ROPSHELL 
ropshell> use 692b2ef206691ef96e7318a6d842e182 (download)
name         : i_am_not_backdoor.bin (x86_64/ELF)
base address : 0x401100
total gadgets: 6829

ropshell> suggest "load mem"
> 0x0045d25a : mov eax, [rcx]; ret
> 0x00461be8 : movsx eax, [rsi]; neg eax; ret
> 0x004105f0 : mov rax, [rdi + 0x68]; ret
> 0x004105f1 : mov eax, [rdi + 0x68]; ret
> 0x00427193 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x004297eb : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0041028d : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00428de0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0043096e : mov rsi, [rbx]; call r12
> 0x004305e8 : mov rdi, [rbx]; call rbp
> 0x00428d81 : mov edx, [rsi]; mov [rdi], dx; ret
> 0x0043096f : mov esi, [rbx]; call r12
> 0x004305e9 : mov edi, [rbx]; call rbp
> 0x00425837 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x0042756f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0044ce77 : mov eax, [rdx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00475810 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00475811 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x0046f018 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0046f08c : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0043174f : mov rdx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x0046f00c : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0046f019 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x00444ea4 : movzx eax, [rcx + rax]; jmp [rdi + rax*8]
> 0x0044484c : movzx eax, [rsi + rax]; jmp [rcx + rax*8]
> 0x0046f08d : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x00431750 : mov edx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x0046f00d : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00430a03 : mov rsi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00430a04 : mov esi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00434cff : mov rdi, [r13 + 0x10]; add rdi, rbx; call r12
> 0x00434d00 : mov edi, [rbp + 0x10]; add rdi, rbx; call r12
> 0x00428df0 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret
> 0x00475673 : mov rsi, [r14]; mov rax, [rsp + 0x10]; call rax
> 0x0044f0fa : mov ecx, [rdx + 0x4c]; cmp [rdx + 0x48], ecx; cmove eax, ecx; ret
> 0x00430f95 : mov rax, [rbx]; mov [rip + 0x760c9], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00469bd1 : mov rdx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x00430f96 : mov eax, [rbx]; mov [rip + 0x760c9], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00469bd2 : mov edx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x00428f24 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00428e33 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0046113d : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0046113e : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0046f792 : mov rax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x00474636 : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x004306eb : mov rdx, [r11]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x0046f793 : mov eax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x004306ec : mov edx, [rbx]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x00474637 : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x004317df : mov rax, [rdx + rax]; mov [rip + 0x7b296], rax; lea rax, [rip + 0x7b287]; ret
> 0x0040ce2c : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x00462992 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004317e0 : mov eax, [rdx + rax]; mov [rip + 0x7b296], rax; lea rax, [rip + 0x7b287]; ret
> 0x0040ce2d : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x00448e03 : movzx ecx, [rdi + rax]; lea rax, [rip + 0x59992]; jmp [rax + rcx*8]
> 0x00409aa8 : mov rdi, [r15]; mov rdx, [rsp + 8]; mov rax, [rsp]; call rax
> 0x0044ca0f : mov rax, [r12 + 0x18]; mov esi, ebp; mov rdi, rbx; pop rbx; pop rbp; pop r12; jmp rax
> 0x004756bd : mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x00474cf1 : mov rdx, [r13]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x0040f027 : movzx esi, [r14]; lea rbx, [r14 + 1]; mov rdi, r15; call [rax + 0x18]
> 0x0046f6ea : mov rdx, [rbx]; add rdx, [rax + 8]; add rsp, 8; movzx edi, bpl; pop rbx; pop rbp; jmp rdx
> 0x00461139 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00454d72 : mov rdi, [r12]; push 1; push 0; lea rcx, [rax + 1]; lea r9, [rsp + 0x28]; call rbx
> 0x0046298e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004756ba : mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x004756bb : mov esi, [rcx]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0044c69e : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x0044d9bc : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rbp + 0x70]
> 0x0044c69f : mov edx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x0044d9bd : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rbp + 0x70]
> 0x0046298a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046298b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00460e31 : mov ecx, [rdx]; add rdx, 8; mov [rax + 0x328], rdx; lea rdx, [rdx + rcx*4]; mov [rax + 0x30c], ecx; mov [rax + 0x320], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact