ROPSHELL 
ropshell> use 5daeefc2258079d21b4d865e88939d50 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x25340
total gadgets: 17467

ropshell> suggest "load mem"
> 0x00076f0c : mov eax, [rdx]; ret
> 0x000c6390 : mov eax, [rdi]; ret
> 0x000c6340 : mov rax, [rdi + 0x20]; ret
> 0x000e58b1 : mov eax, [rdx + 8]; ret
> 0x000c6341 : mov eax, [rdi + 0x20]; ret
> 0x0015ae83 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00097e03 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0008359d : mov rax, [rdi]; mov [rdx], rax; ret
> 0x000e6ea2 : mov rcx, [rax]; call r12
> 0x00026d95 : mov rdx, [rax]; call rbp
> 0x000a23d0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000b4c60 : mov rdi, [rax]; call r15
> 0x000f934f : mov rdi, [rbp]; call rbx
> 0x00102e59 : mov eax, [r12]; pop rbx; pop rbp; pop r12; ret
> 0x000e6ea3 : mov ecx, [rax]; call r12
> 0x00026d96 : mov edx, [rax]; call rbp
> 0x000b4c61 : mov edi, [rax]; call r15
> 0x000f9350 : mov edi, [rbp]; call rbx
> 0x0015409f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0008041b : movzx r8, [rax]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0008ccb8 : mov rdi, [rbx + 0x48]; call rax
> 0x0003e6e9 : mov rdi, [rbp + 8]; call rax
> 0x0008ccb9 : mov edi, [rbx + 0x48]; call rax
> 0x0003e6ea : mov edi, [rbp + 8]; call rax
> 0x000ccbd1 : mov ebp, [rbx + 2]; add [rax - 0x77], cl; ret
> 0x0011cb2b : mov rax, [rbx]; mov [rax + 8], 0; pop rbx; ret
> 0x0014c7a0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x000a8248 : mov rdi, [r12]; movzx esi, bl; call rbp
> 0x0011cb2c : mov eax, [rbx]; mov [rax + 8], 0; pop rbx; ret
> 0x0009ef06 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x00126ce0 : mov eax, [r8]; mov [rdx], eax; mov eax, 1; ret
> 0x000a84ca : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret
> 0x000f2af9 : mov rax, [r13 + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x0007460f : mov rdx, [rdi + 0xa0]; mov [rdx + 0xf0], rcx; ret
> 0x000f2afa : mov eax, [rbp + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x00074610 : mov edx, [rdi + 0xa0]; mov [rdx + 0xf0], rcx; ret
> 0x000e6d49 : mov rdx, [r12]; mov rax, [rbp - 0x1f0]; call rax
> 0x000ed760 : mov eax, [rsi]; mov [rdi + 0x108], eax; xor eax, eax; ret
> 0x0010480a : mov eax, [rbp]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x00104809 : mov eax, [r13]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x0007dcc4 : mov rax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x00078ca9 : mov rax, [rsi + 0xf0]; call [rax + 0x68]
> 0x00121c51 : mov rax, [rbp + 8]; call [rax + 0x28]
> 0x0007dca7 : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x00109123 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0007dcc5 : mov eax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x0011d100 : mov eax, [rsi + 0x18]; cmp [rdi + 0x18], eax; sete al; ret
> 0x0007dca8 : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x00109124 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x00129778 : mov rax, [rdx]; bswap eax; mov [r8 + 0x54], eax; mov eax, 1; ret
> 0x00143c14 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x000fd1af : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x000f9687 : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x000fd1b0 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x000f9688 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x0014c8c6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0007dd01 : mov rax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret
> 0x000d5056 : mov rdx, [rsi + 0x20]; mov [rax + 0x20], rdx; xor eax, eax; ret
> 0x000e6e9e : mov r8, [rax + 8]; mov rcx, [rax]; call r12
> 0x0004b0b2 : mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0009ef89 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00126ccd : movzx eax, [r8 + 0x88]; mov [rdx + 0x6c], ax; mov eax, 1; ret
> 0x0004b0b3 : mov ecx, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00095904 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x0012b5b3 : mov rax, [r8 + 0x38]; mov rdi, r8; call [rax + 0x20]
> 0x0012168d : mov rax, [r12 + 8]; mov rdi, r12; call [rax + 0x20]
> 0x00129d4f : mov rax, [r14 + 0x70]; mov rdi, rbp; call [rax + 0x20]
> 0x0012aa3e : mov rax, [r15 + 0x60]; mov rdi, rbp; call [rax + 0x20]
> 0x000a2514 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0012a073 : mov rdx, [r8 + 0x90]; bswap eax; mov [rdx + 0x10], eax; mov eax, 1; ret
> 0x00084817 : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x0012bda9 : mov edx, [rbp + 0x4864ffef]; mov [rbx], 0; add rsp, 8; pop rbx; pop rbp; ret
