ROPSHELL 
ropshell> use 3b45f44a4cf31f07d3417e66ffd6e6e2 (download)
name         : AudioPluginDissonance.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6582

ropshell> suggest "load mem"
> 0x180002f77 : mov rax, [rcx]; ret
> 0x180002f78 : mov eax, [rcx]; ret
> 0x18000296b : movzx eax, [r8]; ret
> 0x18005b770 : mov rax, [rcx + 0x120]; ret
> 0x180054e80 : mov eax, [rcx + 0x10]; ret
> 0x18008d27a : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1800029a8 : mov rcx, [rax]; movzx eax, [rcx]; ret
> 0x18007ffbd : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x180004c5d : mov eax, [rdi]; add [rax - 0x75], cl; ret
> 0x1800029a9 : mov ecx, [rax]; movzx eax, [rcx]; ret
> 0x18004a91b : mov rax, [rdx]; mov [rcx + 0x1f0], rax; ret
> 0x18003ec0f : mov eax, [rdx]; mov [rcx + 0x100], eax; ret
> 0x180024baa : mov rdx, [rax + 0x110]; call rdx
> 0x180003b7c : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800145cf : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18007f248 : mov rbp, [r11 + 0x18]; mov rsp, r11; pop r14; ret
> 0x180024bab : mov edx, [rax + 0x110]; call rdx
> 0x180003b7d : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800145d0 : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18007f249 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop r14; ret
> 0x180024327 : mov rax, [rdi]; call [rax + 0x20]
> 0x180060755 : mov rdx, [rax]; call [rdx + 0x18]
> 0x18003f7b4 : mov rdx, [rcx]; call [rdx + 0x28]
> 0x180024365 : mov r8, [rax]; call [r8 + 0x10]
> 0x18007bec5 : mov edx, [rax]; add [rax], al; add rsp, 0x28; ret
> 0x18003f7b5 : mov edx, [rcx]; call [rdx + 0x28]
> 0x180002da4 : movzx edx, [rbp]; call [rax + 0x18]
> 0x18007f924 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x180046599 : mov eax, [rdx + 0xfc]; mov [r10 + 0x100], eax; ret
> 0x180046598 : mov eax, [r10 + 0xfc]; mov [r10 + 0x100], eax; ret
> 0x18000ce75 : mov rdx, [r12 + 0x90]; call [r10 + 8]
> 0x1800267c7 : mov rdi, [rbp + 0x28]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x18005c0c7 : mov r8, [rcx + 8]; mov cl, 0x45; call rax
> 0x180024736 : movzx edx, [rbp + 0x60]; call [r8 + 0x20]
> 0x1800267c8 : mov edi, [rbp + 0x28]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x18007e3b0 : mov rax, [rbx]; mov r9, [rip + 0x26f06]; call r9
> 0x180005069 : mov rax, [rsi]; mov rcx, rsi; call [rax + 0x10]
> 0x18003f788 : mov rax, [r9]; mov rcx, r9; call [rax + 0x38]
> 0x18005ae5d : mov rax, [r14]; mov rcx, r14; call [rax + 0x30]
> 0x1800056a7 : mov rax, [r15]; mov rcx, r15; call [rax + 0x10]
> 0x180004a52 : mov rdx, [rbx]; mov rcx, rbx; call [rdx + 0x10]
> 0x180003dbc : mov rdx, [rsi]; mov rcx, rsi; call [rdx + 0x10]
> 0x18000addf : mov rdx, [rdi]; mov rcx, rdi; call [rdx + 0x10]
> 0x18005add3 : mov rdx, [r14]; mov rcx, r14; call [rdx + 0x30]
> 0x180024462 : mov r8, [rcx]; mov edx, 1; call [r8]
> 0x180024bbb : mov r9, [rax]; xor edx, edx; call [r9]
> 0x18007e3b1 : mov eax, [rbx]; mov r9, [rip + 0x26f06]; call r9
> 0x18005ae5e : mov eax, [rsi]; mov rcx, r14; call [rax + 0x30]
> 0x180004a53 : mov edx, [rbx]; mov rcx, rbx; call [rdx + 0x10]
> 0x18005add4 : mov edx, [rsi]; mov rcx, r14; call [rdx + 0x30]
> 0x18000ade0 : mov edx, [rdi]; mov rcx, rdi; call [rdx + 0x10]
> 0x180055271 : mov rcx, [rbx]; mov rax, [rcx]; call [rax + 0x20]
> 0x18003f7f6 : mov rsi, [r14]; mov rax, [rcx]; call [rax + 0x30]
