ROPSHELL 
ropshell> use 6a15026ec4076ad81938e7d5b5365d10 (download)
name         : d3d11.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6922

ropshell> suggest "load mem"
> 0x18012163c : mov rax, [rdx]; ret
> 0x180057ad0 : mov eax, [rcx]; ret
> 0x18012163d : mov eax, [rdx]; ret
> 0x180054e80 : mov rax, [rcx + 0x98d8]; ret
> 0x180051546 : mov eax, [rcx + 0x10]; ret
> 0x1800b7f8c : mov rax, [rcx];  dec [rax + 8]; ret
> 0x180121720 : mov eax, [rdx + 8]; mov eax, eax; ret
> 0x180005053 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180010f16 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18000290c : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x180005054 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180010f17 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18004753b : mov rax, [r8]; mov eax, [rdx + rax + 4]; ret
> 0x1800b64bb : mov rax, [r9]; mov [rcx + r10*8], rax; ret
> 0x1800250c9 : mov rcx, [rax]; mov [rdx], rcx; mov rax, rdx; ret
> 0x1800b6353 : mov eax, [r9]; mov [rcx + r10*4], eax; ret
> 0x1800250ca : mov ecx, [rax]; mov [rdx], rcx; mov rax, rdx; ret
> 0x1800f944d : mov rax, [r9 + 0x10]; mov [rdx + 0x10], rax; ret
> 0x180054e97 : mov rcx, [rax + 0x60]; mov eax, [rcx + 0x58]; ret
> 0x18000a56f : mov eax, [r10 + 0x20]; mov [r9 + 0x20], eax; ret
> 0x180054e98 : mov ecx, [rax + 0x60]; mov eax, [rcx + 0x58]; ret
> 0x18001e04f : mov esi, [rax + 0x490001e1]; add edx, ebx; jmp rdx
> 0x18002a0d0 : mov rax, [rdx + 0x10]; cmp [rax + 0x4fc], cl; sete al; ret
> 0x180107c4e : mov rax, [r10 + r11]; call [rip + 0xda4d0]; add rsp, 0x38; ret
> 0x180101948 : mov rax, [r11 + r10]; call [rip + 0xe07d6]; add rsp, 0x38; ret
> 0x18007ee8c : mov rbx, [r11 + 0x20]; mov rsp, r11; pop r15; pop r14; pop rdi; ret
> 0x18000a6ca : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1800024e9 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x1800e4a10 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x180101949 : mov eax, [rbx + rdx]; call [rip + 0xe07d6]; add rsp, 0x38; ret
> 0x1800e7920 : mov edx, [rcx + 0x98]; xor eax, eax; test edx, edx; setne al; ret
> 0x18000a6cb : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1800ab7a1 : mov esi, [rax]; ror [rdx], 0; add rcx, r11; jmp rcx
> 0x1800da807 : mov eax, [r8 + 0x10]; mov [rcx + 0x18], eax; mov rax, rcx; ret
> 0x18004db86 : mov eax, [r9 + 0x10]; mov [rcx + 0x20], eax; mov rax, rcx; ret
> 0x1800c48a8 : mov rdx, [rcx]; mov rax, [rcx + 0xc]; mov [rdx + 0xe24], rax; ret
> 0x1800c48a9 : mov edx, [rcx]; mov rax, [rcx + 0xc]; mov [rdx + 0xe24], rax; ret
> 0x1800b6545 : mov rax, [rbx]; mov rbx, [rsp + 8]; mov [rcx + r10*8], rax; ret
> 0x180117ce5 : mov rax, [r10]; mov rax, [rax + 0x150]; call [rip + 0xca433]; add rsp, 0x38; ret
> 0x1800b6546 : mov eax, [rbx]; mov rbx, [rsp + 8]; mov [rcx + r10*8], rax; ret
> 0x18004c4d5 : mov rdx, [rcx + 0x3f0]; mov ecx, 2; cmp [rdx + 0x9910], r8; cmove eax, ecx; ret
> 0x18003944d : mov eax, [r11 + 0x20]; mov [rdx + 0x30], eax; mov rax, rdx; add rsp, 0x28; ret
> 0x1800d7862 : mov ecx, [rdx + 8]; mov [rdx + 8], eax; mov [r10 + 8], ecx; ret
> 0x18004e765 : mov r8, [r10 + 0x18]; mov [r10 + 0x18], rax; mov [rdx + 0x18], r8; add rsp, 0x28; ret
> 0x1800f5408 : mov rcx, [rdx + 0x20]; mov rax, [r9 + 0x20]; mov [r9 + 0x20], rcx; mov [rdx + 0x20], rax; ret
> 0x18004c4d1 : mov rcx, [r8 + 0x58]; mov rdx, [rcx + 0x3f0]; mov ecx, 2; cmp [rdx + 0x9910], r8; cmove eax, ecx; ret
> 0x1801132dc : mov rax, [r8 + 0x20]; and [rdx + 0x34], 0; and [rdx + 0x38], 0; mov [rdx + 0x28], rax; add rsp, 0x48; ret
> 0x180043059 : mov rcx, [r9 + 0x38]; mov [rcx + 0xe2f], al; mov rax, [r9 + 0x38]; mov [rax + 0x9908], r8w; add rsp, 0x28; ret
> 0x1800967e6 : mov rdx, [r11 + 0x10]; mov rax, [rdx + r9*8 + 8]; mov rcx, [rax + 8]; mov [rdx + r9*8 + 8], rcx; ret
> 0x1800967e7 : mov edx, [rbx + 0x10]; mov rax, [rdx + r9*8 + 8]; mov rcx, [rax + 8]; mov [rdx + r9*8 + 8], rcx; ret

© 2014 - 2019 - Powered by ROPEME | Contact