ROPSHELL 
ropshell> use 896ac8fcc686ae5b022f9e4db7d49841 (download)
name         : shitorrent (x86_64/ELF)
base address : 0x4004d0
total gadgets: 9959

ropshell> suggest "load mem"
> 0x00407150 : mov rax, [rdi]; ret
> 0x0042ec50 : movzx eax, [rdx]; ret
> 0x00407151 : mov eax, [rdi]; ret
> 0x004085b3 : mov rax, [rbx]; pop rbx; ret
> 0x004085b4 : mov eax, [rbx]; pop rbx; ret
> 0x0041a621 : mov rax, [rsi + 0x10]; ret
> 0x0040ae09 : mov rax, [rdi + 0x10]; ret
> 0x0049a7cc : mov eax, [rdx + 4]; ret
> 0x0041a622 : mov eax, [rsi + 0x10]; ret
> 0x0040ae0a : mov eax, [rdi + 0x10]; ret
> 0x00448003 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00447b43 : movzx edx, [rsi]; sub eax, edx; ret
> 0x004515d0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0041a24f : mov rdx, [rbp]; call r12
> 0x0041a204 : mov rsi, [r14]; call r12
> 0x0046681d : mov rdi, [rbx]; call r12
> 0x00466843 : mov rdi, [rbp]; call r12
> 0x0048fdf9 : mov rdi, [r12]; call rbp
> 0x0046741b : mov rdi, [r13]; call r12
> 0x00407258 : movzx eax, [rsi]; mov [rdi], al; ret
> 0x0041a250 : mov edx, [rbp]; call r12
> 0x0046681e : mov edi, [rbx]; call r12
> 0x00466844 : mov edi, [rbp]; call r12
> 0x004462b8 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0040a0d0 : mov rax, [rsi]; cmp [rdi], rax; sete al; ret
> 0x0040b034 : mov rdx, [rdi]; lea rax, [rdx + rax - 1]; ret
> 0x0040b035 : mov edx, [rdi]; lea rax, [rdx + rax - 1]; ret
> 0x00429cd3 : mov rdi, [rax + 0x20]; call rdx
> 0x00429cd4 : mov edi, [rax + 0x20]; call rdx
> 0x0045e4a0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00419388 : mov rdx, [r12]; mov edi, 1; call rax
> 0x0041b138 : mov rdx, [r15]; mov rdi, r13; call r14
> 0x0045e521 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x004a0f28 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x004a0f08 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x004a0f1c : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x004a0f29 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x004a0f09 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x004a0f1d : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0040b27c : mov rax, [rbp]; add rsp, 8; add rax, rbx; pop rbx; pop rbp; ret
> 0x0040b27d : mov eax, [rbp]; add rsp, 8; add rax, rbx; pop rbx; pop rbp; ret
> 0x0048ce2c : mov edx, [rax]; add rsp, 8; mov eax, edx; pop rbx; pop rbp; ret
> 0x0042c700 : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x0042c701 : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x004a2d6e : mov rax, [r12]; add rax, [rdx + 8]; call rax
> 0x00451564 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00406bb3 : mov rdx, [rax]; mov rdi, rax; call [rdx + 0x10]
> 0x00466cc0 : mov rsi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0041b35a : mov rsi, [r15]; mov rdi, [rsp + 0x10]; call r14
> 0x004033d8 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; ret
> 0x00466cc1 : mov esi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0041b35b : mov esi, [rdi]; mov rdi, [rsp + 0x10]; call r14
> 0x0045e5c6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00498ce5 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x0045e574 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0048df7b : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x00441c64 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x00419307 : mov rax, [rdx]; mov [rbx + 0x98], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00466d58 : mov rsi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x00466d59 : mov esi, [rax]; mov rdi, [rbp - 0x58]; mov r12d, r14d; call r15
> 0x00460344 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00460253 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0042dd1a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0042fd88 : mov rbp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x0042cf78 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0042d1c5 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0042dd1b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0042fd89 : mov ebp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x0040861e : mov rdx, [rbx]; mov [rbp], rdx; add rsp, 8; mov rax, rbp; pop rbx; pop rbp; ret
> 0x0040861f : mov edx, [rbx]; mov [rbp], rdx; add rsp, 8; mov rax, rbp; pop rbx; pop rbp; ret
> 0x004326f4 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0041b134 : mov rsi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x004326f5 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0041b135 : mov esi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x004988ce : mov r15, [rbx]; mov rax, [rbx + 0x10]; add rax, [r14]; call rax
> 0x0042d717 : mov rcx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x0049e7d3 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0042d718 : mov ecx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00432c51 : movzx esi, [r14]; mov rdi, r12; lea r15, [r14 + 1]; call [rbx + 0x18]
> 0x0047a15c : mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x0048cad1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00468ad5 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00468ad6 : mov edx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00485696 : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x0046d6b6 : movsx r9, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret
> 0x0049e7cf : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0048813e : movzx ecx, [rdi + rax]; lea rax, [rip + 0x24f837]; mov rax, [rax + rcx*8]; mov ecx, 1; jmp rax
> 0x0049e7d0 : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0047a158 : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x00490059 : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x00485692 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8d0]; sub rdx, rsi; sar rdx, 2; call [rbx + 0x38]
> 0x0048cac9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0048caca : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0046d6af : movsx rcx, [rdx + 0x19]; mov [rax + 0x4c], ecx; movsx ecx, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact