ROPSHELL 
ropshell> use 645225550fb802894ea90c3bdaf05269 (download)
name         : live555ProxyServer (x86_64/ELF)
base address : 0x15450
total gadgets: 10421

ropshell> suggest "load mem"
> 0x00043cc5 : mov rax, [rsi + 0x40]; ret
> 0x00046e28 : mov rax, [rdi + 0x118]; ret
> 0x0001fe8a : mov rax, [r8 + 0xa0]; ret
> 0x00043cc6 : mov eax, [rsi + 0x40]; ret
> 0x00046e29 : mov eax, [rdi + 0x118]; ret
> 0x00026fe3 : mov rax, [rdx + 8]; pop rbx; ret
> 0x00026fe4 : mov eax, [rdx + 8]; pop rbx; ret
> 0x00019630 : mov esi, [rax]; call r8
> 0x0002e0bd : mov r8, [rax + 0x58]; jmp r10
> 0x00039856 : mov rax, [rdi]; jmp [rax + 0x10]
> 0x0003daa8 : mov rcx, [rsi]; mov [rcx + rdx], 0xd9; ret
> 0x00039857 : mov eax, [rdi]; jmp [rax + 0x10]
> 0x0003daa9 : mov ecx, [rsi]; mov [rcx + rdx], 0xd9; ret
> 0x00050b5c : mov rax, [rbx + 8]; pop rbx; add rax, 0x18; ret
> 0x00050167 : mov rdi, [rax + 0x18]; call rdx
> 0x00040522 : mov rdi, [rbx + 0x170]; call rax
> 0x000501d1 : mov rdi, [rdx + 0x160]; call rax
> 0x00050b5d : mov eax, [rbx + 8]; pop rbx; add rax, 0x18; ret
> 0x00031e8c : mov ecx, [rax + 8]; test ecx, ecx; setne al; ret
> 0x0001ce1c : mov esi, [rbx + 0x150]; call rax
> 0x00050168 : mov edi, [rax + 0x18]; call rdx
> 0x00040523 : mov edi, [rbx + 0x170]; call rax
> 0x000501d2 : mov edi, [rdx + 0x160]; call rax
> 0x0002146e : mov rax, [rbx]; call [rax + 0x58]
> 0x000303e5 : mov rax, [rsi]; call [rax + 0x50]
> 0x00041863 : mov rax, [rbp]; call [rax + 8]
> 0x0002dc60 : mov rax, [r12]; call [rax + 8]
> 0x0004e203 : mov rax, [r13]; call [rax]
> 0x0002a2f8 : mov rdx, [rax]; call [rdx + 0x48]
> 0x0004b20a : mov r9, [rdi]; call [r9 + 0x38]
> 0x0002146f : mov eax, [rbx]; call [rax + 0x58]
> 0x000303e6 : mov eax, [rsi]; call [rax + 0x50]
> 0x00041864 : mov eax, [rbp]; call [rax + 8]
> 0x0004b20b : mov ecx, [rdi]; call [r9 + 0x38]
> 0x0002a2f9 : mov edx, [rax]; call [rdx + 0x48]
> 0x00051825 : mov rax, [r14 + 0x28]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x00026f4d : mov rdx, [rax + 0x10]; mov rax, rdx; add rsp, 8; ret
> 0x0003c158 : mov rdx, [rdi + 0x60]; add [rdx + 0x13a], 1; ret
> 0x00019195 : mov r9, [rdx + 0x28]; mov edx, 0xa; jmp r9
> 0x00019196 : mov ecx, [rdx + 0x28]; mov edx, 0xa; jmp r9
> 0x00026f4e : mov edx, [rax + 0x10]; mov rax, rdx; add rsp, 8; ret
> 0x0003c159 : mov edx, [rdi + 0x60]; add [rdx + 0x13a], 1; ret
> 0x00037a90 : mov rbx, [r12 + 0x178]; mov rax, rbx; pop rbx; pop rbp; pop r12; ret
> 0x00027b78 : mov rdx, [rbx + 0xd0]; call [rax + 0x10]
> 0x000232c7 : mov rsi, [r15 + 0x18]; mov rdi, rax; call rdx
