ROPSHELL 
ropshell> use e6fd50af1a7bf70228eb67c5f325570c (download)
name         : libc-2.32-11.mga8.x86_64_2.so (x86_64/ELF)
base address : 0x26330
total gadgets: 18180

ropshell> suggest "load mem"
> 0x00073afc : mov eax, [rdx]; ret
> 0x000c0bb0 : mov eax, [rdi]; ret
> 0x00116520 : mov rax, [rdx + rax]; ret
> 0x0007fbb0 : mov rax, [rdi + 0x68]; ret
> 0x000df601 : mov eax, [rdx + 8]; ret
> 0x000de710 : mov eax, [rdi + 0x14]; ret
> 0x00152813 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00094123 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0007f8ad : mov rax, [rdi]; mov [rdx], rax; ret
> 0x000e085e : mov rcx, [rax]; call r11
> 0x00027dd5 : mov rdx, [rax]; call rbp
> 0x0009e6f0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000f29df : mov rdi, [rbp]; call rbx
> 0x000e085f : mov ecx, [rax]; call r11
> 0x00027dd6 : mov edx, [rax]; call rbp
> 0x000f29e0 : mov edi, [rbp]; call rbx
> 0x0014ba1f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0007c83b : movzx r8, [rax]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00089558 : mov rdi, [rbx + 0x48]; call rax
> 0x00089559 : mov edi, [rbx + 0x48]; call rax
> 0x00144120 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0009b226 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x0011f4e0 : mov eax, [r8]; mov [rdx], eax; mov eax, 1; ret
> 0x0003bf35 : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret
> 0x000ec249 : mov rax, [r13 + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x000c4db3 : mov rdx, [rdi + 0x18]; mov [rdi + 0x18], rdx; ret
> 0x000ec24a : mov eax, [rbp + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x000c4db4 : mov edx, [rdi + 0x18]; mov [rdi + 0x18], rdx; ret
> 0x000e06e2 : mov rdx, [r12]; mov rax, [rbp - 0x1b8]; call rax
> 0x000e6df0 : mov eax, [rsi]; mov [rdi + 0x108], eax; xor eax, eax; ret
> 0x0007a4a4 : mov rax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x000eca68 : mov rax, [rsi + 0x28]; cmp [rdi + 0x28], rax; sete al; ret
> 0x0011b462 : mov rax, [rbp + 8]; call [rax + 0x20]
> 0x001226c4 : mov rax, [r15 + 0x60]; call [rax + 8]
> 0x0007a487 : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x00080d27 : mov rdx, [rbx + 0x28]; and [rdx + 0x10], rcx; pop rbx; ret
> 0x001020a3 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0007a4a5 : mov eax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x000eca69 : mov eax, [rsi + 0x28]; cmp [rdi + 0x28], rax; sete al; ret
> 0x0007a488 : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x00080d28 : mov edx, [rbx + 0x28]; and [rdx + 0x10], rcx; pop rbx; ret
> 0x001020a4 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0011f588 : mov rax, [rdx]; bswap eax; mov [r8 + 0xb4], eax; mov eax, 1; ret
> 0x00121c80 : mov rax, [r8]; bswap eax; mov [rdi + 0x54], eax; mov eax, 1; ret
> 0x0013b594 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x000f674f : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x000f2d57 : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x000a46c1 : mov rdi, [r12]; lea r9, [rsp + 0x28]; call rbx
> 0x000f6750 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x000f2d58 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x00144246 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x000e085a : mov r8, [rax + 8]; mov rcx, [rax]; call r11
> 0x00049b82 : mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0009b2a9 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0011f4cd : movzx eax, [r8 + 0x88]; mov [rdx + 0x6c], ax; mov eax, 1; ret
> 0x00049b83 : mov ecx, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00091c24 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x0003bf75 : mov rax, [rsi]; and rax, [rdx]; mov [rdi], rax; xor eax, eax; ret
> 0x0012dfd4 : mov rdx, [rcx]; add rdx, [rax + 8]; mov rax, rdx; add rsp, 0x28; ret
> 0x0012dfd5 : mov edx, [rcx]; add rdx, [rax + 8]; mov rax, rdx; add rsp, 0x28; ret
> 0x00123893 : mov rax, [r8 + 0x38]; mov rdi, r8; call [rax + 0x20]
> 0x0011ae28 : mov rax, [r12 + 8]; mov rdi, r12; call [rax + 0x20]
> 0x0012220c : mov rax, [r14 + 0x70]; mov rdi, rbp; call [rax + 0x20]
> 0x0009e834 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0009e743 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x000807f7 : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x001226a6 : mov esi, [rdi + 0x88]; mov rdi, rbx; call [rax + 0x28]
> 0x001226a5 : mov esi, [r15 + 0x88]; mov rdi, rbx; call [rax + 0x28]
