ropshell> use 31e5bab101f78c0dd51973c2ec59f561 (download)
name : libc.so.6 (arm/ELF)
base address : 0x15c40
total gadgets: 5217
ropshell> suggest "load mem"
> 0x000645fe : ldr r0, [r2]; pop {r3, r4, r5, pc}
> 0x00064212 : ldrne r0, [r3]; pop {r4, pc}
> 0x0002b662 : ldr r0, [pc, r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000f061e : ldr r0, [r1]; blx r2
> 0x000182aa : ldr r1, [r2]; blx r3
> 0x0007107d : ldrh r4, [r3]; movs r4, r1; pop {r2, r3, r5, r6, pc}
> 0x0002791e : ldr r0, [r4, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x000dc25e : ldr r6, [r4]; blx ip
> 0x000a75ea : ldr r0, [r5, #0x3c]; pop {r3, r4, r5, pc}
> 0x000e0b05 : ldrh r4, [r6]; movs r5, r0; pop {r4, r7, pc}
> 0x000d1cc6 : ldr r0, [r7, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x0001eef6 : ldr ip, [r7]; blx ip
> 0x000fa762 : ldr ip, [r8]; blx ip
> 0x0006f6e2 : ldr r3, [sl]; blx r3
> 0x00072302 : ldr r3, [fp]; blx r3
> 0x0006dfa6 : ldr r1, [r0]; str r1, [r2]; bx lr
> 0x000cdb86 : ldr r3, [r4, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x0001c0ce : ldr ip, [r4, #4]; blx ip
> 0x0002f9d2 : ldr r1, [r5]; mov r2, r8; blx sb
> 0x0008f7fa : ldr r2, [r5, r2]; str r3, [r2]; pop {r3, r4, r5, pc}
> 0x0003108a : ldr r3, [r5, #0x7f4]; blx r3
> 0x00066106 : ldr ip, [r5, #0xc]; blx ip
> 0x001061a2 : ldr r0, [r8, #0x40]; blx ip
> 0x0006e51a : ldr r3, [r8, #0xa0]; blx r3
> 0x0001e54e : ldr ip, [sl, #4]; blx ip
> 0x000a102a : ldr r0, [fp, #-0x1a8]; blx r4
> 0x000f1fba : ldr r1, [fp, #-0x68]; blx r5
> 0x00043e72 : ldr r2, [fp, #-0x47c]; blx r3
> 0x0004b35e : ldr r2, [lr, #0xf7c]; blx r3
> 0x000f2532 : ldr ip, [lr]; mov r1, #4; blx ip
> 0x00026b46 : ldr r3, [pc, r3]; str ip, [r0, r3]; pop {r4, r5, pc}
> 0x0006f6de : ldr sl, [r4, r3]; ldr r3, [sl]; blx r3
> 0x00044ad1 : ldr r1, [pc, #0x340]; movs r7, r1; blx r4
> 0x000fb486 : ldr r2, [pc, #0xc]; ldr r0, [r3, r2]; pop {r3, pc}
> 0x000631e2 : ldr ip, [r2, #0x1c]; mov r2, #0x10; blx ip
> 0x000cdb82 : ldr r2, [r6]; ldr r3, [r4, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x000f1fb6 : ldr r5, [lr]; ldr r1, [fp, #-0x68]; blx r5
> 0x000cd69a : ldr r4, [pc, #0x1c]; add r4, pc, r4; mov r0, r4; pop {r4, pc}
> 0x00049fda : ldr ip, [r0]; mov r0, r4; ldr r3, [ip, r3]; blx r3
> 0x000a6aba : ldr r2, [r1, #0x1c]; str r2, [r3, ip, lsl #2]; pop {r3, r4, r5, r6, r7, pc}
> 0x0005f80a : ldr r2, [r0]; mov r0, r3; orr r3, r2, #0x20; str r3, [r4]; pop {r3, r4, r5, pc}