> 0x00041b20 : mov rdi, [r12 + 8]; mov esi, ebp; call rax
> 0x0001d56a : movzx ecx, [rbx + 0x29]; call [rax + 0x70]
> 0x00027b79 : mov edx, [rbx + 0xd0]; call [rax + 0x10]
> 0x000232c8 : mov esi, [rdi + 0x18]; mov rdi, rax; call rdx
> 0x0001a5e2 : mov esi, [rbp + 0x10]; call [rax + 0x60]
> 0x000507a0 : mov rax, [r8]; mov rdi, r8; call [rax + 8]
> 0x000441f2 : mov rax, [r14]; mov rdi, r14; call [rax + 8]
> 0x00019fd7 : mov rax, [r15]; mov rdi, r15; call [rax + 0x18]
> 0x00035ca0 : mov rcx, [rax]; mov rdi, rax; call [rcx + 0x48]
> 0x00035c26 : mov r8, [rax]; mov rdi, rax; call [r8 + 0x48]
> 0x00035ca1 : mov ecx, [rax]; mov rdi, rax; call [rcx + 0x48]
> 0x00044a3e : mov rbx, [rdx]; mov rax, [rdi]; call [rax + 0x20]
> 0x0004dd6a : mov rdi, [r13]; mov rax, [rdi]; call [rax + 0x28]
> 0x00044a3f : mov ebx, [rdx]; mov rax, [rdi]; call [rax + 0x20]
> 0x0004dd6b : mov edi, [rbp]; mov rax, [rdi]; call [rax + 0x28]
> 0x0002ba0f : mov rsi, [rbp + 0x58]; mov rdi, rax; call [rdx + 0x48]
> 0x00041191 : mov rdi, [r14 + 0x40]; mov rdx, r15; mov rsi, rbp; call rcx
> 0x00041192 : mov edi, [rsi + 0x40]; mov rdx, r15; mov rsi, rbp; call rcx
> 0x0001812c : mov rdx, [rbx]; mov rdi, rbx; mov esi, eax; call [rdx + 0x10]
> 0x0004dce3 : mov rdi, [rax]; mov rax, [rdi]; mov rax, [rax + 0x20]; jmp rax
> 0x0001812d : mov edx, [rbx]; mov rdi, rbx; mov esi, eax; call [rdx + 0x10]
> 0x0004dce4 : mov edi, [rax]; mov rax, [rdi]; mov rax, [rax + 0x20]; jmp rax
> 0x000516fa : mov rax, [rbp + 0x30]; mov [rax + 0x20], rdi; add rsp, 8; pop rbx; pop rbp; ret
> 0x0001d1f4 : mov rdx, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x68]
> 0x000416e7 : mov rsi, [rax + 8]; mov rax, [rdi]; call [rax + 0x38]
> 0x0002a2f1 : mov rsi, [rdx + 0x100]; mov rdx, [rax]; call [rdx + 0x48]
> 0x0004284c : mov rdi, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x18]
> 0x0003f144 : mov rdi, [r8 + 8]; mov rax, [rdi]; call [rax + 0x48]
> 0x0001706c : mov rbp, [rax + 0x48]; mov rax, [rdi]; call [rax]
> 0x00016fbb : mov r13, [rax + 0x48]; mov rax, [rdi]; call [rax]
> 0x0004e274 : mov r14, [rax + 0x48]; mov rax, [r13]; call [rax]
> 0x0004e1ff : mov r15, [rax + 0x48]; mov rax, [r13]; call [rax]
> 0x000516fb : mov eax, [rbp + 0x30]; mov [rax + 0x20], rdi; add rsp, 8; pop rbx; pop rbp; ret
> 0x0004dc10 : movzx eax, [r12 + 0x1a]; cmp [rbx + 2], ax; sete al; pop rbx; pop rbp; pop r12; ret
> 0x0001d1f5 : mov edx, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x68]
> 0x0004e275 : mov esi, [rax + 0x48]; mov rax, [r13]; call [rax]
