ROPSHELL 
ropshell> use f4f9fc355b6c729eeb4d69186e0ba93e (download)
name         : msiexec.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 1272

ropshell> suggest "load mem"
> 0x140004c72 : mov rsi, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x14000a602 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r15; ret
> 0x140002b55 : mov r14, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x140002b56 : mov esi, [rbx + 0x20]; mov rsp, r11; pop rbp; ret
> 0x14000a603 : mov edi, [rbx + 0x20]; mov rsp, r11; pop r15; ret
> 0x140004dbb : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1400046d0 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x140004dbc : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x140004c6e : mov rbx, [r11 + 0x20]; mov rsi, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x14000873f : mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0x7cc4]; mov rcx, rdi; call rbx
> 0x14000827b : mov rsi, [rax + 0x10]; mov rcx, rsi; call [rip + 0x8188]; mov rcx, rbx; call rsi
> 0x140008543 : mov rdi, [rax + 0x10]; mov rcx, rdi; call [rip + 0x7ec0]; mov rcx, rbx; call rdi
> 0x140008740 : mov ebx, [rax + 0x10]; mov rcx, rbx; call [rip + 0x7cc4]; mov rcx, rdi; call rbx
> 0x14000827c : mov esi, [rax + 0x10]; mov rcx, rsi; call [rip + 0x8188]; mov rcx, rbx; call rsi
> 0x140008544 : mov edi, [rax + 0x10]; mov rcx, rdi; call [rip + 0x7ec0]; mov rcx, rbx; call rdi
> 0x140008540 : mov rax, [rbx]; mov rdi, [rax + 0x10]; mov rcx, rdi; call [rip + 0x7ec0]; mov rcx, rbx; call rdi
> 0x140003a82 : mov rax, [rsi]; mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0xc97e]; mov rcx, rsi; call rbx
> 0x14000873c : mov rax, [rdi]; mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0x7cc4]; mov rcx, rdi; call rbx
> 0x140008255 : mov rax, [r12]; mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0x81aa]; mov rcx, r12; call rbx
> 0x140008541 : mov eax, [rbx]; mov rdi, [rax + 0x10]; mov rcx, rdi; call [rip + 0x7ec0]; mov rcx, rbx; call rdi
> 0x140003a83 : mov eax, [rsi]; mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0xc97e]; mov rcx, rsi; call rbx
> 0x14000873d : mov eax, [rdi]; mov rbx, [rax + 0x10]; mov rcx, rbx; call [rip + 0x7cc4]; mov rcx, rdi; call rbx
> 0x140008379 : mov rsi, [rax]; mov rcx, rsi; call [rip + 0x808b]; lea r8, [rbp - 0x78]; lea rdx, [rip - 0x63a8]; mov rcx, rbx; call rsi
> 0x14000837a : mov esi, [rax]; mov rcx, rsi; call [rip + 0x808b]; lea r8, [rbp - 0x78]; lea rdx, [rip - 0x63a8]; mov rcx, rbx; call rsi
> 0x140008238 : mov rbx, [rax]; mov rcx, rbx; call [rip + 0x81cc]; lea r8, [rsp + 0x78]; lea rdx, [rip - 0x61d0]; mov rcx, r12; call rbx
> 0x140008239 : mov ebx, [rax]; mov rcx, rbx; call [rip + 0x81cc]; lea r8, [rsp + 0x78]; lea rdx, [rip - 0x61d0]; mov rcx, r12; call rbx

© 2014 - 2019 - Powered by ROPEME | Contact