ropshell> use 3441abf9b9f7dc9f9406b347b026a71d (download)
name         : libc.so.6 (arm/ELF)
base address : 0x15c40
total gadgets: 5209
ropshell> suggest "load mem"
> 0x0006463e : ldr r0, [r2]; pop {r3, r4, r5, pc}
> 0x00064252 : ldrne r0, [r3]; pop {r4, pc}
> 0x0002b662 : ldr r0, [pc, r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000f3a4e : ldr r0, [r1]; blx r2
> 0x000182aa : ldr r1, [r2]; blx r3
> 0x0002791e : ldr r0, [r4, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x000df6ce : ldr r6, [r4]; blx ip
> 0x000aab76 : ldr r0, [r5, #0x3c]; pop {r3, r4, r5, pc}
> 0x000d5136 : ldr r0, [r7, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x0001eef6 : ldr ip, [r7]; blx ip
> 0x000fdbb6 : ldr ip, [r8]; blx ip
> 0x0006f736 : ldr r3, [sl]; blx r3
> 0x00072356 : ldr r3, [fp]; blx r3
> 0x0006dffa : ldr r1, [r0]; str r1, [r2]; bx lr
> 0x0007453d : ldrh r4, [r0, #0x20]; movs r4, r1; pop {r2, r3, r4, r5, pc}
> 0x000a71d5 : ldr r4, [r2, #0x64]; movs r1, r1; pop {r3, r4, r5, r6, r7, pc}
> 0x000d0ff6 : ldr r3, [r4, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x0001c0ce : ldr ip, [r4, #4]; blx ip
> 0x0002f9f2 : ldr r1, [r5]; mov r2, r8; blx sb
> 0x00092a8a : ldr r2, [r5, r2]; str r3, [r2]; pop {r3, r4, r5, pc}
> 0x000310b6 : ldr r3, [r5, #0x7f4]; blx r3
> 0x0006615a : ldr ip, [r5, #0xc]; blx ip
> 0x00064d1e : ldr sl, [r6, #0x18]; blx r3
> 0x00109262 : ldr r0, [r8, #0x40]; blx ip
> 0x0006e56e : ldr r3, [r8, #0xa0]; blx r3
> 0x0001e54e : ldr ip, [sl, #4]; blx ip
> 0x000a252e : ldr r0, [fp, #-0x1a8]; blx r4
> 0x000f53ea : ldr r1, [fp, #-0x68]; blx r5
> 0x00043eb2 : ldr r2, [fp, #-0x47c]; blx r3
> 0x0004b39e : ldr r2, [lr, #0xf7c]; blx r3
> 0x000f5962 : ldr ip, [lr]; mov r1, #4; blx ip
> 0x00026b46 : ldr r3, [pc, r3]; str ip, [r0, r3]; pop {r4, r5, pc}
> 0x000271ba : ldrheq r5, [r1], -ip; and r0, r0, #0x7f; bx lr
> 0x0006f732 : ldr sl, [r4, r3]; ldr r3, [sl]; blx r3
> 0x000fe8da : ldr r2, [pc, #0xc]; ldr r0, [r3, r2]; pop {r3, pc}
> 0x00063222 : ldr ip, [r2, #0x1c]; mov r2, #0x10; blx ip
> 0x000d0ff2 : ldr r2, [r6]; ldr r3, [r4, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x000f53e6 : ldr r5, [lr]; ldr r1, [fp, #-0x68]; blx r5
> 0x000d0b0e : ldr r4, [pc, #0x1c]; add r4, pc, r4; mov r0, r4; pop {r4, pc}
> 0x0004a01a : ldr ip, [r0]; mov r0, r4; ldr r3, [ip, r3]; blx r3
