ROPSHELL 
ropshell> use ec0cbdf5854bff24b533e2536a486eec (download)
name         : fiestaFTP.bak.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 3739

ropshell> suggest "load mem"
> 0x14004e364 : mov rax, [rcx]; ret
> 0x14004e365 : mov eax, [rcx]; ret
> 0x14003e36b : movzx eax, [r8]; ret
> 0x14004b279 : mov rax, [rcx + 0x40]; ret
> 0x1400467e0 : mov eax, [rcx + 0x20]; ret
> 0x14000c5e0 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x14003e333 : mov rcx, [rax]; movzx eax, [rcx]; ret
> 0x14000c5e1 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x14003e334 : mov ecx, [rax]; movzx eax, [rcx]; ret
> 0x140014018 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x140006c41 : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x140032b11 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x140014019 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x140006c42 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x14002d2fa : mov rax, [rbp]; call [rax + 0x18]
> 0x14002d2fb : mov eax, [rbp]; call [rax + 0x18]
> 0x14000db70 : mov rax, [rdx + 0x20]; call [rax]
> 0x14002b3d7 : mov rax, [rbp + 0x20]; call [rax]
> 0x14000de2e : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1400336d3 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x14000db71 : mov eax, [rdx + 0x20]; call [rax]
> 0x14002b3d8 : mov eax, [rbp + 0x20]; call [rax]
> 0x140012e45 : movzx ecx, [rax + 2]; call [rip + 0x77a11]; add rsp, 0x48; ret
> 0x14000de2f : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x140009202 : mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x14001bcfe : mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x140010887 : mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x1400106cc : mov rax, [r13]; mov rcx, r13; call [rax + 8]
> 0x1400412c4 : mov rdx, [rdi]; mov rcx, rdi; call [rdx + 8]
> 0x140009203 : mov eax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x14001bcff : mov eax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x140010888 : mov eax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x1400412c5 : mov edx, [rdi]; mov rcx, rdi; call [rdx + 8]
> 0x14002b353 : mov rax, [rbx + 0x10]; mov rcx, rbx; call [rax]
> 0x14002ca14 : mov rax, [rdi + 0x10]; mov rcx, rdi; call [rax]
> 0x14000aae1 : mov rax, [r8 + 0x10];  inc [rax + 0x30]; mov [rcx + 0x18], rcx; ret
> 0x14002c6f1 : mov rax, [r14 + 0x10]; mov rcx, r14; call [rax]
> 0x14002d280 : mov rax, [r15 + 0x10]; mov rcx, r15; call [rax]
> 0x140006c3d : mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x140017473 : movsxd rcx, [rax + 4]; add rcx, rbx; call [r8]
> 0x14001327b : mov rdi, [rbp + 0xc0]; lea rsp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
> 0x14002b354 : mov eax, [rbx + 0x10]; mov rcx, rbx; call [rax]
> 0x14002c6f2 : mov eax, [rsi + 0x10]; mov rcx, r14; call [rax]
> 0x14002d281 : mov eax, [rdi + 0x10]; mov rcx, r15; call [rax]
> 0x14001327c : mov edi, [rbp + 0xc0]; lea rsp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
