ropshell> use 3d7240354d70ebbd11911187f1acd6e8 (download)
name         : libc-2.35.so (x86_64/ELF)
base address : 0x28700
total gadgets: 16822
ropshell> suggest "load mem"
> 0x00081e40 : mov eax, [rdx]; ret
> 0x000e66e4 : mov eax, [rdi]; ret
> 0x0008f4e4 : mov rax, [rdi + 0x68]; ret
> 0x001092f1 : mov eax, [rdx + 8]; ret
> 0x00152054 : mov eax, [rdi + 0x20]; ret
> 0x001a2d68 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x000b52e4 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0008f1d5 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0010aace : mov rcx, [r12]; call rax
> 0x000bfce0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0011fe13 : mov rdi, [rbp]; call rbx
> 0x0011fe45 : mov rdi, [r12]; call rbx
> 0x0011fea3 : mov rdi, [r13]; call rbx
> 0x0012c449 : mov eax, [r12]; pop rbx; pop rbp; pop r12; ret
> 0x0011fe14 : mov edi, [rbp]; call rbx
> 0x001a3548 : movzx ecx, [rsi + rcx]; sub eax, ecx; ret
> 0x00192f3f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x000a7990 : mov rdi, [rbx + 0x48]; call rax
> 0x00045d99 : mov rdi, [rbp + 8]; call rax
> 0x000a7991 : mov edi, [rbx + 0x48]; call rax
> 0x00045d9a : mov edi, [rbp + 8]; call rax
> 0x0018b640 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0010588b : mov r8, [rax]; mov [rax], rdi; mov rax, r8; ret
> 0x0011aa3f : mov r12, [rbp]; mov rax, r12; pop rbx; pop rbp; pop r12; ret
> 0x000bc7f6 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x00162d50 : mov edx, [rdi]; mov [rax], edx; mov eax, 1; ret
> 0x00090390 : mov rax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0009e6a2 : mov rax, [rsi + 0x18]; mov [rdi + 0x18], rax; ret
> 0x00118d21 : mov rax, [r13 + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x00090409 : mov rdx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x000ea3e3 : mov rdx, [rdi + 0x18]; mov [rdi + 0x18], rdx; ret
> 0x00090391 : mov eax, [rbx + 0x10]; mov [rax], rdi; pop rbx; ret
> 0x0009e6a3 : mov eax, [rsi + 0x18]; mov [rdi + 0x18], rax; ret
> 0x00118d22 : mov eax, [rbp + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x001803ce : mov ecx, [rbp + 1]; fnstcw [rsi]; jmp r9
> 0x0009040a : mov edx, [rbx + 0x10]; mov [rdx], rax; pop rbx; ret
> 0x000ea3e4 : mov edx, [rdi + 0x18]; mov [rdi + 0x18], rdx; ret
> 0x00175f0c : mov rax, [rbx]; add rsp, 8; pop rbx; pop rbp; jmp rax
> 0x00175f0d : mov eax, [rbx]; add rsp, 8; pop rbx; pop rbp; jmp rax
> 0x00113a34 : mov eax, [rsi]; mov [rdi + 0x108], eax; xor eax, eax; ret
> 0x0012d862 : mov eax, [rbp]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x0012d861 : mov eax, [r13]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x0015e2c9 : mov rax, [rbp + 8]; call [rax + 0x28]
> 0x0008924b : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x0009d398 : mov rdi, [rax + 8]; call [rax]
> 0x00132ab3 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0008924c : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x0009d399 : mov edi, [rax + 8]; call [rax]
> 0x00132ab4 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x00149d3c : mov rax, [r12]; mov [rax + 8], 0; pop rbx; pop rbp; pop r12; ret
> 0x00182a84 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00029d86 : mov rdx, [rax]; mov rax, [rsp + 8]; call rax
> 0x00125ae3 : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0012040f : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x00029d87 : mov edx, [rax]; mov rax, [rsp + 8]; call rax
> 0x00125ae4 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x00120410 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x0018b766 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x000892a5 : mov rax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret
> 0x00053b71 : mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000bc879 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00053b72 : mov ecx, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000430b9 : mov rax, [rsi]; and rax, [rdx]; mov [rdi], rax; xor eax, eax; ret
> 0x00167f47 : mov rax, [r8 + 0x38]; mov rdi, r8; call [rax + 0x20]
> 0x0015e6f4 : mov rax, [r12 + 0x38]; mov rdi, r12; call [rax + 0x20]
> 0x00166163 : mov rax, [r14 + 0x70]; mov rdi, rbp; call [rax + 0x20]
> 0x00166ea7 : mov rax, [r15 + 0x60]; mov rdi, rbp; call [rax + 0x20]
> 0x000bfe24 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00091655 : mov rdx, [rsi + 0x18]; imul rax, rcx; lea rax, [rax + rdx + 0x4000]; ret
