ROPSHELL 
ropshell> use e7c8fcbd0a3f87fa008b20e8e36534e7 (download)
name         : static (x86_64/ELF)
base address : 0x401100
total gadgets: 6443

ropshell> suggest "load mem"
> 0x0042f59a : mov eax, [rcx]; ret
> 0x00450b20 : mov rax, [rdi + 0x68]; ret
> 0x00450b21 : mov eax, [rdi + 0x68]; ret
> 0x004209d3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0041cfe5 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x004507dd : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0045a150 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00428f6e : mov rsi, [rbx]; call r12
> 0x00428be8 : mov rdi, [rbx]; call rbp
> 0x0045a0f1 : mov edx, [rsi]; mov [rdi], dx; ret
> 0x00428f6f : mov esi, [rbx]; call r12
> 0x00428be9 : mov edi, [rbx]; call rbp
> 0x0041f077 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x00420daf : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0044d61b : movzx r8, [rax]; add rsp, 8; pop rbx; pop rbp; ret
> 0x00462157 : mov eax, [rdx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0046d9d0 : mov rdx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x0046d9d1 : mov edx, [rax]; add rax, 8; mov [r8], rdx; ret
> 0x00467188 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x004671fc : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x004113ef : mov rdx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x0046717c : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00467189 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x00415c60 : movzx eax, [rsi + rax]; jmp [rdi + rax*8]
> 0x004671fd : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x004113f0 : mov edx, [rcx + rdx]; mov [rax + 8], rdx; ret
> 0x0046717d : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00429003 : mov rsi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00429004 : mov esi, [rax]; mov rdi, [rbp - 0x50]; call r15
> 0x00464c81 : mov rcx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x0045a160 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret
> 0x0046d833 : mov rsi, [r14]; mov rax, [rsp + 0x10]; call rax
> 0x00464c82 : mov ecx, [rax]; mov [rdx], rcx; mov [rax + 0x10], 0; ret
> 0x004295b5 : mov rax, [rbx]; mov [rip + 0x75139], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00463fe1 : mov rdx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x004295b6 : mov eax, [rbx]; mov [rip + 0x75139], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00463fe2 : mov edx, [rdi]; add rdx, [rax + 0x10]; mov [rsi + 0x18], rdx; ret
> 0x0045a294 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0045a1a3 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x004329fd : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x004329fe : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00467902 : mov rax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x0046c7f6 : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x00428ceb : mov rdx, [r11]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x00467903 : mov eax, [rbp]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x00428cec : mov edx, [rbx]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret
> 0x0046c7f7 : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; mov edi, 1; call rax
> 0x0041147f : mov rax, [rdx + rax]; mov [rip + 0x9294e], rax; lea rax, [rip + 0x9293f]; ret
> 0x0044caa1 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x00443eb2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00411480 : mov eax, [rdx + rax]; mov [rip + 0x9294e], rax; lea rax, [rip + 0x9293f]; ret
> 0x0044caa2 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x00444227 : mov rdi, [r15]; mov rdx, [rsp]; mov rax, [rsp + 8]; call rax
> 0x00461cd6 : mov rax, [r12 + 0x18]; mov esi, ebp; mov rdi, rbx; pop rbx; pop rbp; pop r12; jmp rax
> 0x0046d87d : mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0046ceb1 : mov rdx, [r13]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x0044f57c : movzx esi, [r12]; lea r15, [r12 + 1]; mov rdi, r14; call [rbx + 0x18]
> 0x0046785a : mov rdx, [rbx]; add rdx, [rax + 8]; add rsp, 8; movzx edi, bpl; pop rbx; pop rbp; jmp rdx
> 0x004329f9 : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0044a71f : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x004329fa : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00443eae : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046d87a : mov rsi, [r9]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0046d87b : mov esi, [rcx]; mov rdx, [r12]; mov rdi, [rsp + 8]; mov rax, [rsp + 0x10]; call rax
> 0x0046196e : mov rdx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00449fe1 : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x0046196f : mov edx, [rax + 0x10]; punpckhqdq xmm0, xmm0; mov [rax + 0x10], rcx; mov [rax + 0x40], rdx; movups xmm[rax], xmm0; ret
> 0x00449fe2 : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r14 + 0x70]
> 0x00443eaa : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00443eab : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004326f1 : mov ecx, [rdx]; add rdx, 8; mov [rax + 0x328], rdx; lea rdx, [rdx + rcx*4]; mov [rax + 0x30c], ecx; mov [rax + 0x320], rdx; ret

© 2014 - 2019 - Powered by ROPEME | Contact