> 0x000efee2 : ldr r3, [ip]; cmp r3, #0; mvnne r0, #0; moveq r0, #1; pop {r3, r4, r5, r6, r7, pc}
> 0x000bfc66 : ldr r7, [pc, #0x10]; svc #0; pop {r7}; cmn r0, #0x1000; bxlo lr
> 0x0009d54a : ldr r3, [r0, r3]; cmp r3, #0x26; mvnne r0, #0; moveq r0, #0x7f; pop {r4, pc}
> 0x000c69ea : ldr r3, [r2, r4]; mvn r2, #0; mov r0, #0; str r2, [r3]; pop {r4, r7, pc}
> 0x00044d1a : ldr r1, [r6, r1]; eor r3, r2, r3; mov r0, sl; mov r2, r5; blx r3
> 0x000fc1b2 : ldrne r3, [r6]; streq r3, [r4]; strne r3, [r4, #4]; moveq r0, r3; pop {r3, r4, r5, r6, r7, pc}
> 0x0008a992 : ldrne r2, [r3, #8]; addne r2, r2, #1; strne r2, [r3, #8]; pop {r3, r4, r5, pc}
> 0x0003c326 : ldr lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov r0, #0; bx lr
> 0x000c3042 : ldr r2, [r7, #-4]; mov r3, #0; mov r0, r4; str r3, [r2, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x0006e026 : ldr r2, [r4, #0xc]; mov r0, #0; add r3, r2, r3; str r3, [r4, #4]; pop {r3, r4, r5, pc}
> 0x000f03b5 : ldrh r0, [r6, #0x34]; movs r4, r0; ldrh r0, [r0, #0x28]; movs r4, r0; blx lr
> 0x000b9c06 : ldr r1, [r4, #4]; add r3, r2, r3; mov r0, #0; str r0, [r1, r3, lsl #2]; pop {r4, r5, r6, pc}
> 0x0006a8de : ldr r1, [r8, #0x98]; mov r0, r8; str fp, [sp]; ldr r1, [r1, #0x40]; blx r1
> 0x0001f206 : ldr r2, [r8]; mov r1, fp; str r4, [sp]; mov r3, sl; ldr ip, [r7, #4]; blx ip
> 0x00065ea2 : ldr r1, [sl, #0x98]; str r0, [sp]; mov r0, sl; ldr r1, [r1, #0x40]; blx r1
> 0x0003ebb6 : ldr r4, [r0]; orr r3, r3, r2, lsl #12; ror r5, r3, #0xc; vmov d0, r4, r5; pop {r4, r5}; bx lr
> 0x000695a6 : ldr r1, [r3]; ldr r2, [r3, #0xc]; str r1, [r3, #4]; str r2, [r3, #0x10]; pop {r4, pc}
> 0x000d1cba : ldr r3, [r7, #0x6c]; add r5, r5, r3; add r7, r7, r5, lsl #2; ldr r0, [r7, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x000235be : ldrsheq r6, [r1], -r8; ldr r3, [pc, #0x10]; add r3, pc, r3; ldr r3, [r3]; cmp r3, #0; bxeq lr
> 0x00105e02 : ldr r4, [r2, #0x14c]; add r0, sp, #0x10; add r1, sp, #0x14; add r2, sp, #0xf; blx r4
> 0x0002edaa : ldr r1, [ip, #8]; cmn r1, #6; streq r2, [ip, #8]; mov r0, r3; add sp, sp, #0x80; pop {r7, pc}
> 0x0002e8ce : ldr ip, [r3, r2, lsl #2]; and r1, r1, #0x1f; orr r1, ip, r4, lsl r1; str r1, [r3, r2, lsl #2]; pop {r4, pc}
> 0x000182c2 : ldr r5, [ip, r3]; add r4, pc, r4; ldr r3, [r5]; ldr r2, [r4, #0xc8]; eor r3, r2, r3; blx r3
> 0x00028d4e : ldr r3, [lr, r3]; add r2, pc, r2; ldr r3, [r3]; ldr r2, [r2, #0xa8]; eor r3, r2, r3; blx r3