> 0x00090b95 : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x001666a0 : mov esi, [rbx + 0x88]; mov rdi, r15; call [rax + 0x28]
> 0x00153523 : mov rdx, [r15]; mov r8, rbp; mov rcx, r14; mov rdi, r13; call r12
> 0x00120030 : mov rsi, [r14]; mov rax, [rsp + 0x10]; mov rdi, rbp; call rax
> 0x001630f4 : mov rdi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x001673d0 : mov rdi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x0008df1a : movzx esi, [rcx]; lea rbx, [rcx + 1]; call [rax + 0x18]
> 0x001630f5 : mov edi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x001673d1 : mov edi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x001204d8 : mov rsi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x001204d9 : mov esi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x0015f82c : mov rsi, [rbx + 0x10]; mov rdx, r12; mov rdi, r13; call [rax + 0x10]
> 0x00039b0c : mov rsi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x0017553a : mov r8, [rbx + 0x10]; call [rax + 0x340]; mov [rbx], rax; pop rax; pop rdx; pop rbx; ret
> 0x0009d430 : mov r12, [rbp + 0x18]; mov rdi, [rbp + 8]; call [rbp]
> 0x00042311 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000f4197 : movzx edx, [rcx + rcx]; mov [rax + 8], 1; mov [rax], dl; mov eax, 1; ret
> 0x000f4196 : movzx edx, [r9 + rcx]; mov [rax + 8], 1; mov [rax], dl; mov eax, 1; ret
> 0x00039b0d : mov esi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x001290e5 : mov rcx, [r8]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xf0346], 0; ret
> 0x00044480 : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x00160279 : mov rdi, [r14]; add r13, rbx; sub edx, ebx; mov rsi, r13; call [r14 + 0x40]
> 0x0016000c : mov rdi, [r15]; add r13, rax; sub edx, eax; mov rsi, r13; call [r15 + 0x40]
> 0x001290e6 : mov ecx, [rax]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xf0346], 0; ret
> 0x00044481 : mov esi, [rbp]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x0016027a : mov edi, [rsi]; add r13, rbx; sub edx, ebx; mov rsi, r13; call [r14 + 0x40]
> 0x0008719b : mov rcx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x00084d4f : mov rcx, [rdx + 0x20]; cmp rax, rcx; cmovb rax, rcx; sub rax, [rdx + 0x10]; sar rax, 2; ret
> 0x00164a6e : mov rsi, [r8 + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x00053b6d : mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0008719c : mov ecx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x00061b52 : movzx edx, [r14 + rcx]; mov [r13 + rdi + 5], dl; mov rdi, r13; call rax
> 0x00164a6f : mov esi, [rax + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x00090512 : mov r10, [rdx]; mov rax, [rax + 0x348]; mov rdx, [rbx + 0x20]; push r10; call rax
> 0x0008abc8 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, rbp; call rax
> 0x000859cf : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x000c6322 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x001a35eb : mov ecx, [rdi + rax]; xor edx, edx; cmp ecx, [rsi + rax]; setg dl; lea eax, [rdx + rdx - 1]; ret
> 0x0008abc9 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, rbp; call rax
> 0x001b5cb4 : mov ecx, [rax + 0x60]; xor edx, edx; cmp ecx, [rsi + rax + 0x60]; setg dl; lea eax, [rdx + rdx - 1]; ret
> 0x0004230d : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0019a24e : mov rax, [r15]; sub eax, [rsi]; mov ecx, [rdi + rdx - 4]; mov edi, [rsi + rdx - 4]; sub ecx, edi; or eax, ecx; ret
> 0x00051688 : movzx r8, [rax + r10]; mov edx, 6; mov [rip + 0x1ca24d], al; lea rax, [rip + 0x1ca241]; mov [rax + rdx], 0; ret
> 0x00160008 : mov edx, [r15 + 0x48]; mov rdi, [r15]; add r13, rax; sub edx, eax; mov rsi, r13; call [r15 + 0x40]
> 0x0010aab5 : mov r8, [r12 + 8]; mov rdi, [rbp - 0x1c0]; mov esi, 2; push rax; mov rax, [rbp - 0x1f0]; mov rcx, [r12]; call rax
> 0x001339fc : mov edx, [r13 + 0x60]; movdqu xmm7, xmm[r13 + 0x78]; mov [rbp - 0x80], edx; mov rdx, rbx; movups xmm[rbp - 0x78], xmm7; call rax
> 0x00039bd8 : mov rcx, [rax + 0xb8]; mov rdx, [rip + 0x1df25a]; mov [rdx], rcx; mov rdx, [rax + 0xc0]; mov rax, [rip + 0x1df309]; mov [rax], rdx; ret
> 0x0005404b : mov rsi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0005404c : mov esi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0016a1fa : mov rbp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]
> 0x0016a1fb : mov ebp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]