ROPSHELL 
ropshell> use b3a5e819e3cf9834a6b33c606fc50289 (download)
name         : dbghelp.dll (x86_64/PE)
base address : 0x103001000
total gadgets: 10616

ropshell> suggest "load mem"
> 0x1030e0ea0 : mov eax, [rcx]; ret
> 0x1031210f9 : mov eax, [rdx]; ret
> 0x1030d2990 : mov rax, [rcx + 0x100]; ret
> 0x1030d2991 : mov eax, [rcx + 0x100]; ret
> 0x10307ed7c : mov eax, [rdx + 0x1c]; ret
> 0x1030b532b : movzx eax, [r8]; add eax, 4; ret
> 0x103156c35 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1030f63f9 : mov ecx, [rax]; mov [rdx], ecx; ret
> 0x10300d1eb : mov rbx, [r11 + 0x10]; mov rsp, r11; pop rbp; ret
> 0x10300854f : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x103087f39 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x10301d1b3 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x103113a9e : mov r12, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x10301aa0d : mov r14, [r11 + 0x28]; mov rsp, r11; pop r15; ret
> 0x1030ccbe5 : mov eax, [r9 + 0x18]; mov [r8], eax; ret
> 0x10308881a : mov ecx, [rax + 8]; mov [r8], ecx; ret
> 0x1030ccb65 : mov ecx, [rdx + 0xc]; mov [rax], ecx; ret
> 0x1030ccb64 : mov ecx, [r10 + 0xc]; mov [rax], ecx; ret
> 0x103008550 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x103087f3a : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x10301d1b4 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop rdi; ret
> 0x1030b0522 : mov ebx, [rax + 0x4c000b05]; add ecx, ebx; jmp r9
> 0x10302e495 : mov ebp, [rax + 0x4c000000]; cmovb edx, eax; mov rax, r10; ret
> 0x10307cdc3 : mov rax, [rdx]; mov [rcx + 8], rax; mov rax, rcx; ret
> 0x103050f4f : mov rcx, [rax + 0x38]; xor eax, eax; mov [rdx], rcx; ret
> 0x10313016e : mov ecx, [r8 + 0xa]; mov [r9], ecx; mov eax, r10d; ret
> 0x103042545 : mov edx, [rcx + 0x18]; cmp edx, [rcx + 0x1c]; setae al; ret
> 0x10301af90 : mov rax, [rbx]; mov r9, [rip + 0x14ee7e]; call r9
> 0x10301af91 : mov eax, [rbx]; mov r9, [rip + 0x14ee7e]; call r9
> 0x10307ffda : mov rax, [rdx + 0x20]; mov [rcx + 0x20], rax; mov rax, rcx; ret
> 0x103019163 : mov rax, [r8 + 0x20]; mov [rdx + 0x10], rax; mov rax, rdx; ret
> 0x1030f4c7f : mov rax, [r10 + 0x20]; mov [rax + 8], ecx; mov al, 1; ret
> 0x10302a8ec : mov eax, [rbx + 0x14]; sub eax, [r8]; mov [r9], eax; ret
> 0x10314cabf : mov eax, [r8 + 0x20]; mov [r10 + 0x3ac], eax; xor eax, eax; ret
> 0x10302a8eb : mov eax, [r11 + 0x14]; sub eax, [r8]; mov [r9], eax; ret
> 0x103111d50 : mov rcx, [r8 + 0x32c]; sub rcx, [rdx + 0x32c]; test rcx, rcx; sete al; ret
> 0x1031530fb : movsxd rdx, [rcx + 8]; mov [r8], rdx; mov eax, r10d; add rsp, 0x28; ret
> 0x103046d87 : mov rax, [rcx]; mov rax, [rax + 0x100]; call [rip + 0x123081]; add rsp, 0x38; ret
> 0x1030591c6 : mov r8, [rcx + 0x40]; mov dl, 1; test dl, dl; mov [r9], r8; sete al; ret
> 0x1030d3f54 : mov rax, [r10]; mov rcx, r10; mov rax, [rax + 0x60]; call [rip + 0x95eb4]; add rsp, 0x38; ret
> 0x103133393 : mov rcx, [rdx + 0x110]; mov [r8], rcx; inc [rdx + 0x128]; mov [rdx + 0x110], r8; ret
> 0x103059140 : mov rdx, [r8 + 0x88]; mov al, 1; test al, al; mov [r9], rdx; sete cl; mov eax, ecx; ret
> 0x103059141 : mov edx, [rax + 0x88]; mov al, 1; test al, al; mov [r9], rdx; sete cl; mov eax, ecx; ret
> 0x10300f30c : mov r9, [r10 + 0x20]; mov eax, edx; lea rax, [rax + rax*2]; shl rax, 4; add rax, r9; ret
> 0x1030fa6ca : movzx edx, [r8 + 2]; shl edx, cl; lea eax, [rdx + rdx]; cdqe ; add rax, 6; add rax, r8; ret
> 0x103086d02 : mov rdx, [r10 + 0x80]; mov rax, [rcx]; mov rax, [rax + 0x18]; call [rip + 0xe3102]; add rsp, 0x58; ret
> 0x1030ba7ba : movzx edx, [r10 + 0x10]; mov rax, [rcx]; mov rax, [rax + 0x28]; call [rip + 0xaf64c]; add rsp, 0x38; ret
> 0x103151efd : mov rax, [rbx + 0x30]; mov rbx, [rsp + 8]; mov rdi, [rsp + 0x10]; mov [r11 + 0x80], rax; xor eax, eax; ret
> 0x103086f00 : mov rcx, [r10 + 0x70]; mov rdx, [r10 + 0xa8]; mov rax, [rcx]; mov rax, [rax + 0x18]; call [rip + 0xe2f00]; add rsp, 0x58; ret
> 0x1030590c2 : mov rdx, [rax + 0x20]; mov rax, [rcx + 0x18]; mov ecx, [rax + 0x34]; xor eax, eax; add rcx, [rdx + 8]; mov [r8], rcx; ret
> 0x10306baa5 : mov edx, [rcx]; lea eax, [rdx*4 - 4]; add r8d, [rax + r9 + 8]; lea eax, [r10*8]; add rax, r9; mov eax, [rax + r8*4 + 8]; ret

© 2014 - 2019 - Powered by ROPEME | Contact