ROPSHELL 
ropshell> use b45cd437b8cf1335baff2f4508f4cde1 (download)
name         : babywin_level3.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 5125

ropshell> suggest "load mem"
> 0x14000845c : mov rax, [rcx]; ret
> 0x14000845d : mov eax, [rcx]; ret
> 0x140009474 : mov rax, [rcx + 0x10]; ret
> 0x140009475 : mov eax, [rcx + 0x10]; ret
> 0x14001a8f8 : mov eax, [rdx + 4]; ret
> 0x140045fea : mov rcx, [r9]; inc [rcx]; ret
> 0x140014a02 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x1400523cc : mov rax, [rdx]; mov [rcx], rax; ret
> 0x14001b56d : mov rcx, [rdx]; mov [rax], rcx; ret
> 0x1400523cd : mov eax, [rdx]; mov [rcx], rax; ret
> 0x140045fce : mov rax, [r9]; mov al, [rax + 0x18]; ret
> 0x14000f453 : mov rbx, [r11 + 0x10]; mov rsp, r11; pop rdi; ret
> 0x140014d90 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x14000ed5a : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1400162af : mov rbp, [r11 + 0x18]; mov rsp, r11; pop r14; ret
> 0x140011ff4 : mov r14, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
> 0x140011ff5 : mov esi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x14000ed5b : mov edi, [rbx + 0x18]; mov rsp, r11; pop rbp; ret
> 0x1400162b0 : mov ebp, [rbx + 0x18]; mov rsp, r11; pop r14; ret
> 0x1400220c0 : mov rax, [r8]; mov [rdx], rax; mov al, 1; ret
> 0x140021b28 : mov eax, [r8]; mov [rdx], rax; mov al, 1; ret
> 0x140070aa5 : mov rcx, [rax + 0x110]; movzx eax, [rcx + r8]; ret
> 0x1400091c0 : movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x140070aa6 : mov ecx, [rax + 0x110]; movzx eax, [rcx + r8]; ret
> 0x140056ecb : mov rcx, [rax]; mov rax, [rcx + 0x88];  inc [rax]; ret
> 0x1400716ac : mov rdx, [rcx]; xor eax, eax; xchg [rdx + 0x14], eax; ret
> 0x140056ecc : mov ecx, [rax]; mov rax, [rcx + 0x88];  inc [rax]; ret
> 0x1400716ad : mov edx, [rcx]; xor eax, eax; xchg [rdx + 0x14], eax; ret
> 0x140019900 : mov rax, [rdx + 8]; cmp [rcx + 8], rax; seta al; ret
> 0x14006e35c : mov rbx, [rbp + 0x20]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x140036966 : mov rcx, [r8 + 0x460]; add [rcx], 2; mov al, 1; ret
> 0x14000e99d : mov r12, [r11 + 0x30]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x14000d514 : mov r13, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop rbp; ret
> 0x14006e35d : mov ebx, [rbp + 0x20]; lea rsp, [rbp + 0x10]; pop rbp; ret
> 0x14006fdb9 : mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x14001b546 : mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x140030613 : mov rcx, [rdx + 0x478]; mov [rdx + 0x10], rcx; mov [rdx + 0x2c], r8; ret
> 0x1400091bc : mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x14000fda3 : movsxd rdx, [rcx + 0x10]; mov rax, [rcx + 8]; mov al, [rax + rdx - 1]; ret
> 0x14001b543 : mov r8, [rdx]; mov ecx, [rdx + 8]; mov [rax], r8; mov [rax + 8], ecx; ret
> 0x140019fee : movsxd rcx, [r10]; lea rax, [r10 + 4]; mov [r8 + 8], rax; mov [r8 + 0x30], rcx; ret
> 0x14006fdb5 : mov rdi, [rbp + 0x60]; mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x140066436 : mov edx, [rax + 0x10]; mov ecx, ebx; mov rax, rsi; mov r8, [rip + 0x3cbeb]; call r8
> 0x14006fdb6 : mov edi, [rbp + 0x60]; mov r12, [rbp + 0x68]; lea rsp, [rbp + 0x30]; pop r15; pop r14; pop rbp; ret
> 0x140015fb3 : mov ecx, [r8 + 0x14]; mov rax, [rdx]; mov rcx, [rcx + rax]; mov [r9], rcx; mov rax, r9; ret
> 0x14001a049 : mov eax, [r8 + 0x48]; mov edx, [r10 - 4]; shr edx, cl; add eax, edx; mov [r8 + 8], r10; mov [r8 + 0x30], rax; ret
> 0x140023264 : mov r8, [rcx + 0x18]; lea rax, [r8 + 8]; mov [rcx + 0x18], rax; mov al, 1; movsd xmm0, [r8]; movsd [rdx], xmm0; ret
> 0x1400091b4 : movsxd r9, [rdx + 4]; movsxd rdx, [rdx + 8]; mov rcx, [r9 + rcx]; movsxd r8, [rdx + rcx]; add r8, r9; add rax, r8; ret
> 0x140043f35 : mov edx, [rcx + 0x18]; lea rax, [rdx + 8]; mov [rcx + 0x18], rax; mov eax, [rdx]; mov [rcx + 0x2c], eax; mov al, 1; ret

© 2014 - 2019 - Powered by ROPEME | Contact