ROPSHELL 
ropshell> use ad7efaf31af566d1a10706728d08e008 (download)
name         : libhttpd.dll (x86_64/PE)
base address : 0x6ff01000
total gadgets: 3485

ropshell> suggest "load mem"
> 0x6ff183f0 : mov rax, [rcx + 0x10]; ret
> 0x6ff0bb5a : mov eax, [rcx + 0x10]; ret
> 0x6ff03c58 : mov rax, [rcx]; mov [rdx], rax; ret
> 0x6ff03c59 : mov eax, [rcx]; mov [rdx], rax; ret
> 0x6ff0d3d7 : mov rcx, [rax]; mov [rcx + 0x18], rdx; ret
> 0x6ff2ef25 : mov r10, [rcx]; jmp [r10 + 8]
> 0x6ff2c060 : movzx eax, [rdx]; mov [r9 + 0x30], al; ret
> 0x6ff0d3d8 : mov ecx, [rax]; mov [rcx + 0x18], rdx; ret
> 0x6ff2ef26 : mov edx, [rcx]; jmp [r10 + 8]
> 0x6ff3ca07 : mov rcx, [rdx + 8]; call rax
> 0x6ff178f9 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x6ff33681 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
> 0x6ff252ba : mov rbp, [r11 + 0x20]; mov rsp, r11; pop rdi; ret
> 0x6ff3ca08 : mov ecx, [rdx + 8]; call rax
> 0x6ff2e8a6 : movzx ecx, [r10 + 6]; mov [rax], cl; ret
> 0x6ff178fa : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x6ff33682 : mov edi, [rbx + 0x20]; mov rsp, r11; pop r14; ret
> 0x6ff252bb : mov ebp, [rbx + 0x20]; mov rsp, r11; pop rdi; ret
> 0x6ff2f1c3 : mov rax, [rdx + 0x10]; mov [rcx + 0x10], rax; ret
> 0x6ff22fdb : mov rax, [r9 + 8]; mov rbx, [rsp + 8]; ret
> 0x6ff2f1c4 : mov eax, [rdx + 0x10]; mov [rcx + 0x10], rax; ret
> 0x6ff0ee31 : mov eax, [r9 + 8]; sub eax, [rdx + 8]; ret
> 0x6ff2b59a : mov rax, [rdx]; mov rax, [rax + 8]; add rsp, 0xf8; ret
> 0x6ff0ea9e : mov rbx, [r11 + 0x10]; xor eax, eax; mov rsp, r11; pop rdi; ret
> 0x6ff0f26a : mov rcx, [rbx + 0x28]; call [rax + 0x10]
> 0x6ff0f12d : mov rcx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff32388 : mov rcx, [r14 + 0x28]; call [rax + 0x10]
> 0x6ff2ab00 : mov rdx, [rsi + 0x10]; mov rcx, rbp; call rax
> 0x6ff0f26b : mov ecx, [rbx + 0x28]; call [rax + 0x10]
> 0x6ff32389 : mov ecx, [rsi + 0x28]; call [rax + 0x10]
> 0x6ff0f12e : mov ecx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff2ab01 : mov edx, [rsi + 0x10]; mov rcx, rbp; call rax
> 0x6ff05ec3 : mov edx, [rax + 0xc]; xor eax, eax; mov [rcx + 8], edx; ret
> 0x6ff0f205 : mov rax, [rbx + 0x10]; mov rcx, rbx; call [rax + 0x18]
> 0x6ff0f3d7 : mov rax, [rbp + 0x30]; mov rcx, rax; call [rax + 0x30]
> 0x6ff0bf30 : mov rcx, [rax + 0x30]; mov rax, [rcx]; mov rax, [rax + 8]; ret
> 0x6ff2a94e : mov rdx, [rbx + 0x10]; mov r8, rax; mov rcx, rbp; call rdi
> 0x6ff0f206 : mov eax, [rbx + 0x10]; mov rcx, rbx; call [rax + 0x18]
> 0x6ff0f3d8 : mov eax, [rbp + 0x30]; mov rcx, rax; call [rax + 0x30]
> 0x6ff0bf31 : mov ecx, [rax + 0x30]; mov rax, [rcx]; mov rax, [rax + 8]; ret
> 0x6ff2a94f : mov edx, [rbx + 0x10]; mov r8, rax; mov rcx, rbp; call rdi
