ROPSHELL 
ropshell> use 6e572f16276e144e5fe337ecbb804908 (download)
name         : comctl32.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2330

ropshell> suggest "load mem"
> 0x18006b749 : mov eax, [rcx + 0x84]; ret
> 0x18007a902 : mov eax, [r8]; xor eax, [r8 + 4]; ret
> 0x180083d02 : mov rax, [rcx + 0x158];  inc [rax + 0x160]; ret
> 0x180005ecf : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18006f45f : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1800411a0 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x180005ed0 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18006f460 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180014a6e : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x180014a6f : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x18006ee0b : mov edi, [rdx]; add [rax], eax; add [rcx + 3], al; ret
> 0x18002b9e4 : mov eax, [r8 + 0x48]; add eax, [r8 + 0x40]; sub eax, r9d; ret
> 0x18006f45b : mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x180089b06 : mov r12, [rbp + 0xa8]; lea rsp, [rbp + 0x70]; pop r15; pop r14; pop rbp; ret
> 0x180087154 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x180087155 : mov ecx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x18007a912 : mov ecx, [rax + 4]; mov eax, ecx; xor eax, [r8]; mov [r9 + 0x28], ecx; ret
> 0x18007a911 : mov ecx, [r8 + 4]; mov eax, ecx; xor eax, [r8]; mov [r9 + 0x28], ecx; ret
> 0x18008ab0f : mov r11, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x18008ab10 : mov ebx, [rdx]; mov rdx, [rdx + r8 - 8]; mov [rcx], r11; mov [rcx + r8 - 8], rdx; ret
> 0x180086538 : mov ecx, [rbx + 0xb096]; add [rbx - 0x3874b635], cl; mov r8, [rip + 0x7e9d]; call r8
> 0x180089aff : mov rdi, [rbp + 0xa0]; mov r12, [rbp + 0xa8]; lea rsp, [rbp + 0x70]; pop r15; pop r14; pop rbp; ret
> 0x180086539 : mov edx, [rsi + 0xb0]; mov ecx, ebx; mov rax, r15; mov r8, [rip + 0x7e9d]; call r8
> 0x180089b00 : mov edi, [rbp + 0xa0]; mov r12, [rbp + 0xa8]; lea rsp, [rbp + 0x70]; pop r15; pop r14; pop rbp; ret
> 0x1800792c4 : mov rax, [rcx]; movabs r10, -0x4553e0efc9a14e90; mov rax, [rax + 0x10]; call [rip + 0x1510d]; mov eax, [rsp + 0x38]; add rsp, 0x28; ret
> 0x1800792c5 : mov eax, [rcx]; movabs r10, -0x4553e0efc9a14e90; mov rax, [rax + 0x10]; call [rip + 0x1510d]; mov eax, [rsp + 0x38]; add rsp, 0x28; ret

© 2014 - 2019 - Powered by ROPEME | Contact