> 0x180078762 : mov r9, [rbx]; mov rax, [rcx]; call [rax + 8]
> 0x180055272 : mov ecx, [rbx]; mov rax, [rcx]; call [rax + 0x20]
> 0x1800145cb : mov rbx, [r11 + 0x10]; mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x18007d287 : mov r12, [rbp + 0x48]; lea rsp, [rbp + 0x10]; pop r15; pop r14; pop rbp; ret
> 0x18005b01c : mov eax, [rsi + 0x1e8]; mov edx, 0xa; call [rax + 0x10]
> 0x18007ff96 : mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x18006662e : mov edx, [rsi + 0x14]; mov rcx, r14; call [rax + 0x10]
> 0x18006662d : mov edx, [r14 + 0x14]; mov rcx, r14; call [rax + 0x10]
> 0x1800427e8 : mov rax, [r13]; mov rdx, r15; mov rcx, r13; call [rax + 0x10]
> 0x1800427e9 : mov eax, [rbp]; mov rdx, r15; mov rcx, r13; call [rax + 0x10]
> 0x18005dd23 : mov rcx, [rax + 0x10]; mov rax, [rcx]; call [rax + 8]
> 0x180055306 : mov rcx, [rbx + 0x10]; mov rax, [rcx]; call [rax + 8]
> 0x180080854 : mov rcx, [rdx + rcx]; bswap rax; bswap rcx; cmp rax, rcx; sbb eax, eax; sbb eax, -1; ret
> 0x18005c11e : mov rcx, [rsi + 0x10]; mov rax, [rcx]; call [rax + 0x38]
> 0x18003f731 : mov rcx, [rbp + 0x20]; mov rax, [rcx]; call [rax + 0x18]
> 0x18007f920 : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x180008e1f : mov rdx, [rbx + 0x28]; mov rax, [rcx]; call [rax + 8]
> 0x1800012f0 : mov rdx, [rcx + 8]; lea rax, [rip + 0xb332d]; test rdx, rdx; cmovne rax, rdx; ret
> 0x18005dd24 : mov ecx, [rax + 0x10]; mov rax, [rcx]; call [rax + 8]
> 0x180055307 : mov ecx, [rbx + 0x10]; mov rax, [rcx]; call [rax + 8]
> 0x18005c11f : mov ecx, [rsi + 0x10]; mov rax, [rcx]; call [rax + 0x38]
> 0x18003f732 : mov ecx, [rbp + 0x20]; mov rax, [rcx]; call [rax + 0x18]
> 0x180008e20 : mov edx, [rbx + 0x28]; mov rax, [rcx]; call [rax + 8]
> 0x1800012f1 : mov edx, [rcx + 8]; lea rax, [rip + 0xb332d]; test rdx, rdx; cmovne rax, rdx; ret
> 0x18003f785 : mov rbx, [rdi]; mov rax, [r9]; mov rcx, r9; call [rax + 0x38]
> 0x18003f786 : mov ebx, [rdi]; mov rax, [r9]; mov rcx, r9; call [rax + 0x38]
> 0x180022a7e : mov rax, [rdx + 0x40]; movss xmm0, [rax + rcx*4]; divss xmm0, [rip + 0xb339d]; ret
> 0x1800267c3 : mov rbx, [rbp + 0x20]; mov rdi, [rbp + 0x28]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x18000ce70 : mov r8, [r12 + 8]; mov rdx, [r12 + 0x90]; call [r10 + 8]
> 0x18005fb01 : movzx eax, [rbp + 0x1f1]; mov [rsp + 0x90], al; call [rdx + 8]
> 0x1800267c4 : mov ebx, [rbp + 0x20]; mov rdi, [rbp + 0x28]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x18007ff93 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x18003f802 : mov r8, [rdi]; lea rdx, [rsp + 0x30]; mov rcx, rdi; call [r8 + 0x20]
> 0x18004f6d4 : movzx eax, [rbx + 0x80]; imul ecx, eax; mov [rbp + 0x100], ecx; mov rbp, [rsp + 0x10]; ret
> 0x18004f6d3 : movzx eax, [r11 + 0x80]; imul ecx, eax; mov [rbp + 0x100], ecx; mov rbp, [rsp + 0x10]; ret
> 0x180083130 : movsxd rcx, [r9]; lea rax, [r9 + 4]; mov [r8 + 8], rax; mov [r8 + 0x30], rcx; ret
> 0x18005fa9f : mov r15, [rax]; mov rax, [rcx]; movzx r12d, [rbp + 0x162]; call [rax + 8]
> 0x18005faa0 : mov edi, [rax]; mov rax, [rcx]; movzx r12d, [rbp + 0x162]; call [rax + 8]
> 0x18005d650 : mov rax, [rsi + 0x88]; mov rcx, [rax]; mov rax, [rcx]; call [rax + 0x28]
> 0x18000f69e : mov r9, [rdx + 0x160]; mov r8, rsi; mov rdx, [rdx + 0x190]; call [r10 + 8]
