ROPSHELL 
ropshell> use a90a0dd472e75a0e34cd6a4b0627a9b1 (download)
name         : main (x86_64/ELF)
base address : 0x401180
total gadgets: 6282

ropshell> suggest "load mem"
> 0x00425c02 : mov eax, [rcx]; ret
> 0x004102a4 : mov rax, [rdi + 0x68]; ret
> 0x004102a5 : mov eax, [rdi + 0x68]; ret
> 0x00446fe9 : mov eax, [rdx]; pop r12; pop rbp; ret
> 0x0044d7e5 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0044dfe5 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0040ff05 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x004592f0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00460e3e : mov rsi, [rbx]; call r13
> 0x00460874 : mov rdi, [rbx]; call r12
> 0x004608b2 : mov rdi, [r13]; call r12
> 0x0046091a : mov rdi, [r14]; call r12
> 0x00459291 : mov edx, [rsi]; mov [rdi], dx; ret
> 0x00460e3f : mov esi, [rbx]; call r13
> 0x00460875 : mov edi, [rbx]; call r12
> 0x0046091b : mov edi, [rsi]; call r12
> 0x004608b3 : mov edi, [rbp]; call r12
> 0x00455d17 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x00457a5f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0047b610 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00460a8c : mov rsi, [rcx]; mov r15, rcx; call rax
> 0x0047b611 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00460a8d : mov esi, [rcx]; mov r15, rcx; call rax
> 0x0042139f : mov rdx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x00445773 : mov rdx, [rdi + 0xa0]; mov [rdx + 0xe0], rcx; ret
> 0x004213a0 : mov edx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x00445774 : mov edx, [rdi + 0xa0]; mov [rdx + 0xe0], rcx; ret
> 0x00460ef8 : mov rsi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00460ef9 : mov esi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x0046184a : mov rax, [rbx]; mov [rip + 0x4a254], rax; pop rbx; pop r12; pop rbp; ret
> 0x00459300 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret
> 0x0047b473 : mov rsi, [r14]; mov rax, [rsp + 0x10]; call rax
> 0x0046184b : mov eax, [rbx]; mov [rip + 0x4a254], rax; pop rbx; pop r12; pop rbp; ret
> 0x0040e822 : movzx esi, [rdi]; mov rdi, r13; call [rax + 0x18]
> 0x0040e821 : movzx esi, [r15]; mov rdi, r13; call [rax + 0x18]
> 0x004642a9 : mov rax, [rbx + 0x10]; add rax, [r12]; call rax
> 0x004642aa : mov eax, [rbx + 0x10]; add rax, [r12]; call rax
> 0x0044955e : mov ecx, [rdx + 0x4c]; cmp [rdx + 0x48], ecx; cmove eax, ecx; ret
> 0x004708f1 : mov rdx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x004708f2 : mov edx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x0040e2b3 : mov rax, [r12 + 0x20]; mov rdi, rbx; pop rbx; pop r12; pop rbp; jmp rax
> 0x00459434 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00459343 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00437574 : mov eax, [r12 + 8]; sub eax, [rbx + 8]; pop rbx; pop r12; pop rbp; ret
> 0x0047a466 : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x0047a467 : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x0042142f : mov rax, [rdx + rax]; mov [rip + 0x8f4ae], rax; lea rax, [rip + 0x8f49f]; ret
> 0x00421430 : mov eax, [rdx + rax]; mov [rip + 0x8f4ae], rax; lea rax, [rip + 0x8f49f]; ret
> 0x004642a6 : mov r14, [rbx]; mov rax, [rbx + 0x10]; add rax, [r12]; call rax
> 0x00447c98 : mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x0046a487 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00447c99 : mov edx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x00474ff0 : mov rdx, [rbx]; pop rbx; movzx edi, r12b; add rdx, [rax + 8]; pop r12; pop rbp; jmp rdx
> 0x0047b4bd : mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0047ab21 : mov rdx, [r13]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x00474ff1 : mov edx, [rbx]; pop rbx; movzx edi, r12b; add rdx, [rax + 8]; pop r12; pop rbp; jmp rdx
> 0x0044890a : mov rdx, [r13 + 0x40]; sub rdx, rsi; mov [rbp - 0xf0], rcx; mov rdi, r13; call rax
> 0x0044890b : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rbp - 0xf0], rcx; mov rdi, r13; call rax
> 0x0043ea78 : mov rsi, [r15]; mov rdi, [r13]; mov rdx, [rbp - 0x38]; mov rax, [rbp - 0x40]; call rax
> 0x00407f5a : movzx esi, [rdi + rax]; lea rax, [rip + 0x9e31b]; mov rax, [rax + rsi*8]; jmp rax
> 0x0047b4ba : mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x00446582 : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00447c94 : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x0046a483 : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00446583 : mov edx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00447c95 : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x00426e31 : mov ecx, [rdx]; add rdx, 8; mov [rax + 0x348], rdx; lea rdx, [rdx + rcx*4]; mov [rax + 0x32c], ecx; mov [rax + 0x340], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact