ROPSHELL 
ropshell> use f26aedb4eb27d49062e7d33ac89aa02c (download)
name         : reverse (x86_64/RAW)
base address : 0x0
total gadgets: 8527

ropshell> suggest "load mem"
> 0x0005b840 : mov eax, [rdx]; ret
> 0x00058447 : movsx eax, [rsi]; neg eax; ret
> 0x000061b0 : mov rax, [rdi + 0x68]; ret
> 0x000061b1 : mov eax, [rdi + 0x68]; ret
> 0x00080fa0 : mov rax, [rdx]; add rsp, 8; ret
> 0x00080f90 : mov rax, [rsi]; add rsp, 8; ret
> 0x000008f5 : mov eax, [rcx]; add cl, cl; ret
> 0x00040b03 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00010db3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0000eef3 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00006018 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00042240 : mov rcx, [rsi]; mov [rdi], rcx; ret
> 0x00017740 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00080b58 : mov rsi, [rbx]; call r14
> 0x0004d1e1 : mov rdi, [rbx]; call rbp
> 0x0006d863 : mov rdi, [r12]; call rbp
> 0x00080b59 : mov esi, [rbx]; call r14
> 0x0004d1e2 : mov edi, [rbx]; call rbp
> 0x0007e3a0 : mov rax, [rsi + 0xa8]; add rsp, 8; ret
> 0x0007e3a1 : mov eax, [rsi + 0xa8]; add rsp, 8; ret
> 0x00040c1f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0005de63 : mov rdi, [rbp + 0x18]; call rax
> 0x0005db6a : mov rdi, [r13 + 0x18]; call rax
> 0x00081b06 : mov esi, [rdi + 0x10]; call rbp
> 0x0005db6b : mov edi, [rbp + 0x18]; call rax
> 0x00020003 : mov rcx, [r15]; call [rbx]
> 0x000800b0 : mov rdx, [r12]; mov edi, 1; call rax
> 0x00081915 : mov rdx, [r13]; mov rdi, rbx; call rbp
> 0x00053fa0 : mov rsi, [rbp]; mov rdi, rbx; call r12
> 0x000028fb : mov r9, [rax]; call [rbp + 0x18]
> 0x000028fc : mov ecx, [rax]; call [rbp + 0x18]
> 0x00020004 : mov ecx, [rdi]; call [rbx]
> 0x00081916 : mov edx, [rbp]; mov rdi, rbx; call rbp
> 0x00053fa1 : mov esi, [rbp]; mov rdi, rbx; call r12
> 0x00060d90 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x000423be : mov rcx, [rsi + 0x10]; mov [rdi + 0x10], rcx; ret
> 0x00060d70 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00042466 : mov rdx, [rsi + 0x15]; mov [rdi + 0x15], rdx; ret
> 0x00060d84 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00060d91 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x000422ff : mov ecx, [rsi + 0x10]; mov [rdi + 0x10], cx; ret
> 0x00060d71 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00060d85 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00082800 : mov r8, [rax]; add rax, 8; mov [rbx], r8; pop rbx; ret
> 0x0003ed8d : mov rax, [rdx + 0x140]; call [rax + 0x68]
> 0x0003ed8e : mov eax, [rdx + 0x140]; call [rax + 0x68]
> 0x00064238 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x00022dd8 : mov rdx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x00022a18 : mov rdx, [r14]; mov rsi, r12; call [rbx + 8]
> 0x000206ba : mov rdx, [r15]; mov rsi, rbp; call [r13 + 8]
> 0x00064239 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x00022dd9 : mov edx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x000206bb : mov edx, [rdi]; mov rsi, rbp; call [r13 + 8]
> 0x0000653a : movzx esi, [r12]; mov rdi, rbp; call [rax + 0x18]
> 0x0005ae10 : mov rax, [r13 + 0x10]; add rax, [rbx]; call rax
> 0x0005ae11 : mov eax, [rbp + 0x10]; add rax, [rbx]; call rax
> 0x0005418c : mov rsi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x0005418d : mov esi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x00002cfe : mov rsi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x0005ce51 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00003820 : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00002b88 : mov r15, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x00002cff : mov esi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x00002b89 : mov edi, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x00003821 : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0003e09a : mov rcx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x0007fc85 : mov eax, [rbx]; movsxd rax, [r15 + rax*4]; add rax, r15; jmp rax
> 0x0003e09b : mov ecx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x00080afd : mov rdi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x0005e432 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00080afe : mov edi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x00080b95 : mov rsi, [r15]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x00080b96 : mov esi, [rdi]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x0005afff : mov rax, [r14 + 0x10]; add rax, [rbx]; mov [rbp - 0xc8], r10; call rax
> 0x000060d7 : mov rcx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x000060d8 : mov ecx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x00006533 : mov rax, [rbp + 0xd8]; movzx esi, [r12]; mov rdi, rbp; call [rax + 0x18]
> 0x0002ce0c : mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x0007ff4d : mov ebx, [rax + 0x48000000]; mov ebp, [rsp + 0x10]; mov rbx, [rsp + 8]; add rsp, 0x18; ret
> 0x0002ce0d : mov edx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00053efe : mov rcx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x000038ac : mov rcx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; add rsi, 0x58; call [rbp + 0x30]
> 0x0005ce4d : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00053eff : mov ecx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x000038ad : mov ecx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; add rsi, 0x58; call [rbp + 0x30]
> 0x0005ce4e : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0003e35e : mov rdx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x0005e42e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0003e35f : mov edx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x0001a5bb : mov rax, [rbx]; mov [rip + 0x292333], rax; mov rbx, [rsp + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0005b408 : mov r14, [rax]; mov r12, rax; mov [rip + 0x25438b], rbp; mov rdi, r15; mov [rax], 0; call rbx
> 0x000028f0 : mov rdi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x000028f1 : mov edi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x0002ce08 : mov rsi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00022a0e : mov rdi, [rbx + 0x18]; mov r8, r13; mov rcx, rbp; mov rdx, [r14]; mov rsi, r12; call [rbx + 8]
> 0x0002ce09 : mov esi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00032c59 : mov rax, [r12 + 0xd8]; mov rsi, rdx; mov rdi, r12; mov rdx, r15; test r10d, r10d; cmovne rsi, r14; call [rax + 0x38]
> 0x0005e42a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0005e42b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx

© 2014 - 2019 - Powered by ROPEME | Contact