ROPSHELL 
ropshell> use ad6fe241ce4db2066965f604c6cda4d9 (download)
name         : StartAllBack_3.7.5_setup.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 1041

ropshell> suggest "load mem"
> 0x14000607c : mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x1400017a5 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop r12; ret
> 0x14000607d : mov esi, [rbx + 0x20]; mov rsp, r11; pop rdi; ret
> 0x1400017a6 : mov edi, [rbx + 0x18]; mov rsp, r11; pop r12; ret
> 0x140004258 : mov rdx, [rbx]; call [rax + 8]
> 0x140004259 : mov edx, [rbx]; call [rax + 8]
> 0x140002e3c : mov rax, [rcx + 0x40]; mov rax, [rax + rdx*8]; ret
> 0x140002e3d : mov eax, [rcx + 0x40]; mov rax, [rax + rdx*8]; ret
> 0x140004470 : mov rdx, [rcx]; mov rcx, rax; call [rax + 8]
> 0x140004471 : mov edx, [rcx]; mov rcx, rax; call [rax + 8]
> 0x140005645 : mov rax, [rdi + 0x20]; mov rcx, rax; call [rax]
> 0x1400055e5 : mov rdx, [rbx + 0x38]; mov rcx, rax; call [rax]
> 0x14000849c : mov rdx, [rcx + 0x10]; mov rcx, rax; call [rax + 8]
> 0x140001c8a : mov rdx, [rdi + 0x20]; mov rcx, rbx; call [rbx + 8]
> 0x140006078 : mov rbp, [r11 + 0x18]; mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x140005646 : mov eax, [rdi + 0x20]; mov rcx, rax; call [rax]
> 0x1400055e6 : mov edx, [rbx + 0x38]; mov rcx, rax; call [rax]
> 0x14000849d : mov edx, [rcx + 0x10]; mov rcx, rax; call [rax + 8]
> 0x140001c8b : mov edx, [rdi + 0x20]; mov rcx, rbx; call [rbx + 8]
> 0x140006079 : mov ebp, [rbx + 0x18]; mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x1400042a3 : mov rdx, [r15]; mov rcx, rbx; mov [r14], ebp; call [rbx + 8]
> 0x1400042a4 : mov edx, [rdi]; mov rcx, rbx; mov [r14], ebp; call [rbx + 8]
> 0x140004e5d : mov rax, [rbp + 0x380]; mov rdx, rbx; mov rcx, rax; call [rax]
> 0x140008eef : mov rdx, [rbp + 0x18]; lea rcx, [rsp + 0x78]; call [rbp - 0x80]
> 0x140004e5e : mov eax, [rbp + 0x380]; mov rdx, rbx; mov rcx, rax; call [rax]
> 0x1400039f4 : mov edx, [rsi + 0x60]; mov rcx, r14; shl rdx, 2; call [r14]
> 0x140008ef0 : mov edx, [rbp + 0x18]; lea rcx, [rsp + 0x78]; call [rbp - 0x80]
> 0x1400055e1 : mov rax, [rbx + 0x20]; mov rdx, [rbx + 0x38]; mov rcx, rax; call [rax]
> 0x140006074 : mov rbx, [r11 + 0x10]; mov rbp, [r11 + 0x18]; mov rsi, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x1400055e2 : mov eax, [rbx + 0x20]; mov rdx, [rbx + 0x38]; mov rcx, rax; call [rax]
> 0x140002910 : mov r13, [rbp + 0x7f]; lea rdx, [r14*8 + 8]; mov rcx, r13; call [r13]
> 0x140002e33 : movzx edx, [rax + r9]; add edx, [r8 + r9*4]; mov rax, [rcx + 0x40]; mov rax, [rax + rdx*8]; ret
> 0x140002e2c : mov r8, [rcx + 0x30]; mov r9d, edx; movzx edx, [rax + r9]; add edx, [r8 + r9*4]; mov rax, [rcx + 0x40]; mov rax, [rax + rdx*8]; ret

© 2014 - 2019 - Powered by ROPEME | Contact