ROPSHELL 
ropshell> use 64437dd30d82c9f4a201a2a1a730ba1a (download)
name         : sad (x86_64/ELF)
base address : 0x4010e0
total gadgets: 6729

ropshell> suggest "load mem"
> 0x0046ab92 : mov eax, [rcx]; ret
> 0x0046d3fd : movsx eax, [rsi]; neg eax; ret
> 0x00411374 : mov rax, [rdi + 0x68]; ret
> 0x00411375 : mov eax, [rdi + 0x68]; ret
> 0x0041a5c3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00420cf3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00420834 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00410fe5 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0042a300 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0047f271 : mov rsi, [rbx]; call rax
> 0x0043fe0f : mov rdi, [rbp]; call rbx
> 0x0047f272 : mov esi, [rbx]; call rax
> 0x0043fe10 : mov edi, [rbp]; call rbx
> 0x0041f068 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0045e937 : mov eax, [rdx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x004375e0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00480a88 : mov rdx, [r12]; mov rdi, r13; call rbp
> 0x00473e30 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x00473e9c : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x00473e24 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00473e31 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x004518d1 : movzx eax, [rsi + rax]; jmp [rdi + rax*8]
> 0x00427bde : mov ecx, [rbp + 1]; fnstcw [rsi]; jmp r9
> 0x00473e9d : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x00473e25 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0042a294 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0047f3e8 : mov rdx, [rax]; lea rax, [rax + 8]; mov [rcx], rdx; ret
> 0x00460e91 : mov rdi, [r12]; lea r9, [rsp + 0x28]; call rbx
> 0x0047f3e9 : mov edx, [rax]; lea rax, [rax + 8]; mov [rcx], rdx; ret
> 0x00437706 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x004376b4 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0040c1de : mov eax, [rdx + 0x4c]; cmp [rdx + 0x48], eax; cmovne eax, ecx; ret
> 0x0041a5a4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x00440ee9 : mov rax, [rbx]; mov [rip + 0x6e19d], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00440eea : mov eax, [rbx]; mov [rip + 0x6e19d], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00439484 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00439393 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0043ff1d : mov rax, [rdx]; and eax, 1; or rdi, rax; mov [rdx], rdi; pop rbx; pop rbp; ret
> 0x0047623b : mov rax, [r12]; pop rbx; add rax, [rdx + 8]; pop rbp; pop r12; jmp rax
> 0x00480a84 : mov rsi, [r14 + 8]; mov rdx, [r12]; mov rdi, r13; call rbp
> 0x004031f0 : mov eax, [rbp + 8]; sub eax, [rbx + 8]; add rsp, 8; pop rbx; pop rbp; ret
> 0x0045a93b : movzx esi, [rdi + rax]; lea rax, [rip + 0x5177a]; jmp [rax + rsi*8]
> 0x00451a25 : mov rdx, [r15 + 0x20]; mov rdi, r14; sub rdx, rsi; call [rbx + 0x38]
> 0x0045c391 : mov rsi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x0046e575 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0045c392 : mov esi, [rax + 0x18]; movsxd rdx, ebp; mov rdi, rbx; call [r14 + 0x38]
> 0x0047e31a : mov rdx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x0047f240 : mov rdx, [r10]; mov rax, [rsp + 8]; mov [rsp + 0x10], r10; call rax
> 0x0047e951 : mov rdx, [r14]; mov r8, r12; mov rcx, r14; mov esi, 1; mov edi, 1; call rax
> 0x0047e31b : mov edx, [rbp]; mov r8, rbx; mov rcx, rbp; or esi, 2; mov edi, 1; call rax
> 0x0040fc55 : movzx esi, [r12]; lea r15, [r12 + 1]; mov rdi, r14; call [rbx + 0x18]
> 0x0040d4e0 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x0040d4e1 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x0040810d : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp + 8]; call rax
> 0x0040810e : mov esi, [rbp]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp + 8]; call rax
> 0x0045e0e5 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00441039 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x64]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00460fa6 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x0045e0e6 : mov ecx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0044103a : mov edx, [rcx + rdx]; lea rcx, [rip - 0x64]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00440243 : mov rsi, [rax]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r9; mov r15d, r14d; mov rax, [rbp - 0x60]; call rax
> 0x00440244 : mov esi, [rax]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r9; mov r15d, r14d; mov rax, [rbp - 0x60]; call rax
> 0x0040b4f2 : mov rax, [rbp + 0xa0]; mov rdi, rbp; pop rbp; mov rax, [rax + 0xe0]; mov rax, [rax + 0x20]; jmp rax
> 0x0040a71b : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00451a21 : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rdi, r14; sub rdx, rsi; call [rbx + 0x38]
> 0x0046e571 : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0040a71c : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x0045e0dd : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0045e0de : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret

© 2014 - 2019 - Powered by ROPEME | Contact