ropshell> use 75bb692f5cd51ba4143a42fc4948b025 (download)
name         : readme_revenge (x86_64/ELF)
base address : 0x400300
total gadgets: 7758
ropshell> suggest "load mem"
> 0x0046afda : mov eax, [rcx]; ret
> 0x0040a800 : movzx eax, [rdx]; ret
> 0x0048a731 : mov rax, [rsi + 0x10]; ret
> 0x0040ed30 : mov rax, [rdi + 0x68]; ret
> 0x0048a732 : mov eax, [rsi + 0x10]; ret
> 0x0040ed31 : mov eax, [rdi + 0x68]; ret
> 0x00417203 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x00422273 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0041a9b3 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0040ea14 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00428c00 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0048a35f : mov rdx, [rbp]; call r12
> 0x0043459c : mov rsi, [rax]; call r14
> 0x0048a314 : mov rsi, [r14]; call r12
> 0x004341af : mov rdi, [rbx]; call rbp
> 0x0045ed4a : mov rdi, [r12]; call rbp
> 0x0048a360 : mov edx, [rbp]; call r12
> 0x0043459d : mov esi, [rax]; call r14
> 0x004341b0 : mov edi, [rbx]; call rbp
> 0x0041732f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0042cde0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00489498 : mov rdx, [r12]; mov edi, 1; call rax
> 0x0048b248 : mov rdx, [r15]; mov rdi, r13; call r14
> 0x0048b249 : mov edx, [rdi]; mov rdi, r13; call r14
> 0x0047a088 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0047a068 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0047a07c : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0047a089 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x0044e27e : movzx eax, [rcx + rax]; jmp [rdx + rax*8]
> 0x0047a069 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x0047a07d : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x0045c82c : mov edx, [rax]; add rsp, 8; mov eax, edx; pop rbx; pop rbp; ret
> 0x00408500 : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x00408501 : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x0046cfc3 : mov rax, [rbx]; add rax, [rdx + 8]; call rax
> 0x00428b94 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x004344e0 : mov rsi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0048b46b : mov rsi, [r15]; mov rdi, [rsp + 0x10]; call r14
> 0x00406944 : mov rdi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x0045ef99 : mov rdi, [r14]; lea r9, [rsp + 0x28]; call r12
> 0x00487498 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; ret
> 0x0046cfc4 : mov eax, [rbx]; add rax, [rdx + 8]; call rax
> 0x004344e1 : mov esi, [rbx]; mov rdi, r12; mov r13, rbx; call rbp
> 0x0048b46c : mov esi, [rdi]; mov rdi, [rsp + 0x10]; call r14
> 0x0045ef9a : mov edi, [rsi]; lea r9, [rsp + 0x28]; call r12
> 0x00406945 : mov edi, [rbp]; mov rax, [rsp + 8]; call rax
> 0x0042cf06 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00469596 : mov rax, [r15 + 0x10]; add rax, [r14]; call rax
> 0x0045d1cb : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x004171e4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x00489417 : mov rax, [rdx]; mov [rbx + 0x98], rax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0042ec84 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x0042eb93 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00409b3a : mov rbp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0040ba98 : mov rbp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x00408fc8 : mov rbp, [r15 + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00408996 : mov r9, [rdx + 8]; mov rdx, r12; call [rbp + 0x18]
> 0x0040882b : mov r9, [rdi + 8]; mov rdi, rbp; call [rbp + 0x18]
> 0x00408e0a : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0040882c : mov ecx, [rdi + 8]; mov rdi, rbp; call [rbp + 0x18]
> 0x00409b3b : mov ebp, [rbx + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0040ba99 : mov ebp, [rdi + 0x90]; sub rbp, rax; mov rax, rbp; pop rbx; pop rbp; pop r12; ret
> 0x0040b4d1 : mov rax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0048b244 : mov rsi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x0046fcd2 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0040b4d2 : mov eax, [rbp + 0x20]; add rsp, 8; mov rdi, rbx; pop rbx; pop rbp; jmp rax
> 0x0048b245 : mov esi, [rbx + 8]; mov rdx, [r15]; mov rdi, r13; call r14
> 0x00409537 : mov rcx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x00409538 : mov ecx, [rbx + 0x10]; lea r8, [rsp + 0x10]; call [rbp + 0x18]
> 0x0040d8f1 : movzx esi, [r14]; mov rdi, r12; lea r15, [r14 + 1]; call [rbx + 0x18]
> 0x0044369c : mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x498]; sub rdx, rsi; call [rbx + 0x38]
> 0x0045c4d1 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00435a65 : mov rdx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x00408f7b : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x00435a66 : mov edx, [rcx + rdx]; lea rcx, [rip - 0x60]; mov [rax + 0x10], rcx; mov [rax + 8], rdx; ret
> 0x0046fcce : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0046fccf : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x00443698 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, [rbp - 0x498]; sub rdx, rsi; call [rbx + 0x38]
> 0x00408e01 : mov rbx, [rax + 0x50]; mov [rsp + 0x10], r14; mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0045f1ea : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x00408e02 : mov ebx, [rax + 0x50]; mov [rsp + 0x10], r14; mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0046fcca : mov r13, [rdi + 0x18]; mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; jmp rdx
> 0x0045c4c9 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00408dfd : mov r14, [rax + 0x40]; mov rbx, [rax + 0x50]; mov [rsp + 0x10], r14; mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0045c4ca : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x00408dfe : mov esi, [rax + 0x40]; mov rbx, [rax + 0x50]; mov [rsp + 0x10], r14; mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]