ROPSHELL 
ropshell> use 5b897f909e3492631c41c92499895ba9 (download)
name         : auth.cgi (x86_64/RAW)
base address : 0x0
total gadgets: 8184

ropshell> suggest "load mem"
> 0x0006470a : mov eax, [rcx]; ret
> 0x00091dc6 : mov edi, [rdx]; ret
> 0x00017150 : mov rax, [rdi + 0x68]; ret
> 0x00017151 : mov eax, [rdi + 0x68]; ret
> 0x0002e7b3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0003126b : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00016e0d : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00030850 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0003997e : mov rsi, [rbx]; call r12
> 0x000395f8 : mov rdi, [rbx]; call rbp
> 0x000307f1 : mov edx, [rsi]; mov [rdi], dx; ret
> 0x0003997f : mov esi, [rbx]; call r12
> 0x000395f9 : mov edi, [rbx]; call rbp
> 0x0002ce58 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x0002eb8f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0001423b : movzx r8, [rax]; add rsp, 8; pop rbx; pop rbp; ret
> 0x000572c7 : mov eax, [rdx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00076280 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00077223 : mov rsi, [r13]; mov rdi, rbx; call r14
> 0x00076281 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00077224 : mov esi, [rbp]; mov rdi, rbx; call r14
> 0x000705c8 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0007063c : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0003ae1f : mov rdx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x000705bc : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x000705c9 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x00053acb : movzx eax, [rsi + rax]; jmp [rdi + rax*8]
> 0x00030bc1 : mov edx, [rax + rax]; nop [rax]; mov eax, ecx; ret
> 0x0007063d : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0003ae20 : mov edx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x000705bd : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00039a13 : mov rsi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00039a14 : mov esi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x0007842f : mov rdi, [r13 + 0x10]; add rdi, rbx; call r12
> 0x00078430 : mov edi, [rbp + 0x10]; add rdi, rbx; call r12
> 0x0006dca1 : mov rcx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x00030860 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret
> 0x00076103 : mov rsi, [r14]; mov rax, [rsp + 0x10]; call rax
> 0x0006dca2 : mov ecx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x0003a5c5 : mov rax, [rbx]; mov [rip + 0x6ba99], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0006d001 : mov rdx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x00077220 : mov rdx, [r15]; mov rsi, [r13]; mov rdi, rbx; call r14
> 0x0003a5c6 : mov eax, [rbx]; mov [rip + 0x6ba99], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0006d002 : mov edx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x00030994 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x000308a3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0006857d : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0006857e : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00070d42 : mov rax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x000751f5 : mov rdx, [rbx]; mov r8, r15; mov rcx, rbx; mov edi, 1; call rax
> 0x000396fb : mov rdx, [r11]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x00070d43 : mov eax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x000396fc : mov edx, [rbx]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x0003aeaf : mov rax, [rdx + rax]; mov [rip + 0x7137e], rax; lea rax, [rip + 0x7136f]; ret
> 0x000136c1 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0004a4c2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0003aeb0 : mov eax, [rdx + rax]; mov [rip + 0x7137e], rax; lea rax, [rip + 0x7136f]; ret
> 0x000136c2 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x00008e77 : mov rdi, [r15]; mov rdx, [rsp]; mov rax, [rsp + 8]; call rax
> 0x00056e46 : mov rax, [r12 + 0x18]; mov esi, ebp; mov rdi, rbx; pop rbx; pop rbp; pop r12; jmp rax
> 0x00055598 : mov rsi, [rax + 0x18]; movsxd rdx, r12d; mov rdi, rbx; call [r14 + 0x38]
> 0x00055599 : mov esi, [rax + 0x18]; movsxd rdx, r12d; mov rdi, rbx; call [r14 + 0x38]
> 0x00075346 : mov rdx, [rbp]; mov r9, r15; mov r8, rbx; mov rcx, rbp; mov edi, 1; call r14
> 0x0007614d : mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x00075841 : mov rdx, [r13]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x00075842 : mov edx, [rbp]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x00015e6c : movzx esi, [r12]; lea r15, [r12 + 1]; mov rdi, r14; call [rbx + 0x18]
> 0x0004cbec : mov rax, [r15 + 0x38]; mov r11, r8; mov rdx, r12; mov rsi, r11; mov rdi, rbx; call rax
> 0x00068579 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0001134f : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x0006857a : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0005c9f5 : mov rdi, [r12]; push 1; push 0; lea rcx, [rax + 1]; lea r9, [rsp + 0x28]; call rbx
> 0x0004a4be : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0007614a : mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0007614b : mov esi, [rcx]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x00056ade : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00010cd1 : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x00010cd2 : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x0004a4ba : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0004a4bb : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00068271 : mov ecx, [rdx]; add rdx, 8; mov [rax + 0x328], rdx; lea rdx, [rdx + rcx*4]; mov [rax + 0x30c], ecx; mov [rax + 0x320], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact