ROPSHELL 
ropshell> use 759fe22d089a9a6aed263afe9cc08e2b (download)
name         : chrome_elf.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6099

ropshell> suggest "load mem"
> 0x18000c3dd : mov rax, [rcx]; ret
> 0x18000c3de : mov eax, [rcx]; ret
> 0x18003b497 : mov eax, [rcx + 0x20]; ret
> 0x18003b496 : mov eax, [r9 + 0x20]; ret
> 0x180056e2a : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x180035fcb : mov rcx, [rbx]; call rdi
> 0x1800432b8 : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x180036083 : mov rcx, [rsi]; call rdi
> 0x1800361f7 : mov rcx, [rdi]; call r14
> 0x180036274 : mov rcx, [r12]; call r14
> 0x180035f9d : mov rcx, [r14]; call rdi
> 0x180035f8c : mov rdx, [r14]; call rdi
> 0x1800361ca : mov rdx, [r15]; call r14
> 0x180035fcc : mov ecx, [rbx]; call rdi
> 0x180035f9e : mov ecx, [rsi]; call rdi
> 0x1800361f8 : mov ecx, [rdi]; call r14
> 0x180035f8d : mov edx, [rsi]; call rdi
> 0x1800361cb : mov edx, [rdi]; call r14
> 0x18003e51c : mov esi, [rdx]; std ; dec [rax - 0x77]; ret
> 0x18003fde5 : mov rdi, [rcx + 0xb0]; popfq ; pop rbp; ret
> 0x18003fde6 : mov edi, [rcx + 0xb0]; popfq ; pop rbp; ret
> 0x180038470 : mov rax, [rcx + 0x10]; test rax, rax; setne al; ret
> 0x18005bc59 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18005d516 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
> 0x18005bc5a : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18005d517 : mov edi, [rbx + 0x20]; mov rsp, r11; pop r14; ret
> 0x1800293f8 : mov rax, [r9]; mov [rdx], rax; mov al, 1; ret
> 0x180035e9a : mov rdx, [rsi]; mov rcx, rdi; call rbx
> 0x1800293b8 : mov eax, [r9]; mov [rdx], eax; mov al, 1; ret
> 0x180042ef4 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18003a53c : mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x180035fd4 : mov rdx, [rbx]; mov rcx, [r14]; call rdi
> 0x180036316 : mov rdx, [rdi]; mov rcx, [r12]; call r14
> 0x180035fd5 : mov edx, [rbx]; mov rcx, [r14]; call rdi
> 0x18003e7d0 : movsxd rcx, [rax + 4]; or [rcx + rdx + 0x18], 2; ret
> 0x180063609 : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x18006360a : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r13; pop rdi; pop rsi; ret
> 0x180041a74 : mov rax, [rbx]; mov r9, [rip + 0x4d58a]; call r9
> 0x18002c95b : mov rax, [rdx]; mov rcx, rdx; call [rax + 0x18]
> 0x1800086a7 : mov rax, [rsi]; mov rcx, rsi; call [rax + 0x10]
> 0x18003181c : mov rax, [rdi]; mov rcx, rdi; call [rax + 0x10]
> 0x18001ea09 : mov rax, [rbp]; mov rcx, rbp; call [rax + 0x18]
> 0x18002a630 : mov rax, [r14]; mov rcx, r14; call [rax + 0x18]
> 0x18000950f : mov rax, [r15]; mov rcx, r15; call [rax + 0x18]
> 0x1800205c0 : mov rbp, [rcx]; mov edx, eax; call [rbp + 0x18]
> 0x180041a75 : mov eax, [rbx]; mov r9, [rip + 0x4d58a]; call r9
> 0x18002c95c : mov eax, [rdx]; mov rcx, rdx; call [rax + 0x18]
> 0x18002a631 : mov eax, [rsi]; mov rcx, r14; call [rax + 0x18]
> 0x180009510 : mov eax, [rdi]; mov rcx, r15; call [rax + 0x18]
> 0x18001ea0a : mov eax, [rbp]; mov rcx, rbp; call [rax + 0x18]
