ROPSHELL 
ropshell> use 5da5aa94a1a049f03d31b96460690c12 (download)
name         : VBoxC_release.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 23367

ropshell> suggest "load mem"
> 0x18015b510 : mov rax, [rcx + 0x10]; ret
> 0x18015f93a : mov rax, [rdx + 0x160]; ret
> 0x18015abf0 : mov eax, [rcx + 0x10]; ret
> 0x18015f93b : mov eax, [rdx + 0x160]; ret
> 0x180198f3e : mov eax, [rbx]; add rsp, 0x48; ret
> 0x18002efa5 : movzx eax, [rcx]; add eax, 4; ret
> 0x180198f3d : mov eax, [r11]; add rsp, 0x48; ret
> 0x18002b09b : mov rcx, [rsi]; call r13
> 0x18002aa96 : mov rcx, [rbp]; call r12
> 0x18002ab26 : mov rdx, [rbp]; call r12
> 0x18002b09c : mov ecx, [rsi]; call r13
> 0x18002aa97 : mov ecx, [rbp]; call r12
> 0x18002ab27 : mov edx, [rbp]; call r12
> 0x1801a08a8 : movsxd rdx, [rbp + 0x28]; jmp rcx
> 0x1800d2150 : mov rax, [rcx]; jmp [rax + 0x10]
> 0x1801b2930 : mov eax, [r8]; mov [rcx + 4], eax; ret
> 0x18010921c : mov rcx, [rbx + 0x100]; call rax
> 0x180108d4d : mov rcx, [rdi + 0x100]; call rax
> 0x18002188d : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180057f5d : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r12; ret
> 0x1800cf665 : mov r12, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x18010921d : mov ecx, [rbx + 0x100]; call rax
> 0x180108d4e : mov ecx, [rdi + 0x100]; call rax
> 0x18002188e : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180057f5e : mov edi, [rbx + 0x20]; mov rsp, r11; pop r12; ret
> 0x180012eb5 : mov rax, [rbx]; call [rax + 8]
> 0x1800852ef : mov rax, [rdi]; call [rax + 0x68]
> 0x1800a5e35 : mov rax, [ecx]; call [rax + 0x10]
> 0x18002edd1 : mov rcx, [rax]; call [rip + 0x2005ce]; add rsp, 0x28; ret
> 0x18003c674 : mov rdx, [rax]; call [r8 + 0x70]
> 0x18001348b : mov rdx, [rbx]; call [rax + 0x30]
> 0x18001590b : mov rdx, [rcx]; call [rdx + 0x10]
> 0x1800e78c1 : mov r8, [rcx]; call [r8 + 0x58]
> 0x180043909 : mov r10, [rcx]; call [r10]
> 0x1800852f0 : mov eax, [rdi]; call [rax + 0x68]
> 0x180187f62 : mov eax, [r9]; cmovs eax, ecx; mov [r9], eax; ret
> 0x18002edd2 : mov ecx, [rax]; call [rip + 0x2005ce]; add rsp, 0x28; ret
> 0x18003c675 : mov edx, [rax]; call [r8 + 0x70]
> 0x18001348c : mov edx, [rbx]; call [rax + 0x30]
> 0x18004390a : mov edx, [rcx]; call [r10]
> 0x180187ac9 : mov edx, [rcx + 0x1cc10]; mov eax, r10d; add rsp, 8; ret
> 0x18015ca30 : mov rax, [rdx]; mov rcx, rdx; jmp [rax + 0x20]
> 0x18002b098 : mov rdx, [rdi]; mov rcx, [rsi]; call r13
> 0x18015ca31 : mov eax, [rdx]; mov rcx, rdx; jmp [rax + 0x20]
> 0x18002b099 : mov edx, [rdi]; mov rcx, [rsi]; call r13
> 0x180176408 : mov rax, [rbp + 0x78]; call [rax + 0x10]
> 0x1800a5fbe : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r14; pop r13; pop r12; ret