> 0x1800056f4 : mov rax, [r12]; lea r8, [rsi + rbx]; mov rdx, rbx; mov rcx, r12; call [rax + 0x38]
> 0x18005fb29 : mov rdx, [r15]; mov rcx, r15; movzx r14d, al; mov [rsp + 0x23], al; call [rdx + 8]
> 0x180008e1b : mov r8, [rbx + 0x68]; mov rdx, [rbx + 0x28]; mov rax, [rcx]; call [rax + 8]
> 0x18007ef97 : mov ecx, [r8 + 0x14]; mov rax, [rdx]; mov rcx, [rcx + rax]; mov [r9], rcx; mov rax, r9; ret
> 0x18000f74e : mov r9, [r15]; mov r8, r13; mov rdx, [rax + rbx*8]; mov rcx, r15; call [r9 + 0x10]
> 0x18000f74f : mov ecx, [rdi]; mov r8, r13; mov rdx, [rax + rbx*8]; mov rcx, r15; call [r9 + 0x10]
> 0x18005ae00 : mov rax, [r14 + 0x88]; mov rcx, [rax]; mov rax, [rcx]; mov dl, 1; call [rax + 0x48]
> 0x180004a2f : mov rbx, [rax + 8]; mov [rbp - 0x41], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x180005046 : mov rsi, [rax + 8]; mov [rbp - 0x59], rsi; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x18000ce6b : mov r9, [r12 + 0x10]; mov r8, [r12 + 8]; mov rdx, [r12 + 0x90]; call [r10 + 8]
> 0x180005684 : mov r15, [rax + 8]; mov [rbp - 0x49], r15; mov rax, [r15]; mov rcx, r15; call [rax + 8]
> 0x180004a30 : mov ebx, [rax + 8]; mov [rbp - 0x41], rbx; mov rax, [rbx]; mov rcx, rbx; call [rax + 8]
> 0x180005047 : mov esi, [rax + 8]; mov [rbp - 0x59], rsi; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x180005685 : mov edi, [rax + 8]; mov [rbp - 0x49], r15; mov rax, [r15]; mov rcx, r15; call [rax + 8]
> 0x180042669 : mov rax, [r10]; mov r9, r14; movzx r8d, [rsp + 0xa0]; movzx edx, r13b; mov rcx, r10; call [rax + 8]
> 0x1800251b7 : mov rax, [rdi + 8]; mov rbx, [rsp + 8]; mov rdi, [rsp + 0x10]; mov [rax + 0x18], 1; mov rax, r11; ret
> 0x18000adae : mov rdi, [rax + 8]; mov [rsp + 0x28], rdi; mov rax, [rdi]; mov rcx, rdi; call [rax + 8]
> 0x1800251b8 : mov eax, [rdi + 8]; mov rbx, [rsp + 8]; mov rdi, [rsp + 0x10]; mov [rax + 0x18], 1; mov rax, r11; ret
> 0x18005fa9b : mov r14, [rax + 8]; mov r15, [rax]; mov rax, [rcx]; movzx r12d, [rbp + 0x162]; call [rax + 8]
> 0x180083186 : mov eax, [r8 + 0x48]; mov edx, [r9 - 4]; shr edx, cl; add eax, edx; mov [r8 + 8], r9; mov [r8 + 0x30], rax; ret
> 0x18000a02a : mov r10, [rcx]; mov r9, [r9 + 8]; mov rdx, [rdx + 8]; mov [rsp + 0x20], rax; call [r10 + 8]
> 0x180009fd6 : mov rax, [r9 + 0x28]; imul rax, [r9 + 0x18]; mov r9, [r9 + 8]; mov [rsp + 0x20], rax; call [r10 + 8]
> 0x180005041 : mov rax, [r12 + 0x40]; mov rsi, [rax + 8]; mov [rbp - 0x59], rsi; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]
> 0x180005680 : mov rax, [r15 + 0x40]; mov r15, [rax + 8]; mov [rbp - 0x49], r15; mov rax, [r15]; mov rcx, r15; call [rax + 8]
> 0x18005e997 : mov r8, [rbp + 0x18]; imul r8, [rbp + 8]; mov [rsp + 0x20], rax; mov r9, [rsp + 0xc0]; mov rdx, r14; call [r10 + 8]
> 0x18003f7e9 : mov r14, [rbp + 0x30]; mov [rsp + 0x70], sil; mov [rsp + 0x71], al; mov rsi, [r14]; mov rax, [rcx]; call [rax + 0x30]
> 0x18003f7ea : mov esi, [rbp + 0x30]; mov [rsp + 0x70], sil; mov [rsp + 0x71], al; mov rsi, [r14]; mov rax, [rcx]; call [rax + 0x30]
> 0x180003e01 : mov r10, [r15]; mov [rsp + 0x28], r12; mov [rsp + 0x20], al; lea r8, [rsp + 0x40]; lea rdx, [rsp + 0x50]; mov rcx, r15; call [r10 + 0x30]
> 0x180003d8e : movsxd rax, [r8 + 4]; mov rax, [rax + rbx + 0x40]; mov rsi, [rax + 8]; mov [rsp + 0x48], rsi; mov rax, [rsi]; mov rcx, rsi; call [rax + 8]

© 2014 - 2019 - Powered by ROPEME | Contact