> 0x1800205c1 : mov ebp, [rcx]; mov edx, eax; call [rbp + 0x18]
> 0x18003fdde : mov rbx, [rcx + 0x90]; mov rdi, [rcx + 0xb0]; popfq ; pop rbp; ret
> 0x1800361f3 : mov rdx, [rdi + rax]; mov rcx, [rdi]; call r14
> 0x18003fddf : mov ebx, [rcx + 0x90]; mov rdi, [rcx + 0xb0]; popfq ; pop rbp; ret
> 0x1800361f4 : mov edx, [rdi + rax]; mov rcx, [rdi]; call r14
> 0x18003a539 : mov rcx, [rax]; mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x18003a53a : mov ecx, [rax]; mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x18005bc55 : mov rbx, [r11 + 0x10]; mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18005731c : movsxd rdx, [r8 + 0x1c]; mov rax, [rcx]; mov [rdx + rax], r9d; ret
> 0x18005ba2b : mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x1800411e7 : mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x1800432c3 : movzx eax, [rdx + 2]; mov [rax], cx; mov [rax + 2], r8b; ret
> 0x180043373 : mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x18002b0d7 : mov rax, [r13]; mov edx, 1; mov rcx, r13; call [rax]
> 0x180009e77 : mov rbx, [rax]; mov edx, 1; mov rcx, rax; call [rbx]
> 0x18000856b : mov rdi, [rax]; mov edx, 1; mov rcx, rax; call [rdi]
> 0x18001e8e9 : mov rbp, [rax]; mov edx, 1; mov rcx, rax; call [rbp]
> 0x180009806 : mov r8, [rax]; mov edx, 1; mov rcx, rax; call [r8]
> 0x180009e78 : mov ebx, [rax]; mov edx, 1; mov rcx, rax; call [rbx]
> 0x18000856c : mov edi, [rax]; mov edx, 1; mov rcx, rax; call [rdi]
> 0x18001e8ea : mov ebp, [rax]; mov edx, 1; mov rcx, rax; call [rbp]
> 0x1800431a4 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x180042ef0 : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x180036251 : mov rdx, [r12 + r13]; mov rcx, [r12 + rsi*8]; call r14
> 0x180035e96 : mov rdi, [r15 + 8]; mov rdx, [rsi]; mov rcx, rdi; call rbx
> 0x1800174b0 : mov edx, [rsi + 0x20]; mov rax, [rcx]; call [rax + 0x28]
> 0x1800267e1 : mov edx, [rax]; mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x1800268f4 : mov edx, [rbp]; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x18000950b : movzx edx, [r14]; mov rax, [r15]; mov rcx, r15; call [rax + 0x18]
> 0x1800168c7 : mov eax, [rbx + rdi]; xor ecx, ecx; xor r9d, r9d; mov rdx, rsi; call r13
> 0x18003dfb0 : mov rsi, [rax]; lea rdx, [rsp + 0x28]; mov rcx, rax; call [rsi + 0x38]
> 0x180043370 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x18003dfb1 : mov esi, [rax]; lea rdx, [rsp + 0x28]; mov rcx, rax; call [rsi + 0x38]
> 0x18002a763 : mov rcx, [rsi + 0x18]; mov rax, [rcx]; mov edx, edi; call [rax + 8]
> 0x18002a831 : mov rcx, [rdi + 0x18]; mov rax, [rcx]; mov rdx, rbx; call [rax + 0x30]
> 0x18001fed8 : mov rdx, [rsi + 0xf8]; mov ecx, [rsi]; mov [rsp + 0x20], rbx; call rax
> 0x18003ad08 : mov r8, [rdi + 8]; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x180029dc7 : mov eax, [rsi + 0x18]; mov rax, [rdi]; mov rcx, rdi; call [rax + 0x20]
> 0x18003ad09 : mov eax, [rdi + 8]; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x180029da6 : mov ebx, [rsi + 0x10]; mov rax, [rdi]; mov rcx, rdi; call [rax + 0x18]