> 0x18010cba2 : mov rcx, [rsi + 8]; call [rsi]
> 0x1800e0b89 : mov rdx, [rbx + 0x18]; call [rax + 0x50]
> 0x18008b55c : mov rdx, [rsi + 0x228]; call [rax + 0x48]
> 0x1800892e9 : mov rdx, [rdi + 0x228]; call [rax + 0x50]
> 0x180027e8d : mov rdi, [rcx + 0x28]; call [r9 + 8]
> 0x1800195aa : mov rbp, [r11 + 0x28]; mov rsp, r11; pop r12; pop rdi; pop rsi; ret
> 0x180176409 : mov eax, [rbp + 0x78]; call [rax + 0x10]
> 0x1801b6398 : movzx eax, [r8 + 0xf8c]; sub ax, r10w; mov [rdx], ax; ret
> 0x180012ad7 : mov ecx, [rax + 0x10]; xor eax, eax; mov [rdx], ecx; ret
> 0x18010cba3 : mov ecx, [rsi + 8]; call [rsi]
> 0x1800e0b8a : mov edx, [rbx + 0x18]; call [rax + 0x50]
> 0x18008b55d : mov edx, [rsi + 0x228]; call [rax + 0x48]
> 0x1800892ea : mov edx, [rdi + 0x228]; call [rax + 0x50]
> 0x180027e8e : mov edi, [rcx + 0x28]; call [r9 + 8]
> 0x1800195ab : mov ebp, [rbx + 0x28]; mov rsp, r11; pop r12; pop rdi; pop rsi; ret
> 0x1800498b4 : mov rax, [rsi]; mov edx, 1; call [rax]
> 0x180097be9 : mov rax, [rbp]; mov rcx, rbp; call [rax]
> 0x180015054 : mov rax, [r8]; mov rcx, r8; call [rax + 8]
> 0x1800560e8 : mov rax, [r10]; mov rcx, r10; call [rax + 0x10]
> 0x18001839e : mov rax, [r11]; mov rcx, r11; call [rax + 0x10]
> 0x18001f9f4 : mov rax, [r12]; mov rcx, r12; call [rax + 0x10]
> 0x1800db114 : mov rax, [r13]; mov rcx, r13; call [rax + 8]
> 0x18009087a : mov rax, [r14]; mov rcx, r14; call [rax]
> 0x180024ddd : mov rax, [r15]; mov rcx, r15; call [rax]
> 0x18004da9d : mov rdx, [rsi]; mov rcx, rsi; call [rdx + 0x10]
> 0x18001f99f : mov rdx, [r12]; mov rcx, r12; call [rdx + 8]
> 0x180047e73 : mov rdx, [r13]; mov rcx, r13; call [rdx]
> 0x18002afc3 : mov rdx, [r14]; mov rbp, rdi; mov rcx, rsi; call r12
> 0x180018471 : mov rdx, [r15]; mov rcx, r15; call [rdx]
> 0x180042622 : mov r8, [rax]; mov rcx, rax; call [r8 + 8]
> 0x1800eb3ca : mov r8, [rsi]; mov rcx, rsi; call [r8 + 8]
> 0x1800e458b : mov r8, [r12]; mov rcx, r12; call [r8 + 8]
> 0x180044220 : mov r9, [rax]; mov rcx, rax; call [r9 + 8]
> 0x1800440c9 : mov r10, [rax]; mov rcx, rax; call [r10 + 8]
> 0x180014456 : mov r11, [rbx]; mov rcx, rbx; call [r11 + 0x10]
> 0x180023b68 : mov r11, [rdi]; mov rcx, rdi; call [r11 + 0x10]
> 0x1800f565f : mov r11, [r12]; mov rcx, r12; call [r11 + 0x10]
> 0x1800498b5 : mov eax, [rsi]; mov edx, 1; call [rax]
> 0x1800db115 : mov eax, [rbp]; mov rcx, r13; call [rax + 8]
> 0x180023b69 : mov ebx, [rdi]; mov rcx, rdi; call [r11 + 0x10]
> 0x18002afc4 : mov edx, [rsi]; mov rbp, rdi; mov rcx, rsi; call r12
> 0x18002957b : mov r8, [rax + 0x70]; mov rcx, r8; call [r8]; add rsp, 0x28; ret
