rdi, [r13 + 0x10]; add rdi, rbx; call rbp
> 0x000107f0 : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x000107f1 : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x00090110 : mov edi, [rbp + 0x10]; add rdi, rbx; call rbp
> 0x00086c2e : mov rax, [r12]; add rax, [rdx + 8]; call rax
> 0x000354d4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0004ab40 : mov rsi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0008edaa : mov rsi, [r15]; mov rdi, [rsp + 0x10]; call r14
> 0x0008add8 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; ret
> 0x0004ab41 : mov esi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0008edab : mov esi, [rdi]; mov rdi, [rsp + 0x10]; call r14
> 0x00042536 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0007cba5 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x000424e4 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00071e7b : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x00025bd4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x0004bc45 : mov rax, [rbx]; mov [rip + 0x26e521], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0008cd57 : mov rax, [rdx]; mov [rbx + 0x98], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0004abd8 : mov rsi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x0004bc46 : mov eax, [rbx]; mov [rip + 0x26e521], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0004abd9 : mov esi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x000442b4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x000441c3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00011e0a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00013cf8 : mov rbp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x00011068 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x000112b5 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x00011e0b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00013cf9 : mov ebp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x00016664 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0008eb84 : mov rsi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x00016665 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0008eb85 : mov esi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x0007c78e : mov r15, [rbx]; mov rax, [rbx + 0x10]; add rax, [r14]; call rax
> 0x00011807 : mov rcx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00082673 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00011808 : mov ecx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00016bc1 : movzx esi, [r14]; mov rdi, r12; lea r15, [r14 + 1]; call [rbx + 0x18]
> 0x0005dd0c : mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x000709d1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0004bf35 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x0004bf36 : mov edx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00069226 : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x00050a76 : movsx r9, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret
> 0x0008266f : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0006bccb : movzx ecx, [rdi + rax]; lea rax, [rip + 0x24b24a]; mov rax, [rax + rcx*8]; mov ecx, 1; jmp rax
> 0x00082670 : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0005dd08 : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x00073f59 : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x00069222 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x000709c9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x000709ca : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00050a6f : movsx rcx, [rdx + 0x19]; mov [rax + 0x4c], ecx; movsx ecx, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact