ROPSHELL 
ropshell> use fd635dde8a2c5df766008b4cc7a113ec (download)
name         : p3 (x86_64/ELF)
base address : 0x4003c0
total gadgets: 13008

ropshell> suggest "load mem"
> 0x0040ecb0 : mov rax, [rsi]; ret
> 0x0043e9a0 : mov rax, [rdi]; ret
> 0x004ce220 : mov eax, [rdx]; ret
> 0x0040ecb1 : mov eax, [rsi]; ret
> 0x0043e9a1 : mov eax, [rdi]; ret
> 0x0041ce25 : mov rax, [rbx]; pop rbx; ret
> 0x0041ce26 : mov eax, [rbx]; pop rbx; ret
> 0x00403490 : mov rax, [rdi + 0x10]; ret
> 0x00403491 : mov eax, [rdi + 0x10]; ret
> 0x004565b0 : mov rax, [rdx]; add rsp, 8; ret
> 0x0048a6a3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0047b903 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00479800 : mov rcx, [rsi]; mov [rdi], rcx; ret
> 0x00491030 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x00456168 : mov rsi, [rbx]; call r14
> 0x004450c6 : mov rdi, [rbx]; call rax
> 0x00497853 : mov rdi, [r12]; call rbp
> 0x00456169 : mov esi, [rbx]; call r14
> 0x004450c7 : mov edi, [rbx]; call rax
> 0x004539b0 : mov rax, [rsi + 0xa8]; add rsp, 8; ret
> 0x004539b1 : mov eax, [rsi + 0xa8]; add rsp, 8; ret
> 0x004781cf : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x004a43b3 : mov rdi, [rbp + 0x18]; call rax
> 0x004a40ba : mov rdi, [r13 + 0x18]; call rax
> 0x004087a0 : mov ecx, [rdi + 0x20]; test ecx, ecx; sete al; ret
> 0x0043f881 : mov edx, [rdi + 0x10]; test r10d, r10d; setg al; ret
> 0x00457116 : mov esi, [rdi + 0x10]; call rbp
> 0x004a40bb : mov edi, [rbp + 0x18]; call rax
> 0x0040f94c : mov rax, [rbp]; call [rax + 0x30]
> 0x0041e19a : mov rcx, [rdi]; call [rcx + 0x40]
> 0x004a84a3 : mov rcx, [r15]; call [rbx]
> 0x00435c00 : mov rdx, [rdi]; call [rdx + 0x28]
> 0x004556c0 : mov rdx, [r12]; mov edi, 1; call rax
> 0x00456f25 : mov rdx, [r13]; mov rdi, rbx; call rbp
> 0x004a0a00 : mov rsi, [rbp]; mov rdi, rbx; call r12
> 0x00469d7b : mov r9, [rax]; call [rbp + 0x18]
> 0x0040f94d : mov eax, [rbp]; call [rax + 0x30]
> 0x00469d7c : mov ecx, [rax]; call [rbp + 0x18]
> 0x004a84a4 : mov ecx, [rdi]; call [rbx]
> 0x00435c01 : mov edx, [rdi]; call [rdx + 0x28]
> 0x00456f26 : mov edx, [rbp]; mov rdi, rbx; call rbp
> 0x004319af : mov esi, [rbp]; call [rax + 0x60]
> 0x004319ae : mov esi, [r13]; call [rax + 0x60]
> 0x004d9c40 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0047997e : mov rcx, [rsi + 0x10]; mov [rdi + 0x10], rcx; ret
> 0x004d9c20 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00479a26 : mov rdx, [rsi + 0x15]; mov [rdi + 0x15], rdx; ret
> 0x004d9c34 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x004d9c41 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x004a1860 : mov eax, [rdx + rax]; shr eax, cl; and eax, 1; ret
> 0x004798bf : mov ecx, [rsi + 0x10]; mov [rdi + 0x10], cx; ret
> 0x004d9c21 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x004df260 : mov r8, [rax]; add rax, 8; mov [rbx], r8; pop rbx; ret
> 0x004c129d : mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x004c1f8d : mov rax, [rdx + 0x140]; call [rax + 0x68]
> 0x004dbb78 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x004457e7 : mov rdx, [rax]; mov rdi, rax; call [rdx + 0x10]
