ROPSHELL 
ropshell> use 5fa34090bffaae489c45ba43712a50c5 (download)
name         : dns.exe (x86_64/PE)
base address : 0x100001000
total gadgets: 2880

ropshell> suggest "load mem"
> 0x10007922c : mov rax, [rcx]; ret
> 0x10007922d : mov eax, [rcx]; ret
> 0x10006ad40 : mov eax, [rcx + 4]; ret
> 0x100074be1 : mov rdx, [rbx]; call rax
> 0x100074be2 : mov edx, [rbx]; call rax
> 0x100017858 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x10002f856 : mov rdi, [r11 + 0x28]; mov rsp, r11; pop r12; ret
> 0x10001cd77 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x10004701c : mov ecx, [rdx + 0x30]; mov [r8], ecx; ret
> 0x100017859 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x10002f857 : mov edi, [rbx + 0x28]; mov rsp, r11; pop r12; ret
> 0x10001cd78 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x100057a44 : mov rcx, [rbx + 8]; call [rbx + 0x10]
> 0x100057a45 : mov ecx, [rbx + 8]; call [rbx + 0x10]
> 0x1000720d1 : mov rdx, [rcx]; mov r8, r13; mov rcx, r12; call rbp
> 0x1000720d2 : mov edx, [rcx]; mov r8, r13; mov rcx, r12; call rbp
> 0x100021181 : movsx eax, [rbp]; lea rdx, [rip - 0x1e594]; mov rcx, r12; call r13
> 0x10001cd73 : mov rbx, [r11 + 0x10]; mov rbp, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x100074444 : mov r8, [rbx + 0x20]; lea rdx, [rip - 0x5e7c7]; mov rcx, rdi; call rsi
> 0x100074445 : mov eax, [rbx + 0x20]; lea rdx, [rip - 0x5e7c7]; mov rcx, rdi; call rsi
> 0x1000708aa : movzx ecx, [rbp]; lea rdx, [rip - 0x5d905]; mov r8d, esi; mov rcx, r15; call r14
> 0x1000178f5 : mov eax, [rdx + 0x2c]; lea rcx, [rax + rdx + 0xad8]; mov [rdx + 0x18], rcx; ret
> 0x1000709e5 : movzx ecx, [r13]; call [rip - 0x6f0c0]; lea rdx, [rip - 0x5dbab]; mov rcx, r15; movzx r8d, ax; call r14
> 0x10004a04c : mov eax, [r9 + 0x30]; mov [rdx], eax; mov [rcx + 0x235], 0; lea rax, [rdx + 4]; ret
> 0x10002117c : movsx ecx, [rbp + 1]; movsx r8d, [rbp]; lea rdx, [rip - 0x1e594]; mov rcx, r12; call r13
> 0x100073c45 : mov ecx, [rax + 0x20]; call [rip - 0x72306]; lea rdx, [rip - 0x5e42d]; mov rcx, rdi; mov r8, rax; call rsi
> 0x100073c44 : mov ecx, [r8 + 0x20]; call [rip - 0x72306]; lea rdx, [rip - 0x5e42d]; mov rcx, rdi; mov r8, rax; call rsi
> 0x100073f09 : mov r9, [rbx]; mov [rsp + 0x20], rcx; lea rdx, [rip - 0x5e5a8]; mov r8d, ebp; mov rcx, r12; call r13
> 0x100073f0a : mov ecx, [rbx]; mov [rsp + 0x20], rcx; lea rdx, [rip - 0x5e5a8]; mov r8d, ebp; mov rcx, r12; call r13
> 0x100032563 : mov r9, [rsi + 0x38]; lea r8, [rsp + 0x76f]; lea rdx, [rsp + 0x370]; mov rcx, r10; call rax
> 0x100032564 : mov ecx, [rsi + 0x38]; lea r8, [rsp + 0x76f]; lea rdx, [rsp + 0x370]; mov rcx, r10; call rax
> 0x100059b06 : mov rax, [rdx + 8]; mov [r9 + 8], rax; mov [rdx], r10; mov [rdx + 8], r10; mov [rdx + 0x2c], r10d; ret
> 0x100073d5c : mov r9, [r8 + 0x20]; movzx r8d, [r8 + 0x28]; lea rdx, [rip - 0x5e514]; mov rcx, r11; mov [rsp + 0x20], rax; call rbx
> 0x100073e6b : mov r8, [rax + 0x20]; mov [rsp + 0x28], r10; mov [rsp + 0x20], rdx; mov r9, rcx; lea rdx, [rip - 0x5e55b]; mov rcx, r11; call rbx
> 0x100020b4b : mov rax, [r12 + 0x38]; mov [rsp + 0x38], edi; mov [rsp + 0x30], r11; mov [rsp + 0x28], rax; mov [rsp + 0x20], r12; call rbp
> 0x10007f3e4 : mov rcx, [r10 + 0x30]; mov r9, rsi; mov [rsp + 0x28], rax; mov r8, rdi; mov rdx, r13; mov [rsp + 0x20], ebp; call [r10 + 0x10]
> 0x100073df2 : mov eax, [r8 + 0x30]; mov r8, r10; mov [rsp + 0x30], eax; mov [rsp + 0x28], r11; mov [rsp + 0x20], rcx; mov rcx, rbx; call rdi
> 0x100055e6d : mov rbx, [rdi]; mov rax, [rip + 0x49a99]; and [rcx + 0x1a0], 0; xor edx, edx; mov [rcx + 0x21d], 0; mov [rcx + 0x38], rax; call r8
> 0x100055e6e : mov ebx, [rdi]; mov rax, [rip + 0x49a99]; and [rcx + 0x1a0], 0; xor edx, edx; mov [rcx + 0x21d], 0; mov [rcx + 0x38], rax; call r8
> 0x10006d57a : movzx eax, [rsi + 0x4e]; xor r9d, r9d; mov [rsp + 0x40], eax; mov rax, [rip + 0x236c4]; xor r8d, r8d; mov [rsp + 0x44], 2; call [rax + 0x78]
> 0x10007f3b9 : mov eax, [r10 + 0x40]; mov rcx, [rsp + 0x48]; mov rdx, [rsp + 0x50]; mov rcx, [rcx + 0x38]; mov [rsp + 0x20], eax; call [r10 + 0x20]
> 0x10006d579 : movzx eax, [r14 + 0x4e]; xor r9d, r9d; mov [rsp + 0x40], eax; mov rax, [rip + 0x236c4]; xor r8d, r8d; mov [rsp + 0x44], 2; call [rax + 0x78]

© 2014 - 2019 - Powered by ROPEME | Contact