> 0x18002a764 : mov ecx, [rsi + 0x18]; mov rax, [rcx]; mov edx, edi; call [rax + 8]
> 0x18002a832 : mov ecx, [rdi + 0x18]; mov rax, [rcx]; mov rdx, rbx; call [rax + 0x30]
> 0x1800266f4 : mov edx, [rax + 0x20]; mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x180026646 : mov edx, [rbx + 0x1c]; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x180026903 : mov edx, [rbp + 0x10]; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x1800267a9 : mov edx, [r14 + 0x24]; mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x18002a62d : mov esi, [rax + 0x10]; mov rax, [r14]; mov rcx, r14; call [rax + 0x18]
> 0x1800136c0 : mov rcx, [r8]; lea rax, [rcx + 1]; mov [r8], rax; mov [rcx], dl; movzx eax, dl; ret
> 0x18003a535 : mov rdx, [rcx + 8]; mov rcx, [rax]; mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x1800411e3 : mov rdi, [rbp + 0x40]; mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18002a695 : mov ecx, [rax + 0x18]; mov rax, [rcx + 8]; sub rax, [rcx]; shr rax, 2; add eax, -1; ret
> 0x18003a536 : mov edx, [rcx + 8]; mov rcx, [rax]; mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x1800411e4 : mov edi, [rbp + 0x40]; mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18003a571 : mov r11, [rax]; mov [rsp + 0x20], r9; mov rcx, rax; mov r9, r10; call [r11 + 0x20]
> 0x18001fbaa : mov rdx, [rbp]; mov rax, [rbx]; movsxd rcx, [rax + 4]; add rcx, rbx; call [rbp - 8]
> 0x18003630d : mov rcx, [r15]; mov [rdi], rcx; mov [r15], rax; mov rdx, [rdi]; mov rcx, [r12]; call r14
> 0x18003a532 : mov r8, [rcx]; mov rdx, [rcx + 8]; mov rcx, [rax]; mov r9, [rcx + 0x28]; mov rcx, rax; jmp r9
> 0x18002a629 : mov rax, [r14 + 8]; mov esi, [rax + 0x10]; mov rax, [r14]; mov rcx, r14; call [rax + 0x18]
> 0x18003827e : mov rax, [rsi + 0x10];  add [rax + rdi*4], ecx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x1800136bc : mov r8, [rcx + 0x40]; mov rcx, [r8]; lea rax, [rcx + 1]; mov [r8], rax; mov [rcx], dl; movzx eax, dl; ret
> 0x18001e8a0 : mov rax, [rbx + 0x40]; mov rcx, [rax + 8]; mov [rsp + 0xf8], rcx; mov rax, [rcx]; call [rax + 8]
> 0x18001cedd : mov rax, [r15 + 0x40]; mov rcx, [rax + 8]; mov [rsp + 0xb8], rcx; mov rax, [rcx]; call [rax + 8]
> 0x180042ee8 : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18000898d : mov rcx, [rbx + 8]; mov r8d, [rbx]; mov rax, [rcx]; lea rbx, [rsp + 0x28]; mov rdx, rbx; call [rax + 0x10]
> 0x18000898e : mov ecx, [rbx + 8]; mov r8d, [rbx]; mov rax, [rcx]; lea rbx, [rsp + 0x28]; mov rdx, rbx; call [rax + 0x10]
> 0x18001feca : mov r9, [rsi + 0xf0]; mov r8d, [rsi + 0x100]; mov rdx, [rsi + 0xf8]; mov ecx, [rsi]; mov [rsp + 0x20], rbx; call rax
> 0x1800207d1 : mov rbx, [rdi]; mov [rsp + 0x28], eax; mov [rsp + 0x20], dl; lea rdx, [rsp + 0x30]; lea r8, [rsp + 0x48]; mov rcx, rdi; call [rbx + 0x40]
> 0x1800207d2 : mov ebx, [rdi]; mov [rsp + 0x28], eax; mov [rsp + 0x20], dl; lea rdx, [rsp + 0x30]; lea r8, [rsp + 0x48]; mov rcx, rdi; call [rbx + 0x40]

© 2014 - 2019 - Powered by ROPEME | Contact