ropshell> use 7c813be39f2d3d460ea3a2d1e2185bcf (download)
name         : nginx (x86_64/RAW)
base address : 0x0
total gadgets: 7131

ropshell> suggest "load mem"
> 0x001a0ab4 : mov eax, [rcx]; ret
> 0x000140f9 : mov rsi, [r13 + 0x10]; call rax
> 0x0001b0ac : mov rdi, [rbx + 0x10]; call rdx
> 0x00022636 : mov rdi, [rdx + 0x40]; call rax
> 0x0004522b : mov rdi, [rbp + 0x48]; call rax
> 0x000140fa : mov esi, [rbp + 0x10]; call rax
> 0x0001b0ad : mov edi, [rbx + 0x10]; call rdx
> 0x00022637 : mov edi, [rdx + 0x40]; call rax
> 0x0004522c : mov edi, [rbp + 0x48]; call rax
> 0x0001c601 : mov rax, [rdi]; call [rax + 8]
> 0x00026866 : mov rsi, [rcx]; mov rdi, r15; call rax
> 0x0001c602 : mov eax, [rdi]; call [rax + 8]
> 0x00026867 : mov esi, [rcx]; mov rdi, r15; call rax
> 0x0026b6aa : mov eax, [rsi]; add [rax], al; add [rax], al; ret 0x85
> 0x0001d4c7 : mov rsi, [rdi + 0x38]; call [rdi + 0x28]
> 0x00013b0d : mov rsi, [r14 + 0x10]; mov rdi, rbp; call rax
> 0x0001d4c8 : mov esi, [rdi + 0x38]; call [rdi + 0x28]
> 0x00018838 : mov rbx, [rax]; mov rdi, rax; call [rax + 0x58]
> 0x00025aed : mov rsi, [rax]; mov rdi, r12; call [r13 + 0x38]
> 0x0001e7e6 : mov rsi, [rbx]; mov rdi, rbp; call [rbp + 0x40]
> 0x0000829b : mov rsi, [rbp]; mov rdi, r13; call [r13 + 0x38]
> 0x00012e34 : mov rsi, [r12]; mov rdi, r14; call [r14 + 0x38]
> 0x00017511 : mov rbp, [rbx]; mov rdi, rbx; call [rbx + 0x58]
> 0x00018136 : mov r12, [rax]; mov rdi, rax; call [rax + 0x58]
> 0x000174b7 : mov r15, [rbx]; mov rdi, rbx; call [rbx + 0x58]
> 0x00018839 : mov ebx, [rax]; mov rdi, rax; call [rax + 0x58]
> 0x00025aee : mov esi, [rax]; mov rdi, r12; call [r13 + 0x38]
> 0x0001e7e7 : mov esi, [rbx]; mov rdi, rbp; call [rbp + 0x40]
> 0x0000829c : mov esi, [rbp]; mov rdi, r13; call [r13 + 0x38]
> 0x000174b8 : mov edi, [rbx]; mov rdi, rbx; call [rbx + 0x58]
> 0x00017512 : mov ebp, [rbx]; mov rdi, rbx; call [rbx + 0x58]
> 0x00022fe6 : mov rax, [rbx + 8]; mov rdi, rax; call [rax + 0x10]
> 0x00014c27 : mov rdx, [r15 + 0x58]; mov esi, 0; mov rdi, r15; call rax
> 0x00039bf0 : mov rsi, [rbp + 0x18]; mov rdi, r12; call [rbp + 8]
> 0x00022fe7 : mov eax, [rbx + 8]; mov rdi, rax; call [rax + 0x10]
> 0x00014c28 : mov edx, [rdi + 0x58]; mov esi, 0; mov rdi, r15; call rax
> 0x0001e41e : mov rax, [rbp]; mov rsi, r12; mov rdi, rax; call [rax + 0x30]
> 0x0001e41f : mov eax, [rbp]; mov rsi, r12; mov rdi, rax; call [rax + 0x30]
> 0x00012a16 : mov rax, [rbx]; mov rsi, [rax + rcx*8]; mov rdi, rbx; call rdx
> 0x00026975 : mov rdx, [rdi]; mov rsi, [rdx + rcx*8]; mov rdi, r15; call rax
> 0x000265ce : mov rdx, [r14]; lea r13, [rdx + rbp*8]; mov rdi, r15; call rax
> 0x00012a17 : mov eax, [rbx]; mov rsi, [rax + rcx*8]; mov rdi, rbx; call rdx
> 0x000265cf : mov edx, [rsi]; lea r13, [rdx + rbp*8]; mov rdi, r15; call rax
> 0x00026976 : mov edx, [rdi]; mov rsi, [rdx + rcx*8]; mov rdi, r15; call rax
> 0x000408d2 : mov rax, [r14 + 8]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x00040bb7 : mov rdx, [rax + 0x10]; mov rdi, [rdi + 0x50]; call [rax + 8]
> 0x00044712 : mov rdx, [rbx + 0x2a8]; sub rdx, rsi; mov rdi, rbp; call [rbp + 0x20]