> 0x000aa046 : ldr r2, [r1, #0x1c]; str r2, [r3, ip, lsl #2]; pop {r3, r4, r5, r6, r7, pc}
> 0x0005f84a : ldr r2, [r0]; mov r0, r3; orr r3, r2, #0x20; str r3, [r4]; pop {r3, r4, r5, pc}
> 0x000f3312 : ldr r3, [ip]; cmp r3, #0; mvnne r0, #0; moveq r0, #1; pop {r3, r4, r5, r6, r7, pc}
> 0x0009239a : ldr r1, [pc, #0x24]; cmp r0, r3; moveq r0, ip; movne r0, r1; bx lr
> 0x000c30b6 : ldr r7, [pc, #0x10]; svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
> 0x000a0b1a : ldr r3, [r0, r3]; cmp r3, #0x26; mvnne r0, #0; moveq r0, #0x7f; pop {r4, pc}
> 0x000c9e3a : ldr r3, [r2, r4]; mvn r2, #0; mov r0, #0; str r2, [r3]; pop {r4, r7, pc}
> 0x00044d5a : ldr r1, [r6, r1]; eor r3, r2, r3; mov r0, sl; mov r2, r5; blx r3
> 0x000ff606 : ldrne r3, [r6]; streq r3, [r4]; strne r3, [r4, #4]; moveq r0, r3; pop {r3, r4, r5, r6, r7, pc}
> 0x00078f69 : ldrh r4, [r7, r0]; movs r4, r1; ldrh r4, [r2, r0]; movs r4, r1; bx sb
> 0x0008dc22 : ldrne r2, [r3, #8]; addne r2, r2, #1; strne r2, [r3, #8]; pop {r3, r4, r5, pc}
> 0x0003c366 : ldr lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov r0, #0; bx lr
> 0x000c6492 : ldr r2, [r7, #-4]; mov r3, #0; mov r0, r4; str r3, [r2, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x0006e07a : ldr r2, [r4, #0xc]; mov r0, #0; add r3, r2, r3; str r3, [r4, #4]; pop {r3, r4, r5, pc}
> 0x000bcfda : ldr r1, [r4, #4]; add r3, r2, r3; mov r0, #0; str r0, [r1, r3, lsl #2]; pop {r4, r5, r6, pc}
> 0x0006a932 : ldr r1, [r8, #0x98]; mov r0, r8; str fp, [sp]; ldr r1, [r1, #0x40]; blx r1
> 0x0001f206 : ldr r2, [r8]; mov r1, fp; str r4, [sp]; mov r3, sl; ldr ip, [r7, #4]; blx ip
> 0x00065ef6 : ldr r1, [sl, #0x98]; str r0, [sp]; mov r0, sl; ldr r1, [r1, #0x40]; blx r1
> 0x000695fa : ldr r1, [r3]; ldr r2, [r3, #0xc]; str r1, [r3, #4]; str r2, [r3, #0x10]; pop {r4, pc}
> 0x000d512a : ldr r3, [r7, #0x6c]; add r5, r5, r3; add r7, r7, r5, lsl #2; ldr r0, [r7, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x000235be : ldrsheq sl, [r1], -r8; ldr r3, [pc, #0x10]; add r3, pc, r3; ldr r3, [r3]; cmp r3, #0; bxeq lr
> 0x0002edca : ldr r1, [ip, #8]; cmn r1, #6; streq r2, [ip, #8]; mov r0, r3; add sp, sp, #0x80; pop {r7, pc}
> 0x0002e8ee : ldr ip, [r3, r2, lsl #2]; and r1, r1, #0x1f; orr r1, ip, r4, lsl r1; str r1, [r3, r2, lsl #2]; pop {r4, pc}
> 0x000182c2 : ldr r5, [ip, r3]; add r4, pc, r4; ldr r3, [r5]; ldr r2, [r4, #0xc8]; eor r3, r2, r3; blx r3