> 0x0002a2f2 : mov esi, [rdx + 0x100]; mov rdx, [rax]; call [rdx + 0x48]
> 0x0004284d : mov edi, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x18]
> 0x00016fbc : mov ebp, [rax + 0x48]; mov rax, [rdi]; call [rax]
> 0x000442c7 : mov rdx, [rdi]; mov rcx, r8; mov r9, [rdx + 0xd0]; mov rdx, rax; jmp r9
> 0x000442c8 : mov edx, [rdi]; mov rcx, r8; mov r9, [rdx + 0xd0]; mov rdx, rax; jmp r9
> 0x0001d565 : mov rsi, [rbx + 8]; movzx r9d, [rbx + 0x29]; call [rax + 0x70]
> 0x0004e410 : mov rax, [rcx]; mov rdx, rbx; mov rsi, r8; mov rdi, rcx; call [rax + 0x10]
> 0x000218b5 : mov rdx, [r15]; mov [rsp + 4], eax; mov rdi, r15; call [rdx + 8]
> 0x0004e411 : mov eax, [rcx]; mov rdx, rbx; mov rsi, r8; mov rdi, rcx; call [rax + 0x10]
> 0x00023712 : mov rsi, [r13 + 0x18]; mov rdx, [rax]; mov rdi, rax; call [rdx + 0x48]
> 0x00018020 : mov rdi, [rsi + 0x50]; mov rsi, rbx; mov rax, [rdi]; call [rax + 0x10]
> 0x000420db : mov rdi, [r10 + 0x250]; mov [rsp + 0x18], r10; mov rcx, rbp; bswap edx; call rax
> 0x0001823f : mov rdi, [r13 + 0x58]; mov rsi, rbp; mov rax, [rdi]; call [rax + 0x20]
> 0x00044a4f : mov rdi, [r15 + 0x68]; mov rsi, r13; mov rax, [rdi]; call [rax + 0x18]
> 0x00031617 : mov eax, [rcx + 0xc]; add eax, 1; div [rcx + 8]; mov [rcx + 0xc], edx; pop rbx; ret
> 0x000280bf : movzx ebx, [rax + 0x1c]; mov rsi, r12; mov rax, [rdi]; call [rax + 0x18]
> 0x0002372f : mov esi, [r13 + 0x10]; mov rdx, [rax]; mov rdi, rax; call [rdx + 0x58]
> 0x00030c2d : mov esi, [r14 + 0x40]; mov rdx, [rax]; mov rdi, rax; call [rdx + 0x58]
> 0x0004f934 : mov eax, [rdx]; mov [rdi + 8], cx; mov [rdi + 4], eax; mov [rdi + 0xa], 0xff; ret
> 0x0004eaaf : mov esi, [r12]; mov r12, rsp; mov rdx, [rax]; mov rdi, rax; call [rdx + 0x58]
> 0x0003f119 : mov rdx, [r8 + 0x140]; lea rax, [rdx + rax*2]; movzx eax, [rax]; mov [rcx], eax; ret
> 0x0001f894 : mov edi, [rsi]; add eax, [rax]; mov rdx, [rax]; mov rdi, rax; call [rdx + 0x48]
> 0x000415a1 : mov rax, [r13 + 8]; mov rdi, [rax + 8]; mov rax, [rdi]; call [rax + 0x40]
> 0x0003cf85 : mov rdi, [rcx + 8]; lea rsi, [rip + 0x1a0d0]; mov rax, [rdi]; call [rax + 0x48]
> 0x00042845 : mov rbp, [rdi + 0x1b8]; mov rdi, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x18]
> 0x000176ad : mov ecx, [rbp + 4]; lea eax, [rcx + rbx]; mov [rbp + 4], eax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00018ac6 : mov esi, [r12 + 0x60]; mov rdi, [rax + 0x18]; mov rax, [rdi]; call [rax + 0x28]
> 0x0003cf86 : mov edi, [rcx + 8]; lea rsi, [rip + 0x1a0d0]; mov rax, [rdi]; call [rax + 0x48]
