Free Online ROP Gadgets Search

ropshell> use b048b7afe3d28bf4578140ad22c91fde (download)
name         : OWExplorer.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 3058

ropshell> suggest "load mem"
> 0x180003a67 : mov rax, [rcx]; ret
> 0x180003a68 : mov eax, [rcx]; ret
> 0x180029d86 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1800069ec : mov rcx, [rax]; movzx eax, [rcx]; ret
> 0x18001b128 : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x1800069ed : mov ecx, [rax]; movzx eax, [rcx]; ret
> 0x18002b592 : mov eax, [rcx + 0x18]; add rsp, 0x28; ret
> 0x18000fb4b : mov rax, [rcx + 0x50]; mov [rax], r8d; ret
> 0x18000a790 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18001aee6 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x1800394f2 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x18000a791 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x18001aee7 : mov edi, [rbx + 0x20]; mov rsp, r11; pop rbp; ret
> 0x180005e42 : mov rdx, [rcx]; call [rdx + 8]
> 0x180005e43 : mov edx, [rcx]; call [rdx + 8]
> 0x180006f73 : movzx edx, [rsi]; call [rax + 0x18]
> 0x18000b2d4 : movzx edx, [rbp]; call [rax + 0x18]
> 0x180007944 : movzx edx, [r12]; call [rax + 0x60]
> 0x18001afb0 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18003ce9a : mov rcx, [rbp + 0x58]; call [rbp + 0x60]
> 0x1800110f2 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x18003ce9b : mov ecx, [rbp + 0x58]; call [rbp + 0x60]
> 0x1800110f3 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x180019700 : mov rax, [rbx]; mov r9, [rip + 0x27e26]; call r9
> 0x18002b5a6 : mov rax, [rdx]; mov [rax], cl; inc [rdx]; movzx eax, cl; ret
> 0x18000b38e : mov rax, [rsi]; mov rcx, rsi; call [rax + 0x38]
> 0x1800055a5 : mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x18000fac0 : mov rax, [r14]; mov rcx, r14; call [rax + 0x10]
> 0x1800076cc : mov rdx, [rbx]; mov rcx, rbx; call [rdx + 0x10]
> 0x18000b8e6 : mov rdx, [rdi]; mov rcx, rdi; call [rdx + 0x10]
> 0x18000787d : mov rdx, [r14]; mov rcx, r14; call [rdx + 0x10]
> 0x180019701 : mov eax, [rbx]; mov r9, [rip + 0x27e26]; call r9
> 0x18002b5a7 : mov eax, [rdx]; mov [rax], cl; inc [rdx]; movzx eax, cl; ret
> 0x18000fac1 : mov eax, [rsi]; mov rcx, r14; call [rax + 0x10]
> 0x1800055a6 : mov eax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x1800076cd : mov edx, [rbx]; mov rcx, rbx; call [rdx + 0x10]
> 0x18000b8e7 : mov edx, [rdi]; mov rcx, rdi; call [rdx + 0x10]
> 0x18000add3 : mov rax, [r8 + 0x38]; mov rcx, [rax]; movzx eax, [rcx]; ret
> 0x1800069e8 : mov rax, [r9 + 0x38]; mov rcx, [rax]; movzx eax, [rcx]; ret
> 0x180016822 : mov r8, [rcx]; cmp rcx, rbx; setne dl; call [r8 + 0x20]
> 0x18000a78c : mov rbx, [r11 + 0x10]; mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x180006e78 : movsxd rdx, [rax + 4]; lea r8d, [rdx - 0x10]; mov [rdx + rcx - 0x14], r8d; ret
> 0x180031c67 : mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x180018bb3 : mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18001b133 : movzx eax, [rdx + 2]; mov [rax], cx; mov [rax + 2], r8b; ret
> 0x18001b1e3 : mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x180007988 : mov rax, [r8]; movzx edx, r9w; mov rcx, r8; call [rax + 0x18]
> 0x180006d96 : mov r8, [rax]; mov edx, 1; mov rcx, rax; call [r8]
> 0x180005e26 : mov rcx, [rbx + 0x1c78]; mov rax, [rcx]; call [rax + 8]
> 0x18001b7b4 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x18001afac : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x180003f10 : mov rdx, [rcx + 8]; lea rax, [rip + 0x4e115]; test rdx, rdx; cmovne rax, rdx; ret
> 0x180005e27 : mov ecx, [rbx + 0x1c78]; mov rax, [rcx]; call [rax + 8]
> 0x180003f11 : mov edx, [rcx + 8]; lea rax, [rip + 0x4e115]; test rdx, rdx; cmovne rax, rdx; ret
> 0x180014354 : mov rax, [rbx + 8]; lea rcx, [rbx + 8]; call [rax + 8]
> 0x180006e45 : movsxd rcx, [rax + 4]; lea edx, [rcx - 0x18]; mov [rcx + r9 - 0x24], edx; add rsp, 0x18; ret
> 0x180014355 : mov eax, [rbx + 8]; lea rcx, [rbx + 8]; call [rax + 8]
> 0x18001b1e0 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x180018baf : mov rdi, [rbp + 0x40]; mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18003297d : mov edx, [rax + 0x10]; mov ecx, ebx; mov rax, rsi; mov r8, [rip + 0xeba4]; call r8
> 0x180005e28 : mov edi, [rax + 0x1c]; add [rax], al; mov rax, [rcx]; call [rax + 8]
> 0x180018bb0 : mov edi, [rbp + 0x40]; mov r13, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18000769d : mov rbx, [rax + 8]; mov [rsp + 0x30], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x18000b8ab : mov rdi, [rax + 8]; mov [rsp + 0x38], rdi; mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x18000fa84 : mov r14, [rax + 8]; mov [rsp + 0x38], r14; mov rax, [r14]; mov rcx, r14; call [rax + 8]
> 0x18000769e : mov ebx, [rax + 8]; mov [rsp + 0x30], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x18000fa85 : mov esi, [rax + 8]; mov [rsp + 0x38], r14; mov rax, [r14]; mov rcx, r14; call [rax + 8]
> 0x18001afa4 : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x18000fedf : movsxd rax, [rdx + 4]; mov rcx, [rax + rsi + 0x48]; mov rax, [rcx]; mov r8, r14; mov rdx, r12; call [rax + 0x48]
> 0x180007699 : mov rax, [rsi + 0x40]; mov rbx, [rax + 8]; mov [rsp + 0x30], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x18000fa80 : mov rax, [rdi + 0x60]; mov r14, [rax + 8]; mov [rsp + 0x38], r14; mov rax, [r14]; mov rcx, r14; call [rax + 8]
> 0x18000769a : mov eax, [rsi + 0x40]; mov rbx, [rax + 8]; mov [rsp + 0x30], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x18000fa81 : mov eax, [rdi + 0x60]; mov r14, [rax + 8]; mov [rsp + 0x38], r14; mov rax, [r14]; mov rcx, r14; call [rax + 8]
> 0x18000fedc : mov rdx, [rsi]; movsxd rax, [rdx + 4]; mov rcx, [rax + rsi + 0x48]; mov rax, [rcx]; mov r8, r14; mov rdx, r12; call [rax + 0x48]