ropshell> use 31e5bab101f78c0dd51973c2ec59f561 (download)
name         : libc.so.6 (arm/ELF)
base address : 0x15c40
total gadgets: 5217

ropshell> suggest "write mem"
> 0x000fe7e6 : str r4, [r0]; pop {r3, r4, r5, pc}
> 0x0007994e : str r1, [r2]; pop {r4, r5, r6, pc}
> 0x0008f7fe : str r3, [r2]; pop {r3, r4, r5, pc}
> 0x0006276a : str r5, [r2]; pop {r3, r4, r5, pc}
> 0x000c81d2 : str r0, [r3]; pop {r3, pc}
> 0x00078c12 : str r2, [r3]; pop {r3, pc}
> 0x000a6af2 : str r4, [r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000f20a2 : str r0, [r4]; pop {r4, pc}
> 0x00064432 : str r1, [r4]; pop {r4, pc}
> 0x00019f6e : str r3, [r4]; pop {r3, r4, r5, pc}
> 0x000c30de : str r5, [r4]; pop {r3, r4, r5, pc}
> 0x00102d3e : str r3, [r5]; pop {r3, r4, r5, r6, r7, pc}
> 0x0007c92e : str r4, [r6]; pop {r4, r5, r6, pc}
> 0x000fb5ba : str r3, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x00031b9a : str r5, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x0002d8b6 : str r2, [r0, r3]; pop {r4, pc}
> 0x000e979a : str r5, [r0, r3]; pop {r3, r4, r5, pc}
> 0x00026b4a : str ip, [r0, r3]; pop {r4, r5, pc}
> 0x000c3fa2 : str r6, [r4, r3]; pop {r4, r5, r6, pc}
> 0x000313be : str r3, [r0]; mov r0, r3; pop {r4, pc}
> 0x000a895e : str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}
> 0x00079976 : str r0, [r2]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x0006eaaa : str r1, [r3, #0x18]; pop {r4, r5, r6, r7, pc}
> 0x000f457e : streq r2, [r4, #0x10]; pop {r3, r4, r5, pc}
> 0x000c462a : str r0, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000f929a : str r2, [r6, #0x28]; pop {r3, r4, r5, r6, r7, pc}
> 0x000803ea : strne r3, [r6]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0008beee : str r5, [r6]; blx sb
> 0x000bdb5a : str ip, [r6, #4]; pop {r4, r5, r6, pc}
> 0x00079a0e : str r0, [r7]; mov r0, r5; pop {r3, r4, r5, r6, r7, pc}
> 0x0001be7e : str r2, [r7, #0x18]; pop {r3, r4, r5, r6, r7, pc}
> 0x000c5d1a : str r1, [r0, r2]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x000b9c12 : str r0, [r1, r3, lsl #2]; pop {r4, r5, r6, pc}
> 0x000cbd26 : strge ip, [r1, #4]; bx lr
> 0x000a680a : str r5, [r3, r0, lsl #2]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b9d6e : str ip, [r4]; mov r0, #0; pop {r3, r4, r5, pc}
> 0x000a89e2 : strne ip, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000f427e : str r1, [r5, #0x2c]; mov r0, r3; pop {r4, r5, r6, pc}
> 0x00023126 : str r2, [r5]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x000c3086 : str r6, [r5, #0x24]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x000edf22 : str r7, [r5, #0x2c]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x0008a6d2 : str r1, [r6]; add sp, sp, #0x10; pop {r4, r5, r6, pc}
> 0x000da586 : str lr, [fp, #-0x40]; blx ip
> 0x0004a41e : str r3, [lr, #0xf0c]; blx r2
> 0x0009928a : str r6, [r0, r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000803e6 : streq r0, [r6]; strne r3, [r6]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0005c17a : str r0, [ip]; mov r0, r5; add sp, sp, #0x24; pop {r4, r5, pc}
> 0x000da25e : str r2, [fp, #-0x4c]; mov r2, r6; blx r3
> 0x00049b2e : str ip, [lr, #0xf08]; mov r0, r6; blx sb
