ROPSHELL 
ropshell> use f26aedb4eb27d49062e7d33ac89aa02c (download)
name         : reverse (x86_64/ELF)
base address : 0x4003a0
total gadgets: 7396

ropshell> suggest "load mem"
> 0x0045b840 : mov eax, [rdx]; ret
> 0x00458447 : movsx eax, [rsi]; neg eax; ret
> 0x004061b0 : mov rax, [rdi + 0x68]; ret
> 0x004061b1 : mov eax, [rdi + 0x68]; ret
> 0x00480fa0 : mov rax, [rdx]; add rsp, 8; ret
> 0x00480f90 : mov rax, [rsi]; add rsp, 8; ret
> 0x004008f5 : mov eax, [rcx]; add cl, cl; ret
> 0x00440b03 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00410db3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0040eef3 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00406018 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00442240 : mov rcx, [rsi]; mov [rdi], rcx; ret
> 0x00417740 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00480b58 : mov rsi, [rbx]; call r14
> 0x0044d1e1 : mov rdi, [rbx]; call rbp
> 0x0046d863 : mov rdi, [r12]; call rbp
> 0x00480b59 : mov esi, [rbx]; call r14
> 0x0044d1e2 : mov edi, [rbx]; call rbp
> 0x0047e3a0 : mov rax, [rsi + 0xa8]; add rsp, 8; ret
> 0x0047e3a1 : mov eax, [rsi + 0xa8]; add rsp, 8; ret
> 0x00440c1f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0045de63 : mov rdi, [rbp + 0x18]; call rax
> 0x0045db6a : mov rdi, [r13 + 0x18]; call rax
> 0x00481b06 : mov esi, [rdi + 0x10]; call rbp
> 0x0045db6b : mov edi, [rbp + 0x18]; call rax
> 0x00420003 : mov rcx, [r15]; call [rbx]
> 0x004800b0 : mov rdx, [r12]; mov edi, 1; call rax
> 0x00481915 : mov rdx, [r13]; mov rdi, rbx; call rbp
> 0x00453fa0 : mov rsi, [rbp]; mov rdi, rbx; call r12
> 0x004028fb : mov r9, [rax]; call [rbp + 0x18]
> 0x004028fc : mov ecx, [rax]; call [rbp + 0x18]
> 0x00420004 : mov ecx, [rdi]; call [rbx]
> 0x00481916 : mov edx, [rbp]; mov rdi, rbx; call rbp
> 0x00453fa1 : mov esi, [rbp]; mov rdi, rbx; call r12
> 0x00460d90 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x004423be : mov rcx, [rsi + 0x10]; mov [rdi + 0x10], rcx; ret
> 0x00460d70 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00442466 : mov rdx, [rsi + 0x15]; mov [rdi + 0x15], rdx; ret
> 0x00460d84 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00460d91 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x004422ff : mov ecx, [rsi + 0x10]; mov [rdi + 0x10], cx; ret
> 0x00460d71 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00460d85 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00482800 : mov r8, [rax]; add rax, 8; mov [rbx], r8; pop rbx; ret
> 0x0043ed8d : mov rax, [rdx + 0x140]; call [rax + 0x68]
> 0x0043ed8e : mov eax, [rdx + 0x140]; call [rax + 0x68]
> 0x00464238 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x00422dd8 : mov rdx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x00422a18 : mov rdx, [r14]; mov rsi, r12; call [rbx + 8]
> 0x004206ba : mov rdx, [r15]; mov rsi, rbp; call [r13 + 8]
> 0x00464239 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x00422dd9 : mov edx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x004206bb : mov edx, [rdi]; mov rsi, rbp; call [r13 + 8]
> 0x0040653a : movzx esi, [r12]; mov rdi, rbp; call [rax + 0x18]
> 0x0045ae10 : mov rax, [r13 + 0x10]; add rax, [rbx]; call rax
> 0x0045ae11 : mov eax, [rbp + 0x10]; add rax, [rbx]; call rax
> 0x0045418c : mov rsi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x0045418d : mov esi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x00402cfe : mov rsi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x0045ce51 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00403820 : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00402b88 : mov r15, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x00402cff : mov esi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x00402b89 : mov edi, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x00403821 : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0043e09a : mov rcx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x0047fc85 : mov eax, [rbx]; movsxd rax, [r15 + rax*4]; add rax, r15; jmp rax
> 0x0043e09b : mov ecx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x00480afd : mov rdi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x0045e432 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00480afe : mov edi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x00480b95 : mov rsi, [r15]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x00480b96 : mov esi, [rdi]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x0045afff : mov rax, [r14 + 0x10]; add rax, [rbx]; mov [rbp - 0xc8], r10; call rax
> 0x004060d7 : mov rcx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x004060d8 : mov ecx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x00406533 : mov rax, [rbp + 0xd8]; movzx esi, [r12]; mov rdi, rbp; call [rax + 0x18]
> 0x0042ce0c : mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x0047ff4d : mov ebx, [rax + 0x48000000]; mov ebp, [rsp + 0x10]; mov rbx, [rsp + 8]; add rsp, 0x18; ret
> 0x0042ce0d : mov edx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00453efe : mov rcx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x004038ac : mov rcx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; add rsi, 0x58; call [rbp + 0x30]
> 0x0045ce4d : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x00453eff : mov ecx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x004038ad : mov ecx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; add rsi, 0x58; call [rbp + 0x30]
> 0x0045ce4e : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0043e35e : mov rdx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x0045e42e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0043e35f : mov edx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x0041a5bb : mov rax, [rbx]; mov [rip + 0x292333], rax; mov rbx, [rsp + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0045b408 : mov r14, [rax]; mov r12, rax; mov [rip + 0x25438b], rbp; mov rdi, r15; mov [rax], 0; call rbx
> 0x004028f0 : mov rdi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x004028f1 : mov edi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x0042ce08 : mov rsi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00422a0e : mov rdi, [rbx + 0x18]; mov r8, r13; mov rcx, rbp; mov rdx, [r14]; mov rsi, r12; call [rbx + 8]
> 0x0042ce09 : mov esi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00432c59 : mov rax, [r12 + 0xd8]; mov rsi, rdx; mov rdi, r12; mov rdx, r15; test r10d, r10d; cmovne rsi, r14; call [rax + 0x38]
> 0x0045e42a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0045e42b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx

© 2014 - 2019 - Powered by ROPEME | Contact