> 0x1400201d4 : mov r8, [rax]; mov edx, 1; mov rcx, rax; call [r8]
> 0x14000d880 : mov r8, [r14]; mov edx, 1; mov rcx, r14; call [r8]
> 0x140020812 : mov rax, [r9 + 0x80]; mov [r10 + 0x80], rax; mov rax, r10; add rsp, 0x28; ret
> 0x140006a00 : mov rdx, [rcx + 8]; lea rax, [rip + 0x6063d]; test rdx, rdx; cmovne rax, rdx; ret
> 0x140006a01 : mov edx, [rcx + 8]; lea rax, [rip + 0x6063d]; test rdx, rdx; cmovne rax, rdx; ret
> 0x14001c657 : mov rbx, [rcx + 0x28]; mov rax, [rcx + 0x10]; call [rax + 0x18]
> 0x14001c658 : mov ebx, [rcx + 0x28]; mov rax, [rcx + 0x10]; call [rax + 0x18]
> 0x14003f39a : mov rcx, [rsi]; mov rax, [rcx]; lea rdx, [rbp - 0x19]; call [rax + 0x20]
> 0x140040c86 : mov rcx, [r12]; mov rax, [rcx]; lea rdx, [rbp - 0x20]; call [rax + 0x20]
> 0x1400157ea : mov r8, [rsi]; mov edx, 1; mov rcx, rsi; mov ebx, eax; call [r8]
> 0x14003f39b : mov ecx, [rsi]; mov rax, [rcx]; lea rdx, [rbp - 0x19]; call [rax + 0x20]
> 0x14003eba3 : movsxd r8, [rax + 4]; movzx eax, [rdx]; mov [r8 + rcx + 0x58], al; mov rax, rcx; ret
> 0x140042e9a : mov rcx, [rdi]; mov rax, [rcx]; lea rdx, [rbp + 7]; call [rax + 0x20]
> 0x140042e9b : mov ecx, [rdi]; mov rax, [rcx]; lea rdx, [rbp + 7]; call [rax + 0x20]
> 0x14000b22b : mov rax, [rsi + 0x20]; lea rdx, [rbp + 0x77]; mov rcx, rsi; call [rax + 0x10]
> 0x14002d2f2 : mov rbx, [rbp + 0x18]; lea rcx, [rbp - 0x10]; mov rax, [rbp]; call [rax + 0x18]
> 0x14000955a : mov rbx, [r8 + 0x28]; mov rax, [r8 + 0x10]; mov rcx, r8; call [rax + 0x18]
> 0x140013274 : mov rsi, [rbp + 0xb8]; mov rdi, [rbp + 0xc0]; lea rsp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
> 0x14000955b : mov ebx, [rax + 0x28]; mov rax, [r8 + 0x10]; mov rcx, r8; call [rax + 0x18]
> 0x14002d2f3 : mov ebx, [rbp + 0x18]; lea rcx, [rbp - 0x10]; mov rax, [rbp]; call [rax + 0x18]
> 0x140013275 : mov esi, [rbp + 0xb8]; mov rdi, [rbp + 0xc0]; lea rsp, [rbp + 0x90]; pop r15; pop r14; pop rbp; ret
> 0x140042792 : mov rbx, [rax]; mov [rax], r15; mov rax, [rcx]; mov edx, 1; call [rax]
> 0x140042537 : mov rdi, [rax]; mov [rax], rbp; mov rax, [rcx]; mov edx, 1; call [rax]
> 0x140042793 : mov ebx, [rax]; mov [rax], r15; mov rax, [rcx]; mov edx, 1; call [rax]
> 0x140042538 : mov edi, [rax]; mov [rax], rbp; mov rax, [rcx]; mov edx, 1; call [rax]
> 0x140015f95 : mov rbx, [rdi + 0x10]; mov rax, [rdi]; mov edx, 1; mov rcx, rdi; call [rax]
> 0x140015f96 : mov ebx, [rdi + 0x10]; mov rax, [rdi]; mov edx, 1; mov rcx, rdi; call [rax]
> 0x14001294f : mov ecx, [rbp + 0x67]; lea r8, [rbp - 0x49]; mov rdx, rdi; mov rcx, rbx; call [rdi + 0x28]
> 0x1400151a4 : mov rcx, [rbp + 0x18]; mov rax, [rcx]; mov r8d, ebx; lea rdx, [rbp + 0x20]; call [rax + 0x10]
> 0x140008055 : mov rcx, [r14 + 8]; mov rax, [rcx]; mov r8d, [r14]; lea rdx, [rsp + 0x38]; call [rax + 0x10]
> 0x140008056 : mov ecx, [rsi + 8]; mov rax, [rcx]; mov r8d, [r14]; lea rdx, [rsp + 0x38]; call [rax + 0x10]

© 2014 - 2019 - Powered by ROPEME | Contact