> 0x1800ced35 : movzx ecx, [rdx + 2]; mov eax, 1; shl eax, cl; imul eax, r8d; ret
> 0x18001ed10 : mov rcx, [rdi]; mov rax, [rcx]; call [rax + 0x10]
> 0x180018512 : mov rcx, [r12]; mov rax, [rcx]; call [rax + 0x50]
> 0x18001ed11 : mov ecx, [rdi]; mov rax, [rcx]; call [rax + 0x10]
> 0x18002a18e : mov rax, [rbx + 0x40]; mov rcx, rax; call [rax]
> 0x180094ad3 : mov rax, [rdi + 0x10]; mov rcx, rax; call [rax + 0x40]
> 0x18001915a : mov rdx, [rcx + 8]; add rcx, 8; call [rdx + 0x10]
> 0x18003e625 : mov rdx, [r12 + 0x938]; mov rcx, rax; call [rax + 0x30]
> 0x1801d316c : mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x180051671 : mov r8, [rbp + 0x17]; mov rcx, r8; call [r8]
> 0x18008c04b : mov r9, [rax + 0x10]; mov rcx, r9; call [r9 + 0x60]
> 0x1801ef6c1 : mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r14; pop r13; pop rbp; ret
> 0x18002a18f : mov eax, [rbx + 0x40]; mov rcx, rax; call [rax]
> 0x180094ad4 : mov eax, [rdi + 0x10]; mov rcx, rax; call [rax + 0x40]
> 0x18009ec68 : movzx edx, [rax + rbp]; mov rcx, rdi; call [rdi]
> 0x18009ec67 : movzx edx, [r8 + r13]; mov rcx, rdi; call [rdi]
> 0x1801d316d : mov edi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x18010d9e2 : mov r8, [rbx]; mov edx, 1; mov rcx, rbx; call [r8 + 0x28]
> 0x18009dfb7 : mov r8, [rdi]; mov rdx, rax; mov rcx, rdi; call [r8 + 0x18]
> 0x1801b9047 : mov rcx, [rdx + 0x48]; mov [rdx + 0x48], rax; mov [r9 + 0x48], rcx; ret
> 0x180204054 : mov rcx, [rbp + 0x40]; mov rdx, [rcx]; call [rdx + 8]
> 0x180052db3 : mov rcx, [r15 + 0xe8]; mov rax, [rcx]; call [rax + 0x40]
> 0x180108805 : mov r8, [rdx + 0x40]; mov edx, ecx; mov rcx, rax; jmp [rax]
> 0x180204055 : mov ecx, [rbp + 0x40]; mov rdx, [rcx]; call [rdx + 8]
> 0x18002afc0 : mov rsi, [rdi]; mov rdx, [r14]; mov rbp, rdi; mov rcx, rsi; call r12
> 0x18004c06d : mov r11, [r13]; lea rdx, [rbp - 0x50]; mov rcx, r13; call [r11 + 0x48]
> 0x18004d66d : mov r11, [r14]; lea rdx, [rbp - 0x48]; mov rcx, r14; call [r11 + 0x48]
> 0x18004d66e : mov ebx, [rsi]; lea rdx, [rbp - 0x48]; mov rcx, r14; call [r11 + 0x48]
> 0x18004c06e : mov ebx, [rbp]; lea rdx, [rbp - 0x50]; mov rcx, r13; call [r11 + 0x48]
> 0x18002afc1 : mov esi, [rdi]; mov rdx, [r14]; mov rbp, rdi; mov rcx, rsi; call r12
> 0x18002365d : mov rax, [rsi + 8]; lea rcx, [rsi + 8]; call [rax + 0x10]
> 0x180081e95 : mov rax, [r8 + 8]; lea rcx, [r8 + 8]; call [rax + 8]
> 0x1800249d5 : mov rax, [r11 + 0x450]; mov rdx, rbp; mov rcx, rax; call [rax + 8]
> 0x1800f425b : mov rax, [r12 + 8]; lea rcx, [r12 + 8]; call [rax + 0x10]
> 0x18008ce35 : mov rax, [r13 + 0x10]; mov rdx, rdi; mov rcx, rax; call [rax + 0x28]
> 0x180176e66 : movzx rbx, [rbp + 0x80]; mov [rbp + 0x4a], bx; call [rax + 0x10]