> 0x000f37de : ldr ip, [pc, #0x18]; mov r0, r3; add ip, pc, ip; mov r1, r5; ldr r3, [ip, r2, lsl #2]; blx r3
> 0x00105742 : ldr r6, [r2, r3]; mov sl, r1; add r0, r6, #0x4d0; ldr r3, [r6, #0x7f0]; add r0, r0, #0xc; blx r3
> 0x00064cda : ldr r7, [r8, #0x18]; lsl fp, fp, #2; ldr r2, [r0, #0xa0]; stm sp, {r3, ip}; mov r0, fp; blx r2
> 0x00104852 : ldr r6, [pc, #0x100]; add r4, pc, r4; add r6, pc, r6; ldr r3, [r4]; ldr r3, [r3, #0x14]; blx r3
> 0x00105d16 : ldr r5, [r2, #0x160]; ldr r3, [r3]; ldm r0, {r0, r1, r2}; str r3, [sp, #8]; mvn r3, #1; blx r5
> 0x0001e53a : ldr r0, [sl, #0xc]; ldr r2, [fp]; mov r1, r8; str r7, [sp]; mov r3, r6; ldr ip, [sl, #4]; blx ip
> 0x0002ec96 : ldr r2, [ip, #8]; cmn r2, #6; moveq r2, #0; streq r2, [ip, #8]; mov r0, r3; add sp, sp, #0x84; pop {r4, r7, pc}
> 0x00028e2a : ldr r5, [r1, r3]; add r6, pc, r6; add r0, pc, r0; ldr r2, [r6, #0xa8]; ldr r3, [r5]; eor r3, r2, r3; blx r3
> 0x000aa702 : ldr ip, [r6]; add r5, ip, r5; add r3, r5, #0xc; ldm r3, {r0, r1, r2}; stm r4, {r0, r1, r2}; ldr r0, [r5, #4]; pop {r4, r5, r6, pc}
> 0x000fbcc2 : ldr r2, [sl, #8]; str r3, [sp, #0x54]; mov r0, sl; ldr r3, [r2, #0xc]; add r1, sp, #0x50; blx r3
> 0x00106262 : ldr r4, [fp, #-0x58]; ldr ip, [lr]; add ip, r4, ip; str ip, [sp, #4]; ldr ip, [fp, #-0x54]; blx ip
> 0x00040aaa : ldr lr, [fp, #-0x52c]; ldr r2, [lr, r2, lsl #2]; str r3, [fp, #-0x524]; str ip, [fp, #-0x528]; blx r2
> 0x00044ac9 : ldr r5, [pc, #0x260]; movs r7, r1; ldr r4, [pc, #0xa0]; movs r7, r1; ldr r1, [pc, #0x340]; movs r7, r1; blx r4
> 0x000660f6 : ldr ip, [r1, #-0x10]; str r0, [sp, #0xc]; str ip, [sp, #8]; mov r0, r5; ldr ip, [r5, #0xc]; blx ip
> 0x000db4da : ldr lr, [pc, #0x24]; ldr r3, [ip, r3]; add lr, pc, lr; ldr r3, [r3]; ldr ip, [lr, #0x50]; eor r3, ip, r3; blx r3
> 0x000da972 : ldr lr, [r6, #-8]; str r4, [fp, #-0x44]; str r3, [fp, #-0x4c]; str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip
> 0x000a894a : ldr r3, [r1, #4]; mov r0, #0; ldr r2, [r3, #0xc]; ldr r3, [r3, #0x1c]; str r2, [r1, #0xc]; str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}
> 0x000da572 : ldr r5, [r4, #0x3c]; ldr lr, [r4, #0x40]; str r3, [fp, #-0x4c]; str r7, [fp, #-0x3c]; str r5, [fp, #-0x44]; str lr, [fp, #-0x40]; blx ip
> 0x000da96e : ldr r5, [r6, #-4]; ldr lr, [r6, #-8]; str r4, [fp, #-0x44]; str r3, [fp, #-0x4c]; str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip