Free Online ROP Gadgets Search

ropshell> use 3d485d8863907e13f0e58f292d4a88c0 (download)
name         : astra (x86_64/ELF)
base address : 0x404400
total gadgets: 4002

ropshell> suggest "load mem"
> 0x00412b18 : mov rax, [rdx]; ret
> 0x00406390 : mov rax, [rdi]; ret
> 0x00412b19 : mov eax, [rdx]; ret
> 0x00405ec0 : mov eax, [rdi]; ret
> 0x00406f70 : mov rax, [rdi + 0x28]; ret
> 0x0046355b : movzx eax, [rdx + 0x489bd3]; ret
> 0x00406f71 : mov eax, [rdi + 0x28]; ret
> 0x00412aad : mov rcx, [rax]; mov rax, rcx; ret
> 0x00412aae : mov ecx, [rax]; mov rax, rcx; ret
> 0x004125f5 : mov rdi, [rax]; call rdx
> 0x0044b40d : mov rdi, [rdx]; call rax
> 0x00406404 : mov rdi, [rbp]; call r12
> 0x004125f6 : mov edi, [rax]; call rdx
> 0x0044b40e : mov edi, [rdx]; call rax
> 0x00406405 : mov edi, [rbp]; call r12
> 0x0046b794 : movzx edx, [rsi + 8]; sub eax, edx; ret
> 0x0041143b : mov rax, [rbx + 0x28]; pop rbx; jmp rax
> 0x00408370 : mov rdi, [rbx + 0x18]; call rbp
> 0x00407354 : mov rdi, [rdx + 0x20]; call rsi
> 0x0041143c : mov eax, [rbx + 0x28]; pop rbx; jmp rax
> 0x00408371 : mov edi, [rbx + 0x18]; call rbp
> 0x00407355 : mov edi, [rdx + 0x20]; call rsi
> 0x0041a43a : mov rdi, [rbx]; call [rbx + 8]
> 0x0041a43b : mov edi, [rbx]; call [rbx + 8]
> 0x00412824 : mov rax, [rdx + 0x100]; mov [rdx + 0x100], rsi; ret
> 0x00414113 : mov rcx, [rax + 0x10]; add rsp, 8; mov rax, rcx; ret
> 0x00414114 : mov ecx, [rax + 0x10]; add rsp, 8; mov rax, rcx; ret
> 0x0041f470 : movzx edx, [rdi + 0x47d1e0]; lea eax, [rdx + rax]; ret
> 0x00406401 : mov rsi, [rbx]; mov rdi, [rbp]; call r12
> 0x0040daf3 : movzx edx, [rsi]; mov [rdi], dl; mov [rsi], al; ret
> 0x00406402 : mov esi, [rbx]; mov rdi, [rbp]; call r12
> 0x0040bc04 : mov rdi, [rbp + 0x20]; call [rax + 0x58]
> 0x0040bc05 : mov edi, [rbp + 0x20]; call [rax + 0x58]
> 0x00412d79 : mov rdx, [rax + 8]; mov rax, [rax]; mov [rsi], rdx; ret
> 0x00412d7a : mov edx, [rax + 8]; mov rax, [rax]; mov [rsi], rdx; ret
> 0x0041aea3 : mov rax, [rsi]; movzx eax, [rax + 9]; add rsp, 8; and eax, 3; ret
> 0x0041aea4 : mov eax, [rsi]; movzx eax, [rax + 9]; add rsp, 8; and eax, 3; ret
> 0x004433e1 : mov ebp, [rdi]; cld ; inc [rax + rax*8 + 0x5d5bcf74]; xor eax, eax; pop r12; ret
> 0x00465938 : mov rax, [edi + 0x70]; mov rdi, [rax]; call [rax + 0x20]
> 0x00407870 : mov rdx, [rdi + 0x18]; mov rax, [rdi + 0x48]; mov rdi, rdx; jmp rax
> 0x0042ac3a : mov rax, [rbp]; mov rbx, [rsp + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0042ac3b : mov eax, [rbp]; mov rbx, [rsp + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x00463d14 : movzx eax, [r8]; mov [rdi + 0x34], 0; mov [rdi + 0x39], al; mov eax, 1; ret
> 0x0045e92f : mov rdx, [rbx + 0x10]; mov rdx, [rdx + 0x40]; add [rax + 0xc4], edx; pop rbx; ret
> 0x0040b45f : mov rsi, [rax + 0x10]; mov rdi, [rbx + 0x18]; call [rbx + 0x10]
> 0x0040bc00 : mov rsi, [rbp + 0x28]; mov rdi, [rbp + 0x20]; call [rax + 0x58]
> 0x00469999 : mov rdi, [r15 + 0x18]; mov rsi, [rsp + 8]; call [r15 + 0x10]
> 0x0045e930 : mov edx, [rbx + 0x10]; mov rdx, [rdx + 0x40]; add [rax + 0xc4], edx; pop rbx; ret
> 0x0040b460 : mov esi, [rax + 0x10]; mov rdi, [rbx + 0x18]; call [rbx + 0x10]
> 0x0040bc01 : mov esi, [rbp + 0x28]; mov rdi, [rbp + 0x20]; call [rax + 0x58]
> 0x00463ce4 : movzx eax, [rsi + 0x12]; mov [rdi + 0x34], 0; mov [rdi + 0x3b], al; mov eax, 1; ret
> 0x004129a2 : mov rdx, [rsi]; mov [rax], rdx; mov edx, [rsi + 8]; mov [rax + 8], edx; pop rbx; ret
> 0x00406309 : mov rdi, [rax + 0x10]; mov [rsp + 8], rax; mov esi, [rsp + 0x1c]; call rdx
> 0x0040630a : mov edi, [rax + 0x10]; mov [rsp + 8], rax; mov esi, [rsp + 0x1c]; call rdx
> 0x0041a430 : mov rcx, [rdx + 0x10]; mov rdx, rsi; mov rsi, rdi; mov rdi, [rbx]; call [rbx + 8]
> 0x00405a18 : mov eax, [r14 + 8]; mov [rsp], eax; mov rsi, rsp; mov rdi, r12; xor ebp, ebp; call r13
> 0x0041a431 : mov ecx, [rdx + 0x10]; mov rdx, rsi; mov rsi, rdi; mov rdi, [rbx]; call [rbx + 8]
> 0x00427e38 : mov rsi, [rdi + 0x18]; mov rdi, [rdi + 0x20]; lea rdx, [rsp + 8]; call [rbx + 0x10]
> 0x00427e39 : mov esi, [rdi + 0x18]; mov rdi, [rdi + 0x20]; lea rdx, [rsp + 8]; call [rbx + 0x10]