> 0x00124fa0 : mov rax, [rbx]; mov [rbp + 8], rax; mov eax, 1; pop rbx; pop rbp; pop r12; ret
> 0x00118c01 : mov rdx, [r15]; mov r8, rbx; mov rcx, r14; mov rdi, r13; call r12
> 0x00111afa : mov rsi, [rbp]; add rbx, rsi; mov [rbp], rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0011f844 : mov rdi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x0012315d : mov rdi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x00124fa1 : mov eax, [rbx]; mov [rbp + 8], rax; mov eax, 1; pop rbx; pop rbp; pop r12; ret
> 0x00111afb : mov esi, [rbp]; add rbx, rsi; mov [rbp], rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0011f845 : mov edi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x0012315e : mov edi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x00102d0e : mov edx, [rcx + 0x18]; mov [rbp - 0x80], edx; mov rdx, r12; call rax
> 0x00102acb : mov edx, [r12 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r13; call rax
> 0x0006f348 : mov rsi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x0011c724 : mov rsi, [rbx + 0x10]; mov rdx, r12; mov rdi, r14; call [rax + 0x10]
> 0x0012e1a6 : mov r8, [rbx + 0x10]; call [rax + 0x270]; mov [rbx], rax; pop rax; pop rdx; pop rbx; ret
> 0x0003b2c3 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000cd455 : movzx eax, [r9 + rax]; mov [rdi + 8], 1; mov [rdi], al; mov eax, 1; ret
> 0x000daebf : movzx edx, [r15 + 0x30]; movsxd rdx, [r14 + rdx*4]; add rdx, r14; jmp rdx
> 0x0006f349 : mov esi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x0011c725 : mov esi, [rbx + 0x10]; mov rdx, r12; mov rdi, r14; call [rax + 0x10]
> 0x000f927d : mov rcx, [r8]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xba0ee], 0; ret
> 0x0007e784 : movzx esi, [rdi]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18]
> 0x0007e783 : movzx esi, [r15]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18]
> 0x000787a7 : mov rcx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x0007bf50 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x00120f5a : mov rsi, [r8 + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x00049b7e : mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000787a8 : mov ecx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x0007bf51 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x0003cacd : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp + 8]; call rax
> 0x00075231 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00077237 : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x00075232 : mov ecx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x000f2df3 : mov rsi, [rax]; mov rdi, [rbp - 0x48]; mov [rbp - 0x40], r9; mov r15d, r14d; mov rax, [rbp - 0x50]; call rax
> 0x000f2df4 : mov esi, [rax]; mov rdi, [rbp - 0x48]; mov [rbp - 0x40], r9; mov r15d, r14d; mov rax, [rbp - 0x50]; call rax
> 0x000a47fd : mov rdi, [rbp + 0x10]; push 1; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x0003b2bf : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000b7b07 : mov eax, [r15 + 0x10]; lea rdx, [rip + 0xc4342]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x0006812c : movzx ecx, [rdi + rax]; lea rax, [rip + 0x112049]; movsxd rax, [rax + rcx*4]; add rax, rsi; jmp rax
> 0x000a47fe : mov edi, [rbp + 0x10]; push 1; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x000a49aa : mov rdi, [r15]; lea rsi, [rsp + 0x20]; push 1; xor r8d, r8d; push 0; lea r9, [rsp + 0x20]; call r13
> 0x000d823e : mov rbp, [r12]; movzx eax, [rax + 8]; mov rdx, rax; movsxd rax, [rbx + rax*4]; add rax, rbx; jmp rax
> 0x00049b77 : mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00102d06 : mov rdx, [rcx + 0x38]; mov [rbp - 0x70], rdx; mov edx, [rcx + 0x18]; mov [rbp - 0x80], edx; mov rdx, r12; call rax
> 0x00102ac2 : mov rdx, [r12 + 0x38]; mov [rbp - 0x70], rdx; mov edx, [r12 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r13; call rax
> 0x00089dc1 : mov edi, [rsi]; add [rbp + 0x19], dh; test [rcx + 0x95], 2; lea rax, [rip + 0x6a3b]; lea rdx, [rip + 0xa7124]; cmovne rax, rdx; ret
> 0x000b46b7 : mov r12, [rsi]; lea rbp, [rsp + 0x58]; mov [rsp + 0x48], rsi; mov rsi, rdx; mov [rsp + 0x58], r12; mov rdi, rbp; call rbx
> 0x00049ea6 : mov rsi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00049ea7 : mov esi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x001253c6 : mov rbp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]
> 0x001253c7 : mov ebp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]

© 2014 - 2019 - Powered by ROPEME | Contact