> 0x6ff2ee63 : mov rax, [r8]; mov rdx, rcx; mov rcx, r8; call [rax + 8]
> 0x6ff2aafc : mov rax, [rsi + 8]; mov rdx, [rsi + 0x10]; mov rcx, rbp; call rax
> 0x6ff0f129 : mov rax, [rdi + 0x10]; mov rcx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff32384 : mov rax, [r14 + 0x10]; mov rcx, [r14 + 0x28]; call [rax + 0x10]
> 0x6ff245b0 : mov rdx, [rdi + 0x18]; lea rcx, [rsp + 0x68]; call [rdi]
> 0x6ff2456d : mov rdx, [r9 + 0x18]; lea rcx, [rsp + 0x68]; call [r9]
> 0x6ff244ad : mov r8, [r9 + 0x18]; mov rcx, r12; mov rdx, r15; mov rbx, r12; call rax
> 0x6ff32385 : mov eax, [rsi + 0x10]; mov rcx, [r14 + 0x28]; call [rax + 0x10]
> 0x6ff0f12a : mov eax, [rdi + 0x10]; mov rcx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff2456e : mov edx, [rcx + 0x18]; lea rcx, [rsp + 0x68]; call [r9]
> 0x6ff245b1 : mov edx, [rdi + 0x18]; lea rcx, [rsp + 0x68]; call [rdi]
> 0x6ff1b712 : mov rax, [rbx]; mov r8, rbp; mov rdx, rsi; mov rcx, rax; call [rax]
> 0x6ff2883e : mov rdx, [rcx]; mov rcx, [rcx + 8]; call [rip + 0x17e95]; xor eax, eax; add rsp, 0x28; ret
> 0x6ff1b713 : mov eax, [rbx]; mov r8, rbp; mov rdx, rsi; mov rcx, rax; call [rax]
> 0x6ff0f1fb : mov rbx, [rax + 8]; mov r9d, 1; mov rax, [rbx + 0x10]; mov rcx, rbx; call [rax + 0x18]
> 0x6ff0f3c8 : mov rcx, [rbp + 0x30]; mov rax, [rcx + 0x10]; mov rcx, [rcx + 0x28]; call [rax + 0x10]
> 0x6ff24518 : mov r8, [rdi + 0x18]; sub rbx, rcx; add r15, rbx; mov rbx, rcx; mov rdx, r15; call [rdi + 8]
> 0x6ff0f1fc : mov ebx, [rax + 8]; mov r9d, 1; mov rax, [rbx + 0x10]; mov rcx, rbx; call [rax + 0x18]
> 0x6ff0f3c9 : mov ecx, [rbp + 0x30]; mov rax, [rcx + 0x10]; mov rcx, [rcx + 0x28]; call [rax + 0x10]
> 0x6ff30eee : mov rax, [r10 + 0x38]; mov ecx, [rax + rdx*8 + 4]; sub ecx, [rax + rdx*8]; mov [r8], ecx; ret
> 0x6ff3f7a7 : mov rcx, [r14]; call [rip + 0xb30]; xor ecx, ecx; mov rbx, rax; call [rip + 0xb2d]; mov [r14], rax; call rbx
> 0x6ff3f7a8 : mov ecx, [rsi]; call [rip + 0xb30]; xor ecx, ecx; mov rbx, rax; call [rip + 0xb2d]; mov [r14], rax; call rbx
> 0x6ff0f122 : mov rax, [rdi]; mov [rax + 8], rcx; mov rax, [rdi + 0x10]; mov rcx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff3237d : mov rax, [r14]; mov [rax + 8], rcx; mov rax, [r14 + 0x10]; mov rcx, [r14 + 0x28]; call [rax + 0x10]
> 0x6ff3237e : mov eax, [rsi]; mov [rax + 8], rcx; mov rax, [r14 + 0x10]; mov rcx, [r14 + 0x28]; call [rax + 0x10]
> 0x6ff0f123 : mov eax, [rdi]; mov [rax + 8], rcx; mov rax, [rdi + 0x10]; mov rcx, [rdi + 0x28]; call [rax + 0x10]
> 0x6ff21340 : mov r8, [rbx + 8]; mov rax, [rbx]; mov [rax + 8], r8; mov rax, [rbx + 0x10]; mov rcx, [rbx + 0x28]; call [rax + 0x10]

© 2014 - 2019 - Powered by ROPEME | Contact