ROPSHELL 
ropshell> use 2430a226abc3e296d3c8468997fa83fe (download)
name         : onewrite-390417ba15a4e5ad7ea0507a21e7dc1ef03eb1805750a0e786f2066a68445786 (x86_64/ELF)
base address : 0x82e0
total gadgets: 7492

ropshell> suggest "load mem"
> 0x00076bfa : mov eax, [rcx]; ret
> 0x000852b7 : mov rax, [rsi + 0x10]; ret
> 0x000845a0 : mov rax, [rdi + 0x90]; ret
> 0x000852b8 : mov eax, [rsi + 0x10]; ret
> 0x000845a1 : mov eax, [rdi + 0x90]; ret
> 0x00022453 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x000287d3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00028313 : movzx edx, [rsi]; sub eax, edx; ret
> 0x00031da0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0008514a : mov rsi, [rbx]; call r14
> 0x000471df : mov rdi, [rbx]; call rbp
> 0x0006cdb9 : mov rdi, [r12]; call rbp
> 0x0008514b : mov esi, [rbx]; call r14
> 0x000471e0 : mov edi, [rbx]; call rbp
> 0x00026a88 : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0003ec70 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0008646d : mov rdx, [r13]; mov rdi, rbp; call r12
> 0x0008646e : mov edx, [rbp]; mov rdi, rbp; call r12
> 0x0001152b : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x0001152c : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x0007e6cc : mov rax, [r12]; add rax, [rdx + 8]; call rax
> 0x00031d34 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0008511e : mov rdx, [r9]; mov [rsp + 0x10], r9; call r14
> 0x0008424d : mov rdx, [r12]; or esi, 2; mov edi, 1; call rax
> 0x0000e97c : mov rdi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x00082238 : mov r11, [rax]; lea rax, [rax + 8]; mov [rcx], r11; ret
> 0x00082239 : mov ebx, [rax]; lea rax, [rax + 8]; mov [rcx], r11; ret
> 0x0008511f : mov edx, [rcx]; mov [rsp + 0x10], r9; call r14
> 0x00017175 : movzx esi, [r14]; mov rdi, r12; call [rbx + 0x18]
> 0x0000e97d : mov edi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x00074900 : mov rax, [rbx + 0x10]; add rax, [r14]; call rax
> 0x0003ed96 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x000751b3 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x00074901 : mov eax, [rbx + 0x10]; add rax, [r14]; call rax
> 0x0003ed44 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00022434 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x00040b14 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00040a23 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00012d4a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00011e18 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x000119fd : mov r9, [rdx + 8]; mov rdx, r12; call [rbp + 0x18]
> 0x0001206d : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x000119fe : mov ecx, [rdx + 8]; mov rdx, r12; call [rbp + 0x18]
> 0x00012d4b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0001206e : mov ebp, [rdi + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x000126aa : mov r9, [rax]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x000126ab : mov ecx, [rax]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x0007a4c2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x000660c3 : movzx esi, [rdi + rax]; lea rax, [rip + 0x248eb2]; jmp [rax + rsi*8]
> 0x0000e979 : mov rsi, [r14]; mov rdi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x00012d7f : mov rdx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00011e55 : mov rdx, [r15 + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00083df8 : mov eax, [r12 + 8]; movsxd rax, [r13 + rax*4]; add rax, r13; jmp rax
> 0x00012d80 : mov edx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00011e56 : mov edx, [rdi + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00047671 : mov rsi, [rax]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r10; mov r15d, r12d; call r14
> 0x00047672 : mov esi, [rax]; mov rdi, [rbp - 0x58]; mov [rbp - 0x50], r10; mov r15d, r12d; call r14
> 0x00057cac : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x000486e5 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x0006cf95 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x000486e6 : mov edx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x0007a4be : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00012d7b : mov rcx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00011e51 : mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x0001181a : mov rsi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r15 + 0x70]
> 0x00012d7c : mov ecx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00011e52 : mov ecx, [rdi + 0x10]; mov rdx, [r15 + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x0001181b : mov esi, [rbx + 0x10]; mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [r15 + 0x70]
> 0x00057ca8 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x8a8]; sub rdx, rsi; call [rbx + 0x38]
> 0x0001147e : mov rbp, [rdi + 0x98]; mov rax, fs:[0x28]; mov [rsp + 8], rax; xor eax, eax; mov rdi, rbp; call [rbp + 0x20]
> 0x0007a4ba : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00073c6d : mov edx, [rax]; add rax, 8; mov [rdi + 0x308], rax; lea rax, [rax + rdx*4]; mov [rdi + 0x2ec], edx; mov [rdi + 0x300], rax; ret
> 0x00012d6c : mov rdx, [rax + 0x60]; mov [rax + 0x58], rdx; mov rax, [rbx + 0xa0]; mov rcx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]
> 0x00012d6d : mov edx, [rax + 0x60]; mov [rax + 0x58], rdx; mov rax, [rbx + 0xa0]; mov rcx, [rbx + 0x10]; mov rdx, [rbx + 0x18]; lea rsi, [rax + 0x58]; call [rbp + 0x30]

© 2014 - 2019 - Powered by ROPEME | Contact