> 0x000bdabe : str r2, [r1, #0x10]; str r3, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00064ed6 : streq r7, [r1, #4]; str r3, [r5, #0xa0]; pop {r3, r4, r5, r6, r7, pc}
> 0x0006e75a : streq r7, [r4, #8]; str r3, [r4, #0xa0]; pop {r3, r4, r5, r6, r7, pc}
> 0x000bda16 : str r4, [ip, #4]; str r3, [r5, #4]; pop {r3, r4, r5, pc}
> 0x00028f26 : str r3, [fp, #-0x80]; eor r2, r1, r2; blx r2
> 0x000ce51a : str r2, [ip, #4]; mov r0, r3; add sp, sp, #0x24; pop {r4, r5, r6, r7, pc}
> 0x000f00b6 : str r3, [ip]; str r3, [r0]; str r3, [r1]; str r3, [r2]; pop {r4, pc}
> 0x000da97e : str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip
> 0x000da5fe : str r8, [fp, #-0x44]; str lr, [fp, #-0x40]; blx ip
> 0x000a89da : strne ip, [r2]; cmp r3, #0; strne ip, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x00064ed2 : streq r4, [r1, #0x14]; streq r7, [r1, #4]; str r3, [r5, #0xa0]; pop {r3, r4, r5, r6, r7, pc}
> 0x0001be76 : str r1, [r7, #0x30]; str r3, [r7, #0x14]; str r2, [r7, #0x18]; pop {r3, r4, r5, r6, r7, pc}
> 0x0008cb32 : strhi r4, [r2]; cmp r0, r4; ldrhi r3, [pc, #0x20]; addhi r3, pc, r3; strhi r0, [r3]; pop {r3, r4, r5, pc}
> 0x000fb26a : streq r3, [sl]; ldr r3, [r4, #4]; mov r0, r4; ldr r3, [r3, #0x10]; blx r3
> 0x000da57e : str r7, [fp, #-0x3c]; str r5, [fp, #-0x44]; str lr, [fp, #-0x40]; blx ip
> 0x000da7ee : str sl, [fp, #-0x44]; str lr, [fp, #-0x40]; str ip, [fp, #-0x4c]; blx r3
> 0x000a89d6 : str r1, [ip, #0x1c]; strne ip, [r2]; cmp r3, #0; strne ip, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000a6a3a : str r7, [r6, #4]; stmlt r0, {r4, r5}; strge r5, [r0]; strge r4, [r0, #4]; mov r0, #0; pop {r3, r4, r5, r6, r7, pc}
> 0x0001be72 : str ip, [r7, #0x2c]; str r1, [r7, #0x30]; str r3, [r7, #0x14]; str r2, [r7, #0x18]; pop {r3, r4, r5, r6, r7, pc}
> 0x000da976 : str r4, [fp, #-0x44]; str r3, [fp, #-0x4c]; str r5, [fp, #-0x3c]; str lr, [fp, #-0x40]; blx ip
> 0x00031f86 : strh r5, [r1, #0xc]; strh r4, [r1, #0xe]; strd r2, r3, [r1, #0x10]; strh ip, [r1]; pop {r4, r5, r6}; bx lr
> 0x00105aa2 : streq r7, [r8, #0xc]; ldr r1, [sp]; add r0, r1, #0x4c0; add r0, r0, #4; ldr r3, [r1, #0x7f4]; blx r3
> 0x000a89d2 : str r5, [ip, #0x10]; str r1, [ip, #0x1c]; strne ip, [r2]; cmp r3, #0; strne ip, [r3]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000f8fda : str r8, [r4, #0x24]; ldr r3, [r3, #0xc]; mov r0, r5; ldr r1, [sp, #8]; ldr r2, [r4, #0x48]; blx r3
> 0x00064eca : strne r6, [r1, #4]; streq r4, [r1, #0x10]; streq r4, [r1, #0x14]; streq r7, [r1, #4]; str r3, [r5, #0xa0]; pop {r3, r4, r5, r6, r7, pc}
> 0x0001be6e : str r4, [r7, #0x28]; str ip, [r7, #0x2c]; str r1, [r7, #0x30]; str r3, [r7, #0x14]; str r2, [r7, #0x18]; pop {r3, r4, r5, r6, r7, pc}
> 0x000da24e : str r0, [fp, #-0x40]; mov r0, r7; str lr, [fp, #-0x3c]; str ip, [fp, #-0x44]; str r2, [fp, #-0x4c]; mov r2, r6; blx r3
> 0x00030da2 : str r6, [r3, #0xc]; ldr r1, [r1]; eor r5, r5, r1; str r5, [r3, #4]; mcr p15, #0, r0, c7, c10, #5; str r2, [r3]; pop {r5, r6, r7, pc}
> 0x000dab7a : str r1, [fp, #-0x44]; str r2, [fp, #-0x40]; str r3, [fp, #-0x4c]; ldr r0, [pc, #0xa4]; mov r1, #0; mov r2, r6; blx sl