> 0x004ab278 : mov rdx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x004aaeb8 : mov rdx, [r14]; mov rsi, r12; call [rbx + 8]
> 0x004a8b5a : mov rdx, [r15]; mov rsi, rbp; call [r13 + 8]
> 0x004457e8 : mov edx, [rax]; mov rdi, rax; call [rdx + 0x10]
> 0x004ab279 : mov edx, [rbx]; mov rsi, r12; call [rbp + 8]
> 0x00403117 : mov esi, [r12]; mov rdi, rbx; call [rax + 0x68]
> 0x00426ceb : mov esi, [r14]; mov rdi, r15; call [rax + 0x60]
> 0x004cd7f0 : mov rax, [r13 + 0x10]; add rax, [rbx]; call rax
> 0x004cd7f1 : mov eax, [rbp + 0x10]; add rax, [rbx]; call rax
> 0x004a0bec : mov rsi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x004a0bed : mov esi, [rax]; mov rdi, [rbp - 0x40]; call [rbp - 0x48]
> 0x0046a17e : mov rsi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x004d02c1 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0046aca0 : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0046a008 : mov r15, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x0046a17f : mov esi, [rbx + 0x38]; mov rdx, r13; mov rdi, rbx; call rax
> 0x0046a009 : mov edi, [rbx + 0x98]; mov rdi, r15; call [r15 + 0x20]
> 0x0046aca1 : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00446099 : mov rax, [rcx]; mov rcx, [rsp + 0x40]; call [rax + 0x40]
> 0x0042137e : mov rax, [r12]; mov esi, ebx; mov rdi, r12; call [rax + 0x68]
> 0x004c129a : mov rcx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x0042f17e : mov rcx, [rbp]; lea rdx, [rsi + rbx]; call [rax + 0x58]
> 0x00427865 : mov rsi, [rdx]; lea rdx, [rsi + 0xb]; call [r8 + 0x58]
> 0x004c129b : mov ecx, [rdx]; mov eax, [rcx]; add rcx, 4; mov [rdx], rcx; pop rbx; ret
> 0x0042f17f : mov ecx, [rbp]; lea rdx, [rsi + rbx]; call [rax + 0x58]
> 0x00427866 : mov esi, [rdx]; lea rdx, [rsi + 0xb]; call [r8 + 0x58]
> 0x00452994 : mov rax, [rbp + 0x30]; mov [rbx + 0x10], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00436916 : mov rdi, [rbx + 0xc8]; mov rax, [rdi]; call [rax + 0x28]
> 0x0045610d : mov rdi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x004d0952 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0045610e : mov edi, [rdx + 8]; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x0042f5a0 : mov rax, [r14]; mov rdi, r14; mov [rbp - 0x88], ecx; call [rax + 0x30]
> 0x004561a5 : mov rsi, [r15]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x004561a6 : mov esi, [rdi]; mov rdi, [rsp + 8]; mov [rsp], ecx; call r14
> 0x004cd9df : mov rax, [r14 + 0x10]; add rax, [rbx]; mov [rbp - 0xc8], r10; call rax
> 0x0046d8f7 : mov rcx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x00437a0b : mov ecx, [rbx + 0x78]; mov edx, 1; mov rdi, rbx; call [rax + 0x20]
> 0x0046d8f8 : mov ecx, [rdx + 0x10]; cdqe ; add rcx, rax; xor eax, eax; mov [rdx + 8], rcx; ret
> 0x00432335 : mov rcx, [rbx]; xor edx, edx; mov esi, eax; mov rdi, rbx; call [rcx + 0x60]
> 0x0041796b : mov r8, [rbp]; xor edx, edx; movsx esi, al; mov rdi, rbp; call [r8 + 0x40]
> 0x00432336 : mov ecx, [rbx]; xor edx, edx; mov esi, eax; mov rdi, rbx; call [rcx + 0x60]
> 0x00437abd : mov rcx, [rbx + 0xe0]; mov rax, [rdi]; mov rdx, r12; call [rax + 0x38]