> 0x18003d62e : mov r8, [rdi + 0x940]; xor edx, edx; mov rcx, rax; call [rax + 0x30]
> 0x18003dd37 : mov r8, [r12 + 0x940]; xor edx, edx; mov rcx, rax; call [rax + 0x30]
> 0x1800f421e : mov r11, [r12 + 8]; lea rcx, [r12 + 8]; call [r11 + 0x10]
> 0x18002365e : mov eax, [rsi + 8]; lea rcx, [rsi + 8]; call [rax + 0x10]
> 0x180176e67 : movzx ebx, [rbp + 0x80]; mov [rbp + 0x4a], bx; call [rax + 0x10]
> 0x18010b3b2 : mov edx, [rbp + 0x40]; mov rcx, rax; mov rbx, rax; call [rax + 8]
> 0x1800caee3 : mov rcx, [rdx]; mov rax, [rcx]; lea rdx, [rbp - 0x48]; call [rax + 0x60]
> 0x1800f05af : mov r9, [rcx]; mov r8, rax; lea rdx, [rip + 0x146b74]; call [r9]
> 0x1800caee4 : mov ecx, [rdx]; mov rax, [rcx]; lea rdx, [rbp - 0x48]; call [rax + 0x60]
> 0x1800149a3 : mov rcx, [r8]; mov rax, [rcx]; lea rdx, [rsp + 0x70]; call [rax + 0x48]
> 0x180037e0b : mov rcx, [r14]; mov rax, [rcx]; lea rdx, [rsp + 0x78]; call [rax + 0x38]
> 0x1801d3168 : mov rsi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x18008fd75 : mov r9, [rdi + 0x170]; mov r8d, r12d; mov edx, esi; mov rcx, r11; call [r11 + 0x48]
> 0x180028a48 : mov r10, [rax + 0x70]; mov r9d, 1; mov rdx, rsi; mov rcx, r10; call [r10 + 0x10]
> 0x1801ed309 : mov ecx, [r8 + 0x11f4]; lea ecx, [rax + rcx*2]; xor eax, eax; mov [r8 + 0x11f8], ecx; ret
> 0x1801d3169 : mov esi, [rbp + 0x38]; mov rdi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r13; pop r12; pop rbp; ret
> 0x1800a4a94 : mov rcx, [r13 + 0xc8]; mov [rsp + 0x88], rsi; mov rax, [rcx]; call [rax + 8]
> 0x18004a2c4 : mov r11, [rdi + 0xc0]; lea rdx, [rbp - 0x21]; lea rcx, [rdi + 0xc0]; call [r11 + 0x38]
> 0x18004a2c5 : mov ebx, [rdi + 0xc0]; lea rdx, [rbp - 0x21]; lea rcx, [rdi + 0xc0]; call [r11 + 0x38]
> 0x1800e73a8 : mov r10, [r9]; lea r8, [rbp - 0x51]; lea rdx, [rip + 0x16bcd2]; mov rcx, r9; call [r10]
> 0x180007ce3 : mov r8, [rcx + 0x18]; mov [rdx + 8], 0; mov [rdx], rax; mov [rdx + 0x10], r8; mov rax, rdx; ret
> 0x1800d4e2c : mov r11, [rbx + 0xc0]; lea rdx, [rsp + 0x40]; lea rcx, [rbx + 0xc0]; call [r11 + 0x38]
> 0x1800249ce : mov r11, [rsi + 0xc8]; mov rax, [r11 + 0x450]; mov rdx, rbp; mov rcx, rax; call [rax + 8]
> 0x1800249cf : mov ebx, [rsi + 0xc8]; mov rax, [r11 + 0x450]; mov rdx, rbp; mov rcx, rax; call [rax + 8]
> 0x180023f91 : mov rax, [r9]; lea r8, [rsp + 0x20]; lea rdx, [rip + 0x2133a0]; mov rcx, r9; call [rax]
> 0x18010f1f0 : mov r9, [rsi]; lea r8, [rsp + 0x30]; lea rdx, [rip + 0x194f01]; mov rcx, rsi; call [r9]
> 0x1800349f9 : mov esi, [rax]; mov [rbx + 0xc0], rax; mov rcx, [rip + 0x30b8e5]; mov rax, [rcx]; call [rax + 8]
> 0x180083de6 : mov rbx, [rdi + 0xe8]; mov [rbp - 0x40], rdi; lea rcx, [rdi + 8]; mov rax, [rcx]; call [rax + 8]