> 0x00028d4e : ldr r3, [lr, r3]; add r2, pc, r2; ldr r3, [r3]; ldr r2, [r2, #0xa8]; eor r3, r2, r3; blx r3
> 0x000f6c0e : ldr ip, [pc, #0x18]; mov r0, r3; add ip, pc, ip; mov r1, r5; ldr r3, [ip, r2, lsl #2]; blx r3
> 0x00108802 : ldr r6, [r2, r3]; mov sl, r1; add r0, r6, #0x4d0; ldr r3, [r6, #0x7f0]; add r0, r0, #0xc; blx r3
> 0x000fa9cd : ldrh r0, [r6, #0x3e]; pop.w {r3, r6, r7, r8, sl, ip, lr}; movs r4, r0; movs r7, #0x40; movs r4, r0; blx lr
> 0x00107ca6 : ldr r6, [pc, #0x100]; add r4, pc, r4; add r6, pc, r6; ldr r3, [r4]; ldr r3, [r3, #0x14]; blx r3
> 0x00108dd6 : ldr r5, [r2, #0x160]; ldr r3, [r3]; ldm r0, {r0, r1, r2}; str r3, [sp, #8]; mvn r3, #1; blx r5
> 0x0001e53a : ldr r0, [sl, #0xc]; ldr r2, [fp]; mov r1, r8; str r7, [sp]; mov r3, r6; ldr ip, [sl, #4]; blx ip
> 0x0002ecb6 : ldr r2, [ip, #8]; cmn r2, #6; moveq r2, #0; streq r2, [ip, #8]; mov r0, r3; add sp, sp, #0x84; pop {r4, r7, pc}
> 0x000adc8e : ldr ip, [r6]; add r5, ip, r5; add r3, r5, #0xc; ldm r3, {r0, r1, r2}; stm r4, {r0, r1, r2}; ldr r0, [r5, #4]; pop {r4, r5, r6, pc}
> 0x000ff116 : ldr r2, [sl, #8]; str r3, [sp, #0x54]; mov r0, sl; ldr r3, [r2, #0xc]; add r1, sp, #0x50; blx r3
> 0x00109322 : ldr r4, [fp, #-0x58]; ldr ip, [lr]; add ip, r4, ip; str ip, [sp, #4]; ldr ip, [fp, #-0x54]; blx ip
> 0x00040aea : ldr lr, [fp, #-0x52c]; ldr r2, [lr, r2, lsl #2]; str r3, [fp, #-0x524]; str ip, [fp, #-0x528]; blx r2
> 0x000fc7e9 : ldr r5, [pc, #0x34c]; asrs r2, r4, #1; lsrs r0, r1, #4; movs r4, r0; lsrs r0, r4, #3; movs r4, r0; blx lr
> 0x0006614a : ldr ip, [r1, #-0x10]; str r0, [sp, #0xc]; str ip, [sp, #8]; mov r0, r5; ldr ip, [r5, #0xc]; blx ip
> 0x000de94a : ldr lr, [pc, #0x24]; ldr r3, [ip, r3]; add lr, pc, lr; ldr r3, [r3]; ldr ip, [lr, #0x50]; eor r3, ip, r3; blx r3
> 0x000ddde2 : ldr lr, [r6, #-8]; str r4, [fp, #-0x44]; str r3, [fp, #-0x4c]; str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip
> 0x000abed6 : ldr r3, [r1, #4]; mov r0, #0; ldr r2, [r3, #0xc]; ldr r3, [r3, #0x1c]; str r2, [r1, #0xc]; str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}
> 0x000dd9e2 : ldr r5, [r4, #0x3c]; ldr lr, [r4, #0x40]; str r3, [fp, #-0x4c]; str r7, [fp, #-0x3c]; str r5, [fp, #-0x44]; str lr, [fp, #-0x40]; blx ip
> 0x000dddde : ldr r5, [r6, #-4]; ldr lr, [r6, #-8]; str r4, [fp, #-0x44]; str r3, [fp, #-0x4c]; str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip