ROPSHELL 
ropshell> use 817013214ac1029758fc86d209b5d741 (download)
name         : assign6 (x86_64/ELF)
base address : 0x9380
total gadgets: 8106

ropshell> suggest "load mem"
> 0x000a5992 : mov eax, [rcx]; ret
> 0x00024aa4 : mov rax, [rdi + 0x68]; ret
> 0x00024aa5 : mov eax, [rdi + 0x68]; ret
> 0x0002ccf4 : mov eax, [rdx]; add bh, dh; ret 0
> 0x0002f243 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00035d18 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x000354e4 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00024715 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0003e280 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000c019d : mov rsi, [r14]; call rax
> 0x0005c773 : mov rdi, [rbp]; call rbx
> 0x0005c7a5 : mov rdi, [r12]; call rbx
> 0x0005c803 : mov rdi, [r13]; call rbx
> 0x0005c774 : mov edi, [rbp]; call rbx
> 0x000364f8 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x00033ce8 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0004b5c0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x000c0300 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x000c199e : mov rdx, [r14]; mov rdi, r12; call rbp
> 0x000c0301 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x000b82c0 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x000b832c : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0005e4bf : mov rdx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x000b82b4 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x000b82c1 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0003bb5e : mov ecx, [rbp + 1]; fnstcw [rsi]; jmp r9
> 0x00084159 : movzx edx, [rax + rdx]; jmp [rcx + rdx*8]
> 0x000b832d : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x0005e4c0 : mov edx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x000b82b5 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x000b4a76 : mov rcx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x0003e214 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0005cd6f : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x000b4a77 : mov ecx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x0005cd70 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x0004b6e6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0004b694 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0001f15e : mov eax, [rdx + 0x4c]; cmp [rdx + 0x48], eax; cmovne eax, ecx; ret
> 0x0005de39 : mov rax, [rbx]; mov [rip + 0x99235], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x000b3c31 : mov rdx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x0005f960 : mov rdx, [r10]; mov [rax + 0x50], 1; mov [rax + 0x48], rdx; ret
> 0x000bcd81 : mov eax, [rbx]; add [rax], al; mov rax, [rsp]; add rsp, 0x38; ret
> 0x000b3c32 : mov edx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x000b426e : mov rax, [rbp + 8]; mov [rip + 0x419b7], rax; pop rbx; pop rbp; pop r12; ret
> 0x0004d464 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0004d373 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x000a9c4d : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x000b10e5 : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x000b426f : mov eax, [rbp + 8]; mov [rip + 0x419b7], rax; pop rbx; pop rbp; pop r12; ret
> 0x000a9c4e : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x000b29eb : mov rax, [r12]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x0005e54f : mov rax, [rdx + rax]; mov [rip + 0x9edf6], rax; lea rax, [rip + 0x9ede7]; ret
> 0x000c199a : mov rsi, [r15 + 8]; mov rdx, [r14]; mov rdi, r12; call rbp
> 0x0005ce38 : mov rsi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x000a7b2e : mov r15, [rbx]; mov rax, [rbx + 0x10]; add rax, [r12]; call rax
> 0x0005ce39 : mov esi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x000a7b2f : mov edi, [rbx]; mov rax, [rbx + 0x10]; add rax, [r12]; call rax
> 0x00071185 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000c0193 : mov rdx, [rbx]; mov rax, [rsp]; mov rdi, r15; mov rsi, [r14]; call rax
> 0x000bf268 : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x00012a60 : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x000c0194 : mov edx, [rbx]; mov rax, [rsp]; mov rdi, r15; mov rsi, [r14]; call rax
> 0x000bf269 : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x00012a61 : mov esi, [rbp]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x00023326 : movzx esi, [r14]; lea r15, [r14 + 1]; mov rdi, r12; call [rbx + 0x18]
> 0x000a9c49 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00020298 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, rbp; call rax
> 0x0001dc9f : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x000572a2 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x000a9c4a : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00020299 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, rbp; call rax
> 0x0008d0c2 : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x0001d5a5 : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00071181 : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0001d5a6 : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00057088 : mov rdi, [r14]; lea rsi, [rsp + 0x20]; push 1; xor r8d, r8d; push 0; lea r9, [rsp + 0x18]; call r13
> 0x00057089 : mov edi, [rsi]; lea rsi, [rsp + 0x20]; push 1; xor r8d, r8d; push 0; lea r9, [rsp + 0x18]; call r13

© 2014 - 2019 - Powered by ROPEME | Contact