ropshell> use a93c216fa553ae8c15f10f440929414d (download) name : libc.so.6 (x86_64/ELF) base address : 0x26380 total gadgets: 15939
ropshell> suggest "load mem" > 0x0007870c : mov eax, [rdx]; ret > 0x000cffb0 : mov eax, [rdi]; ret > 0x00084380 : mov rax, [rdi + 0x68]; ret > 0x000ee841 : mov eax, [rdx + 8]; ret > 0x00130d50 : mov eax, [rdi + 0x20]; ret > 0x000a27a5 : movzx ecx, [rsi]; sub eax, ecx; ret > 0x0007accd : mov edx, [rax]; mov eax, edx; ret > 0x0008409d : mov rax, [rdi]; mov [rdx], rax; ret > 0x000a7800 : mov rdx, [rsi]; mov [rdi], rdx; ret > 0x00102dbe : mov rsi, [rbx]; call r12 > 0x00102a38 : mov rdi, [rbx]; call rbp > 0x000a77a1 : mov edx, [rsi]; mov [rdi], dx; ret > 0x00102dbf : mov esi, [rbx]; call r12 > 0x00102a39 : mov edi, [rbx]; call rbp > 0x00166e58 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret > 0x001714df : movzx edx, [rsi + rcx]; sub eax, edx; ret > 0x00034cfe : mov edi, [rax + rdx]; mov eax, edi; ret > 0x000814cb : movzx r8, [rax]; add rsp, 8; pop rbx; pop rbp; ret > 0x0009a688 : mov rdi, [rbx + 0x48]; call rax > 0x0009a689 : mov edi, [rbx + 0x48]; call rax > 0x001299eb : mov rax, [rbx]; mov [rax + 8], 0; pop rbx; ret > 0x0016faee : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret > 0x000eb287 : mov rdx, [rax]; mov [rax], rdi; mov rax, rdx; ret > 0x000fdb9b : mov rbp, [r12]; mov rax, rbp; pop rbx; pop rbp; pop r12; ret > 0x001299ec : mov eax, [rbx]; mov [rax + 8], 0; pop rbx; ret > 0x0016fb20 : mov eax, [rcx]; mov [rdx], eax; mov rax, rdi; ret > 0x00086bae : mov eax, [rsi]; neg eax; sbb eax, eax; and eax, 0x16; ret > 0x0003cb05 : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret > 0x0010ee29 : mov edx, [r12]; pop rbx; pop rbp; pop r12; mov eax, edx; ret > 0x000850e8 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret > 0x000924d0 : mov rcx, [rdi + 0x18]; mov [rax + 0x18], rcx; ret > 0x00085169 : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret > 0x000850dc : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret > 0x000850e9 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret > 0x000de448 : mov eax, [rbp + 0x4c]; add rsp, 8; pop rbx; pop rbp; ret > 0x000924d1 : mov ecx, [rdi + 0x18]; mov [rax + 0x18], rcx; ret > 0x0008516a : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret > 0x000850dd : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret > 0x00102e53 : mov rsi, [rax]; mov rdi, [rbp - 0x50]; call r15 > 0x001101c2 : mov eax, [rbp]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret > 0x001101c1 : mov eax, [r13]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret > 0x00102e54 : mov esi, [rax]; mov rdi, [rbp - 0x50]; call r15 > 0x00142e25 : mov rax, [r15 + 0x60]; call [rax + 8] > 0x0007f127 : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret > 0x00091387 : mov rdi, [rax + 8]; call [rax] > 0x001147a3 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax > 0x0007f128 : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret > 0x001147a4 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax > 0x000a7810 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret > 0x0010896f : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret > 0x00108970 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret > 0x0016fb0b : mov rax, [rcx + 8]; mov [rdx + 8], rax; mov rax, rdi; ret > 0x0007f181 : mov rax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret > 0x000fc0f8 : mov rax, [r13 + 0x10]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret > 0x00041052 : mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret > 0x0016fb46 : mov eax, [rcx + 8]; mov [rdx + 8], eax; mov rax, rdi; ret > 0x00041053 : mov ecx, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret > 0x0003cb45 : mov rax, [rsi]; and rax, [rdx]; mov [rdi], rax; xor eax, eax; ret > 0x00086394 : mov rax, [rsi + 0x18]; sub rcx, rdx; lea rax, [rcx + rax + 0x4000]; ret > 0x00145eb6 : mov rax, [rbp + 0x18]; mov rdi, r13; call [rax + 0x20] > 0x0013b1e0 : mov rax, [r12 + 8]; mov rdi, r12; call [rax + 0x20] > 0x00142910 : mov rax, [r14 + 0x70]; mov rdi, r12; call [rax + 0x20] > 0x000a7944 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret > 0x000a7853 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret > 0x00086395 : mov eax, [rsi + 0x18]; sub rcx, rdx; lea rax, [rcx + rax + 0x4000]; ret > 0x00142e04 : mov esi, [rdi + 0x88]; mov rdi, rbx; call [rax + 0x28] > 0x00142e03 : mov esi, [r15 + 0x88]; mov rdi, rbx; call [rax + 0x28] > 0x00122d6a : mov rax, [rbp]; add rbx, rax; mov [rbp], rbx; add rsp, 8; pop rbx; pop rbp; ret > 0x00102b3b : mov rdx, [r11]; and edx, 1; or rax, rdx; mov [r11], rax; pop rbx; pop rbp; ret > 0x00132029 : mov rdx, [r15]; mov r8, rbx; mov rcx, r14; mov rdi, r13; call r12 > 0x0013fd02 : mov rdi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10] > 0x00143480 : mov rdi, [r14]; mov rax, [rdi + 0x38]; call [rax + 0x18] > 0x0013fd03 : mov edi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10] > 0x00143481 : mov edi, [rsi]; mov rax, [rdi + 0x38]; call [rax + 0x18] > 0x0003be72 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx > 0x0003fa67 : mov rdi, [r15]; mov rdx, [rsp]; mov rax, [rsp + 8]; call rax > 0x0006ccd8 : mov rsi, [rax + 0x18]; movsxd rdx, r12d; mov rdi, rbx; call [r14 + 0x38] > 0x0013cb94 : mov rsi, [rbx + 0x10]; mov rdx, rbp; mov rdi, r13; call [rax + 0x10] > 0x00034b38 : mov rsi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret > 0x0014f786 : mov r8, [rbx + 0x10]; call [rax + 0x328]; mov [rbx], rax; pop rax; pop rdx; pop rbx; ret > 0x000ea96b : movzx ecx, [r15 + 0x30]; movsxd rcx, [rsi + rcx*4]; add rcx, rsi; jmp rcx > 0x0006ccd9 : mov esi, [rax + 0x18]; movsxd rdx, r12d; mov rdi, rbx; call [r14 + 0x38] > 0x0013cb95 : mov esi, [rbx + 0x10]; mov rdx, rbp; mov rdi, r13; call [rax + 0x10] > 0x0010bf0d : mov rcx, [r8]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xc64fe], 0; ret > 0x0013ab73 : mov rdi, [r12]; mov rsi, r13; mov rax, [rdi + 0x38]; call [rax + 0x10] > 0x0010bf0e : mov ecx, [rax]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xc64fe], 0; ret > 0x000831f4 : movzx esi, [rdi]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18] > 0x000831f3 : movzx esi, [r15]; lea rbx, [r15 + 1]; mov rdi, r13; call [rax + 0x18] > 0x0007d487 : mov rcx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret > 0x0007b1fb : mov rcx, [rdx + 0x20]; cmp rax, rcx; cmovb rax, rcx; sub rax, [rdx + 0x10]; sar rax, 2; ret > 0x0004104e : mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret > 0x0007d488 : mov ecx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret > 0x0008528e : mov r10, [rdx]; mov rax, [rax + 0x330]; mov rdx, [rbx + 0x20]; push r10; call rax > 0x0007bddf : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax > 0x0013b6ae : mov rsi, [rbp + 0x20]; mov rdi, rbx; mov r12d, eax; xor eax, eax; call [rbp + 0x28] > 0x0013b6af : mov esi, [rbp + 0x20]; mov rdi, rbx; mov r12d, eax; xor eax, eax; call [rbp + 0x28] > 0x0003be6e : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx > 0x0016c1f4 : mov ecx, [rax + 0x60]; xor edx, edx; cmp ecx, [rsi + rax + 0x60]; setg dl; lea eax, [rdx + rdx - 1]; ret > 0x0005d652 : movzx edx, [rcx + rax]; lea rax, [rip + 0x131943]; movsxd rax, [rax + rdx*4]; add rax, rsi; jmp rax > 0x0015264e : mov rax, [r15]; sub eax, [rsi]; mov ecx, [rdi + rdx - 4]; mov edi, [rsi + rdx - 4]; sub ecx, edi; or eax, ecx; ret > 0x00114df9 : mov edx, [rbp + 0x18]; movdqu xmm5, xmm[r13 + 0x30]; mov [rbp - 0x80], edx; mov rdx, r14; movups xmm[rbp - 0x78], xmm5; call rax > 0x00114e59 : mov edx, [r12 + 0x18]; movdqu xmm3, xmm[r12 + 0x30]; mov [rbp - 0x80], edx; mov rdx, r13; movups xmm[rbp - 0x78], xmm3; call rax > 0x00114df8 : mov edx, [r13 + 0x18]; movdqu xmm5, xmm[r13 + 0x30]; mov [rbp - 0x80], edx; mov rdx, r14; movups xmm[rbp - 0x78], xmm5; call rax > 0x00114d91 : mov edx, [r14 + 0x18]; movdqu xmm1, xmm[r14 + 0x30]; mov [rbp - 0x80], edx; mov rdx, r12; movups xmm[rbp - 0x78], xmm1; call rax > 0x0003be6a : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx > 0x0003be6b : mov ebp, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx > 0x00034bf8 : mov rcx, [rax + 0xb0]; mov rdx, [rip + 0x19d20a]; mov [rdx], rcx; mov rdx, [rax + 0xb8]; mov rax, [rip + 0x19d2b9]; mov [rax], rdx; ret > 0x0004bfe6 : mov rsi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret > 0x0004bfe7 : mov esi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret > 0x00145e86 : mov rbp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]