> 0x004b026c : mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x0045555d : mov ebx, [rax + 0x48000000]; mov ebp, [rsp + 0x10]; mov rbx, [rsp + 8]; add rsp, 0x18; ret
> 0x004b026d : mov edx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00426ce6 : mov rax, [r15]; xor edx, edx; mov esi, [r14]; mov rdi, r15; call [rax + 0x60]
> 0x004a095e : mov rcx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x004d02bd : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; call r11
> 0x0040f840 : mov r13, [rbx + 0x18]; mov rsi, rbp; lea rdi, [rsp + 0x30]; call [rax + 0x20]
> 0x0040fc2f : mov r13, [rbp + 0x18]; mov rsi, rbx; lea rdi, [rsp + 0x30]; call [rax + 0x20]
> 0x004a095f : mov ecx, [rax + 0x10]; mov [rax + 0x10], rdi; mov [rdi + 8], rcx; mov [rdx], rax; ret
> 0x00406981 : mov ebp, [rcx]; add [rax], al; mov rbx, [rsp + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x004c155e : mov rdx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x004d094e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004c155f : mov edx, [rax + 8]; movsxd rcx, ecx; lea rdx, [rdx + rcx*4]; mov [rax], rdx; xor eax, eax; ret
> 0x004cdde8 : mov r14, [rax]; mov r12, rax; mov [rip + 0x270b4b], rbp; mov rdi, r15; mov [rax], 0; call rbx
> 0x00469d70 : mov rdi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x00426d08 : mov esi, [r14 + 4]; xor edx, edx; mov [rsp + 0x18], r8; mov rdi, r15; call [rax + 0x60]
> 0x00469d71 : mov edi, [rax + 0x38]; mov [rsp], rdi; mov rdi, rbp; mov r9, [rax]; call [rbp + 0x18]
> 0x00439c41 : mov rdx, [rbp + 0x10]; mov rbp, [rsp + 0x10]; mov [rbx + rax], rdx; mov rbx, [rsp + 8]; add rsp, 0x28; ret
> 0x004b0268 : mov rsi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00439c42 : mov edx, [rbp + 0x10]; mov rbp, [rsp + 0x10]; mov [rbx + rax], rdx; mov rbx, [rsp + 8]; add rsp, 0x28; ret
> 0x004b0269 : mov esi, [rcx + 0x18]; mov rdx, [rcx + 0x20]; mov [rbp - 0x670], rcx; sub rdx, rsi; call [rax + 0x38]
> 0x00445942 : mov rdi, [r15]; lea rcx, [rsp + 0x20]; mov rsi, [rsp + 0x10]; mov rax, [rdi]; call [rax + 0x30]
> 0x004b60b9 : mov rax, [r12 + 0xd8]; mov rsi, rdx; mov rdi, r12; mov rdx, r15; test r10d, r10d; cmovne rsi, r14; call [rax + 0x38]
> 0x0043b046 : mov r12, [rbx + 0xd0]; mov rcx, [rbx + 0xe0]; mov rax, [rdi]; mov rdx, r12; sar r8, 2; call [rax + 0x38]
> 0x004d094a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x004d094b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0044613d : mov rdi, [r14]; add rdx, rbp; mov r8, [rsp]; mov rcx, [rsp + 8]; mov rsi, r12; mov rax, [rdi]; call [rax + 0x40]
> 0x0044613e : mov edi, [rsi]; add rdx, rbp; mov r8, [rsp]; mov rcx, [rsp + 8]; mov rsi, r12; mov rax, [rdi]; call [rax + 0x40]
> 0x00437ab5 : mov r8, [rbx + 0x10]; sub r8, [rbx + 8]; mov rcx, [rbx + 0xe0]; mov rax, [rdi]; mov rdx, r12; call [rax + 0x38]
> 0x0040f160 : mov r11, [rdx + 0x10]; mov edx, [rsp + 0x58]; mov [rsp + 8], ecx; mov [rsp], eax; mov rcx, [rsp + 0x28]; call r11
> 0x0040f161 : mov ebx, [rdx + 0x10]; mov edx, [rsp + 0x58]; mov [rsp + 8], ecx; mov [rsp], eax; mov rcx, [rsp + 0x28]; call r11

© 2014 - 2019 - Powered by ROPEME | Contact