Free Online ROP Gadgets Search

ropshell> use 6b782c8ab9170412eb71cd76a019b540 (download)
name         : just (x86_64/ELF)
base address : 0x400390
total gadgets: 8746

ropshell> suggest "load mem"
> 0x00410190 : mov eax, [rdx]; ret
> 0x0046ba67 : mov eax, [rsi]; pop rbx; ret
> 0x004168a0 : mov rax, [rdi + 0x68]; ret
> 0x0047bcfc : mov eax, [rsi + 4]; ret
> 0x004168a1 : mov eax, [rdi + 0x68]; ret
> 0x004229e3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x0042e5e3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x00426243 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0041655e : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00435460 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0049ca48 : mov rsi, [rbx]; call r14
> 0x0049ca97 : mov rsi, [r15]; call r14
> 0x0046e4b4 : mov rdi, [rbp]; call r12
> 0x004404ef : mov rdi, [r12]; call rbx
> 0x0040e01c : mov rdi, [r13]; call r14
> 0x00440066 : mov rdi, [r14]; call rbx
> 0x004400a7 : mov rdi, [r15]; call rbx
> 0x0047e874 : mov eax, [rcx]; add [rcx - 0x77], cl; ret
> 0x0046b948 : mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x0049ca49 : mov esi, [rbx]; call r14
> 0x0049ca98 : mov esi, [rdi]; call r14
> 0x00440067 : mov edi, [rsi]; call rbx
> 0x0046e4b5 : mov edi, [rbp]; call r12
> 0x0049cc0b : mov rax, [rsi + 0x10]; add rsp, 8; ret
> 0x00422b0f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0040154d : mov ebp, [rax + rax]; xor eax, eax; ret
> 0x0049beeb : movzx ecx, [rdx + rax]; mov rdx, [0]; ret
> 0x00439650 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x0049bf78 : mov rdx, [r12]; mov edi, 1; call rax
> 0x0049dd18 : mov rdx, [r15]; mov rdi, rbp; call rbx
> 0x0049dd19 : mov edx, [rdi]; mov rdi, rbp; call rbx
> 0x0048bdf0 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0047c3ba : mov rax, [rcx + rax]; cmp rax, -1; cmove rax, rdx; ret
> 0x0048bdd0 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0048bde4 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0048bdb2 : mov eax, [rbx + 0x10]; jmp [0]
> 0x0047c3bb : mov eax, [rcx + rax]; cmp rax, -1; cmove rax, rdx; ret
> 0x0048bdd1 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0048bde5 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x004127cb : mov rax, [rbp + 0xd8]; call [rax + 0x40]
> 0x0045fa63 : mov rax, [r14 + 0xd8]; call [rax + 0x38]
> 0x004127cc : mov eax, [rbp + 0xd8]; call [rax + 0x40]
> 0x0047dc94 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x004353f4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x0049c5a3 : mov rdx, [r13]; mov esi, 1; mov edi, 1; call rax
> 0x004404a2 : mov rdi, [rax]; mov [rsp + 8], rax; call rbx
> 0x0047dc95 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x0049c5a4 : mov edx, [rbp]; mov esi, 1; mov edi, 1; call rax
> 0x004404a3 : mov edi, [rax]; mov [rsp + 8], rax; call rbx
> 0x0043e240 : mov eax, [r8 + 4]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x004229c4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x00410727 : mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x0043b4f4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0043b403 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0041062d : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov rdi, r15; call rax
> 0x0040fd4e : mov rbp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00410670 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x00410728 : mov ebx, [rdi + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x00410671 : mov ebp, [rdi + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x00442785 : mov rax, [rbx]; mov [rip + 0x288959], rax; add rsp, 8; pop rbx; pop rbp; rep ; ret
> 0x0049a0c8 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; add rsp, 8; ret
> 0x00442786 : mov eax, [rbx]; mov [rip + 0x288959], rax; add rsp, 8; pop rbx; pop rbp; rep ; ret
> 0x0047ecb3 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; repne ; call r11
> 0x0049dd14 : mov rsi, [r14 + 8]; mov rdx, [r15]; mov rdi, rbp; call rbx
> 0x0047ecb4 : mov esi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; repne ; call r11
> 0x0040fa5f : mov rax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x0046bdea : mov rax, [r13 + 0xd8]; mov esi, ebx; mov rdi, r13; call [rax + 0x18]
> 0x0040fdd6 : mov r9, [rax + 0x10]; lea r8, [rsp + 0x18]; call [rbp + 0x18]
> 0x004807e3 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0040fa60 : mov eax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x0040fdd7 : mov ecx, [rax + 0x10]; lea r8, [rsp + 0x18]; call [rbp + 0x18]
> 0x00440931 : mov rsi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x00440932 : mov esi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x004151f2 : movzx esi, [r14]; mov rdi, r12; lea rbx, [r14 + 1]; call [rax + 0x18]
> 0x0049c9e8 : mov rcx, [rdx + 8]; mov edx, 1; sbb eax, eax; cmp [rsi + 8], rcx; cmova eax, edx; ret
> 0x0046b26c : mov rax, [r12 + 0xd8]; movsxd rdx, ebx; mov rsi, r13; mov rdi, r12; call [rax + 0x38]
> 0x0046b5f1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0046b93e : mov rax, [rdx]; lea rcx, [rax + 4]; mov [rdx], rcx; mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x0047ecaf : mov rcx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; repne ; call r11
> 0x0047ecb0 : mov ecx, [rdi + 0x18]; mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; repne ; call r11
> 0x0047b3e4 : mov r12, [rax]; mov rbx, rax; mov [rip + 0x25158f], r15; mov rdi, r14; mov [rax], 0; call r13
> 0x004807df : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00443b91 : mov ebp, [rax]; add [rcx + 0x288aee05], cl; add [rdi], cl; test dh, ch; add [rax], al; add [rbx - 0x76bef020], al; ret 0xb8
> 0x00410a10 : mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x0045d09b : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rax, [rdi + 0xd8]; sub rdx, rsi; sar rdx, 2; call [rax + 0x38]
> 0x00410a09 : mov rax, [r15 + 0xa0]; mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x0046b5e9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0046b5ea : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00450b42 : movzx esi, [rax + 0xe]; mov [rdx + 0xe], sil; mov [rax + 0xe], cl; mov rdx, r13; mov rsi, [rsp + 0x20]; mov rdi, r12; call r15
> 0x0040fa4f : mov r8, [rdx + 0x88]; mov [r8 + 8], r9; add [r8 + 4], 1; mov rax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x00410716 : mov r14, [rax + 0x40]; mov rax, [rax + 0x50]; mov [rsp + 8], r14; mov [rsp], rax; mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]