ROPSHELL 
ropshell> use 36354d9b5b0a58a4b9a19103852c00a2 (download)
name         : msvcrt.dll (x86_64/PE)
base address : 0x110101000
total gadgets: 2579

ropshell> suggest "load mem"
> 0x110112790 : mov eax, [rcx + 0x14]; ret
> 0x11015e436 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x11013dd7c : mov rax, [rcx]; mov rax, [rax - 8]; ret
> 0x11013dd7d : mov eax, [rcx]; mov rax, [rax - 8]; ret
> 0x110114260 : mov rax, [rdx]; cmp [rcx], rax; sete al; ret
> 0x110114261 : mov eax, [rdx]; cmp [rcx], rax; sete al; ret
> 0x11012894e : mov rax, [rcx + 0x158];  inc [rax + 0x160]; ret
> 0x11012a82b : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x11011282b : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
> 0x1101123d2 : mov r14, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x11012a82c : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x11011282c : mov edi, [rbx + 0x20]; mov rsp, r11; pop r14; ret
> 0x11010c3dd : mov rax, [r9]; mov [r8], rax; mov rax, r8; ret
> 0x11010ac08 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x110114293 : mov r8, [rcx]; mov [rcx], rax; mov [rdx], r8; ret
> 0x1101153a6 : mov rdi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x110108110 : mov rbp, [r11 + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x11011018d : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x11010f2d1 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x1101153a7 : mov edi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x110108111 : mov ebp, [rbx + 0x30]; mov rsp, r11; pop r14; pop rdi; pop rsi; ret
> 0x1101731fc : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1101731fd : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x11012a827 : mov rbx, [r11 + 0x10]; mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x110112b44 : movsxd rdx, [r8 + 0x1c]; mov rax, [rcx]; mov [rdx + rax], r9d; ret
> 0x11015c1c0 : mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x11015d0b4 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x11010ac04 : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x11010ff37 : movsxd rdx, [rcx + 0x18]; mov rax, [rcx + 0x10]; mov al, [rax + rdx - 1]; ret
> 0x11015d0b5 : mov ecx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x11011539f : mov rsi, [rbp + 0xf0]; mov rdi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x11012ae5c : mov edx, [rdi + 0xb0]; mov ecx, ebx; mov r8, [rip + 0x4c5f5]; call r8
> 0x1101153a0 : mov esi, [rbp + 0xf0]; mov rdi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x1101731f9 : mov edx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x110115398 : mov rbx, [rbp + 0xe8]; mov rsi, [rbp + 0xf0]; mov rdi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x110115399 : mov ebx, [rbp + 0xe8]; mov rsi, [rbp + 0xf0]; mov rdi, [rbp + 0xf8]; lea rsp, [rbp + 0xd0]; pop rbp; ret
> 0x11010abfc : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret

© 2014 - 2019 - Powered by ROPEME | Contact