> 0x00042846 : mov ebp, [rdi + 0x1b8]; mov rdi, [rbp + 0x18]; mov rax, [rdi]; call [rax + 0x18]
> 0x00040752 : mov esi, [rcx]; mov edx, r12d; add esi, [rcx + 4]; mov rdi, rbx; add rsi, [rcx + 0x18]; call rax
> 0x0002dc50 : mov rax, [r12 + 0x18]; mov rdi, r12; mov [rax + 8], 0; mov rax, [r12]; call [rax + 8]
> 0x0002fc4d : mov rdx, [r12 + 0x60]; mov rdi, rax; mov esi, [rdx + 0x158]; mov rdx, [rax]; call [rdx + 0x58]
> 0x0002e0b1 : mov rsi, [rdi + 0x44]; mov r9d, [rax + 0x60]; mov rdi, [rdi + 0x70]; mov r8, [rax + 0x58]; jmp r10
> 0x00041d00 : mov rcx, [rbx]; mov [rsp + 0xf], al; mov rsi, r12; mov rdi, rbx; lea rdx, [rip + 0x15daf]; call [rcx + 0x10]
> 0x00018c10 : mov rsi, [rdi]; mov [rsp + 0x18], rcx; mov [rsp + 0x10], rdx; mov [rsp + 8], rax; call [rsi + 8]
> 0x00041d01 : mov ecx, [rbx]; mov [rsp + 0xf], al; mov rsi, r12; mov rdi, rbx; lea rdx, [rip + 0x15daf]; call [rcx + 0x10]
> 0x00018c11 : mov esi, [rdi]; mov [rsp + 0x18], rcx; mov [rsp + 0x10], rdx; mov [rsp + 8], rax; call [rsi + 8]
> 0x0004e6a1 : mov rbp, [r12 + 0x10]; mov rax, [rax]; mov rdi, rbx; mov edx, [rsp + 8]; mov rsi, rbp; call [rax + 0x18]
> 0x000205a8 : mov r13, [rbx + 8]; mov [rbx + 8], 0; mov rax, [rbp]; mov rsi, rbx; mov rdi, rbp; call [rax + 0x48]
> 0x000205a9 : mov ebp, [rbx + 8]; mov [rbx + 8], 0; mov rax, [rbp]; mov rsi, rbx; mov rdi, rbp; call [rax + 0x48]
> 0x0001d55d : mov rcx, [rbx + 0x20]; mov rdx, [rbx + 0x18]; mov rsi, [rbx + 8]; movzx r9d, [rbx + 0x29]; call [rax + 0x70]
> 0x0005072f : mov rdx, [rsi + 0x10]; mov [rdx + 8], rax; mov rax, [rsi + 8]; mov [rax + 0x10], rdx; mov [rsi + 0x10], 0; mov [rsi + 8], 0; ret
> 0x00050730 : mov edx, [rsi + 0x10]; mov [rdx + 8], rax; mov rax, [rsi + 8]; mov [rax + 0x10], rdx; mov [rsi + 0x10], 0; mov [rsi + 8], 0; ret
> 0x00023295 : movzx eax, [r12]; mov [r12], 0; lea rsi, [rip + 0x30819]; mov rdi, [rbx + 8]; mov [rsp + 0x10], al; mov rax, [rdi]; call [rax + 0x48]
> 0x0002e0ab : mov rcx, [rdi + 0x50]; mov edx, [rdi + 0x48]; mov esi, [rdi + 0x44]; mov r9d, [rax + 0x60]; mov rdi, [rdi + 0x70]; mov r8, [rax + 0x58]; jmp r10
> 0x000427dd : mov r12, [rdi + 0x1b8]; mov ebp, [rdi + 0x1c0]; mov r13d, [rax + 0x1f4]; mov rdi, [r12 + 0x18]; mov rsi, r13; mov rax, [rdi]; call [rax + 0x20]
> 0x0002e0ac : mov ecx, [rdi + 0x50]; mov edx, [rdi + 0x48]; mov esi, [rdi + 0x44]; mov r9d, [rax + 0x60]; mov rdi, [rdi + 0x70]; mov r8, [rax + 0x58]; jmp r10
> 0x000412e4 : mov r8, [rdi + 8]; mov rax, [r8 + 8]; mov rdi, [rax + 0x18]; mov rax, [rbp + 0x10]; mov esi, [rax + 8]; mov rax, [rdi]; call [rax + 0x28]

© 2014 - 2019 - Powered by ROPEME | Contact