> 0x18000b8ea : mov rdx, [rax + 8]; mov [rdx], rax; mov rax, [r15]; mov edx, 1; mov rcx, r15; call [rax]
> 0x1800fdbbf : mov rdi, [rsi + 0x50]; call [rip + 0x132267]; mov rdx, [rdi]; mov rcx, rdi; mov rbx, rax; call [rdx + 0x20]
> 0x1800ac781 : mov r9, [rsi + 8]; lea rcx, [rsi + 8]; lea rdx, [rip + 0x186790]; mov r8, rdi; call [r9]
> 0x18002660f : mov r11, [rbp + 0xc8]; mov rax, [r11 + 0x450]; mov r8, r12; mov rdx, r13; mov rcx, rax; call [rax + 0x28]
> 0x1800fdbc0 : mov edi, [rsi + 0x50]; call [rip + 0x132267]; mov rdx, [rdi]; mov rcx, rdi; mov rbx, rax; call [rdx + 0x20]
> 0x1800a503c : mov r11, [rcx]; movzx r10d, bl; movzx r9d, r12b; movzx r8d, bpl; mov edx, edi; mov [rsp + 0x20], r10d; call [r11 + 0x10]
> 0x1800a503d : mov ebx, [rcx]; movzx r10d, bl; movzx r9d, r12b; movzx r8d, bpl; mov edx, edi; mov [rsp + 0x20], r10d; call [r11 + 0x10]
> 0x1801b903f : mov rax, [r9 + 0x48]; mov [r9 + 0x40], rcx; mov rcx, [rdx + 0x48]; mov [rdx + 0x48], rax; mov [r9 + 0x48], rcx; ret
> 0x180063e18 : mov rdi, [rax]; mov [rsp + 0x60], 0; mov rax, [rdi]; lea rdx, [rsp + 0x60]; mov rcx, rdi; call [rax + 0x50]
> 0x180063e19 : mov edi, [rax]; mov [rsp + 0x60], 0; mov rax, [rdi]; lea rdx, [rsp + 0x60]; mov rcx, rdi; call [rax + 0x50]
> 0x180028448 : mov rax, [r15 + 8]; mov rdx, [rsi + 0x10]; mov r8d, ebp; mov rax, [rax + 0x70]; mov rcx, rax; call [rax + 0x18]
> 0x1800283ba : mov rdi, [rax + 0x70]; mov eax, [rsi + 0x20]; mov r8d, ebp; mov rcx, rdi; mov [rsp + 0x20], eax; call [rdi + 0x20]
> 0x1800283bb : mov edi, [rax + 0x70]; mov eax, [rsi + 0x20]; mov r8d, ebp; mov rcx, rdi; mov [rsp + 0x20], eax; call [rdi + 0x20]
> 0x18004a47a : mov rcx, [rax + 0xe8]; mov [rsp + 0x50], 0; mov rax, [rcx]; mov r8, [rip + 0x23a5ec]; xor edx, edx; call [rax + 0x58]
> 0x180085dc1 : mov r9, [r8 + 8]; mov r8d, [r8]; mov edx, 2; mov [rsp + 0x28], rbx; mov [rsp + 0x20], eax; call [r10 + 0x60]
> 0x180071597 : mov r13, [rax]; xor eax, eax; mov [rsp + 0x3c4], eax; mov rax, [r13]; lea rdx, [rsp + 0x3c4]; mov rcx, r13; call [rax + 0x50]
> 0x180175e8e : mov ebx, [r13]; mov rax, [rbp + 0x90]; mov r9d, [rdi + 0x54]; mov [rbp - 0x30], ebx; mov [rsp + 0x20], rax; call [rsi + 8]
> 0x180071598 : mov ebp, [rax]; xor eax, eax; mov [rsp + 0x3c4], eax; mov rax, [r13]; lea rdx, [rsp + 0x3c4]; mov rcx, r13; call [rax + 0x50]
> 0x180028446 : mov ebp, [rbx]; mov rax, [r15 + 8]; mov rdx, [rsi + 0x10]; mov r8d, ebp; mov rax, [rax + 0x70]; mov rcx, rax; call [rax + 0x18]
> 0x180177c77 : movsxd r8, [rbp]; mov rax, [rsp + 0x60]; mov r9d, [rsp + 0x38]; add r8, [rsp + 0x40]; mov edx, [rsp + 0x34]; mov rcx, [rsp + 0x58]; call [rax]

© 2014 - 2019 - Powered by ROPEME | Contact