> 0x0003db67 : mov rdx, [rbp + 0x20]; mov rsi, rax; mov rdi, r12; call [rbp + 0x18]
> 0x00032615 : mov rsi, [rax + 8]; mov rdx, rbp; mov rdi, rbx; call [rax]
> 0x00042883 : mov rsi, [rbx + 0x48]; lea rdi, [rbx + 0x10]; mov edx, 0; call rax
> 0x00033db5 : mov rsi, [r12 + 8]; mov rdx, r13; mov rdi, rbx; call [rbx + 0x20]
> 0x000375ed : mov rsi, [r15 + 0x3a0]; mov rdx, r12; mov rdi, rax; call [rax + 0x38]
> 0x000408d3 : mov eax, [rsi + 8]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x00040bb8 : mov edx, [rax + 0x10]; mov rdi, [rdi + 0x50]; call [rax + 8]
> 0x00044713 : mov edx, [rbx + 0x2a8]; sub rdx, rsi; mov rdi, rbp; call [rbp + 0x20]
> 0x0003db68 : mov edx, [rbp + 0x20]; mov rsi, rax; mov rdi, r12; call [rbp + 0x18]
> 0x00032616 : mov esi, [rax + 8]; mov rdx, rbp; mov rdi, rbx; call [rax]
> 0x00042884 : mov esi, [rbx + 0x48]; lea rdi, [rbx + 0x10]; mov edx, 0; call rax
> 0x0001ea7a : mov rax, [rbp + 0x10]; mov rsi, [rax]; mov rdi, rbp; call [rbp + 0x40]
> 0x00026620 : mov rdx, [r14 + 0x10]; lea r12, [rdx + rbp*8]; mov rdi, r15; call rax
> 0x0001ea7b : mov eax, [rbp + 0x10]; mov rsi, [rax]; mov rdi, rbp; call [rbp + 0x40]
> 0x00026621 : mov edx, [rsi + 0x10]; lea r12, [rdx + rbp*8]; mov rdi, r15; call rax
> 0x0001b0a4 : mov rax, [r12]; lea r13, [rax + rcx*8]; mov rdi, [rbx + 0x10]; call rdx
> 0x0004ca6d : mov rax, [r12 + 8]; mov rax, [rax + 0x10]; mov rdi, rax; call [rax + 0x10]
> 0x00022fe0 : mov esi, [rdx + 0x2000000]; mov rax, [rbx + 8]; mov rdi, rax; call [rax + 0x10]
> 0x0003b1bd : mov rax, [r13]; mov [rdx + 0x38], rax; mov [r13 + 8], rsi; mov rdi, rbx; call rbp
> 0x000709bc : mov rcx, [rax + 0x20]; sub [rcx + rsi*8], 1; mov rsi, rax; call [rax + 0x30]
> 0x000709bd : mov ecx, [rax + 0x20]; sub [rcx + rsi*8], 1; mov rsi, rax; call [rax + 0x30]
> 0x0002a78a : mov rcx, [rax]; mov rax, [rbx + 0x10]; lea r14, [rax + rcx*8]; mov rdi, rbp; call rdx
> 0x0002a78b : mov ecx, [rax]; mov rax, [rbx + 0x10]; lea r14, [rax + rcx*8]; mov rdi, rbp; call rdx
> 0x000375e9 : mov r13, [rax + 0x48]; mov rsi, [r15 + 0x3a0]; mov rdx, r12; mov rdi, rax; call [rax + 0x38]
> 0x000375ea : mov ebp, [rax + 0x48]; mov rsi, [r15 + 0x3a0]; mov rdx, r12; mov rdi, rax; call [rax + 0x38]
> 0x00070dfd : mov rax, [rsi + 0x18]; mov rdx, [rip + 0x22bc98]; mov rbx, [rax + rdx*8]; call [rbx + 0x28]
> 0x0001512a : mov rax, [r15 + 0x38]; mov rdx, [rax + rdx*8]; mov rsi, rbx; mov rdi, r15; call [rbx + 0x18]
> 0x0001512b : mov eax, [rdi + 0x38]; mov rdx, [rax + rdx*8]; mov rsi, rbx; mov rdi, r15; call [rbx + 0x18]
> 0x0000681d : mov rdi, [r15 + 8]; mov [rax + 8], rdi; mov rsi, rbx; mov rax, [rsp + 0x30]; call [rax + 8]
> 0x00040bab : mov rcx, [rdi + 0x10]; lea rsi, [rcx - 0x10]; mov [rdi + 0x10], rsi; mov rdx, [rax + 0x10]; mov rdi, [rdi + 0x50]; call [rax + 8]
> 0x000375de : mov r12, [rbx + 0xf0]; mov rax, [rsp]; mov r13, [rax + 0x48]; mov rsi, [r15 + 0x3a0]; mov rdx, r12; mov rdi, rax; call [rax + 0x38]
> 0x00040bac : mov ecx, [rdi + 0x10]; lea rsi, [rcx - 0x10]; mov [rdi + 0x10], rsi; mov rdx, [rax + 0x10]; mov rdi, [rdi + 0x50]; call [rax + 8]