> 0x0012a232 : mov esi, [rbx + 0x88]; mov rdi, r15; call [rax + 0x28]
> 0x0011f1c1 : mov rdx, [r15]; mov r8, rbx; mov rcx, r14; mov rdi, r13; call r12
> 0x00117d3a : mov rsi, [rbp]; add rbx, rsi; mov [rbp], rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0012ad00 : mov rdi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x00117d3b : mov esi, [rbp]; add rbx, rsi; mov [rbp], rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0012ad01 : mov edi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x0003b4a2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x001097df : mov edx, [rbx + 0x18]; mov [rbp - 0x80], edx; mov rdx, r13; call rax
> 0x00109f0d : mov edx, [rcx + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x00118990 : movzx edx, [r10 + 1]; add r10, 2; mov [r8], edx; mov [r9], r10; ret
> 0x00109778 : mov edx, [r13 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x0010a06e : mov edx, [r14 + 0x60]; mov [rbp - 0x80], edx; mov rdx, rbx; call rax
> 0x000f0337 : mov rcx, [rdi]; mov rdx, [rsi]; xor eax, eax; cmp rcx, rdx; seta al; sbb eax, 0; ret
> 0x000f0338 : mov ecx, [rdi]; mov rdx, [rsi]; xor eax, eax; cmp rcx, rdx; seta al; sbb eax, 0; ret
> 0x00079e87 : mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00067812 : mov rdx, [r15 + 0x20]; mov rdi, r14; sub rdx, rsi; call [rbx + 0x38]
> 0x000727cb : mov rsi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x00123084 : mov rsi, [rbx + 0x10]; mov rdx, r12; mov rdi, r14; call [rax + 0x10]
> 0x00033d18 : mov rsi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x001367c6 : mov r8, [rbx + 0x10]; call [rax + 0x1b8]; mov [rbx], rax; pop rax; pop rdx; pop rbx; ret
> 0x000d3475 : movzx eax, [r9 + rax]; mov [rdi + 8], 1; mov [rdi], al; mov eax, 1; ret
> 0x000e185b : movzx ecx, [rdi + 8]; movsxd rcx, [r9 + rcx*4]; add rcx, r9; jmp rcx
> 0x000727cc : mov esi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x00033d19 : mov esi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x000ffbfd : mov rcx, [r8]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xbc74e], 0; ret
> 0x000823a4 : movzx esi, [rdi]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18]
> 0x000823a3 : movzx esi, [r15]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18]
> 0x0007bd17 : mov rcx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x0007fb30 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x001288fa : mov rsi, [r8 + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x0004b0ae : mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0007bd18 : mov ecx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x0003cf6d : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp + 8]; call rax
> 0x00078781 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x000a87d2 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x00078782 : mov ecx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0003b49e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0012e6f8 : movsx rax, [rsi]; mov rsi, rsp; mov [rsp], rax; mov rax, [rdi + 8]; call [rax + 8]
> 0x000f9733 : mov rsi, [rdx]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r9; mov r15d, r14d; mov rax, [rbp - 0x60]; call rax
> 0x000f9734 : mov esi, [rdx]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r9; mov r15d, r14d; mov rax, [rbp - 0x60]; call rax
> 0x0006780e : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, r14; sub rdx, rsi; call [rbx + 0x38]
> 0x000bd3b8 : mov eax, [r15 + 0x10]; lea rdx, [rip + 0xc6655]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x000a85c8 : mov rdi, [r14]; lea rsi, [rsp + 0x20]; push 1; xor r8d, r8d; push 0; lea r9, [rsp + 0x18]; call r13
> 0x000a85c9 : mov edi, [rsi]; lea rsi, [rsp + 0x20]; push 1; xor r8d, r8d; push 0; lea r9, [rsp + 0x18]; call r13
> 0x0004b0a7 : mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00109f05 : mov rdx, [rcx + 0x38]; mov [rbp - 0x70], rdx; mov edx, [rcx + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x00109770 : mov rdx, [r13 + 0x38]; mov [rbp - 0x70], rdx; mov edx, [r13 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x0010a063 : mov rdx, [r14 + 0x80]; mov [rbp - 0x70], rdx; mov edx, [r14 + 0x60]; mov [rbp - 0x80], edx; mov rdx, rbx; call rax
> 0x0003b49a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0003b49b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0004b426 : mov rsi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0004b427 : mov esi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0012d536 : mov rbp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]

© 2014 - 2019 - Powered by ROPEME | Contact