Free Online ROP Gadgets Search

ropshell> use 93719b7d673d5d852286c53060fcf654 (download)
name         : GoCrackMe2 (x86_64/ELF)
base address : 0x401000
total gadgets: 4286

ropshell> suggest "load mem"
> 0x004871ed : mov rax, [rcx]; ret
> 0x004871ee : mov eax, [rcx]; ret
> 0x00435405 : mov rbx, [rcx + 0x10]; ret
> 0x00435406 : mov ebx, [rcx + 0x10]; ret
> 0x00407a0b : mov rax, [rdx]; call rax
> 0x004668e9 : mov rax, [rsi]; mov [rdi], rax; ret
> 0x0042250d : mov rcx, [rdx]; call rcx
> 0x00455774 : mov rsi, [rdx]; call rsi
> 0x0042cc20 : mov rdi, [rdx]; call rdi
> 0x00463b88 : mov r12, [rdx]; call r12
> 0x00407a0c : mov eax, [rdx]; call rax
> 0x004668ca : mov eax, [rsi]; mov [rdi], eax; ret
> 0x0042250e : mov ecx, [rdx]; call rcx
> 0x00455775 : mov esi, [rdx]; call rsi
> 0x0042cc21 : mov edi, [rdx]; call rdi
> 0x0047b024 : mov rbx, [rax + 0x28]; mov rax, rcx; ret
> 0x0047b025 : mov ebx, [rax + 0x28]; mov rax, rcx; ret
> 0x00402be0 : mov rcx, [rax]; cmp [rbx], rcx; sete al; ret
> 0x00404740 : mov ecx, [rax]; cmp [rbx], ecx; sete al; ret
> 0x004780ad : mov rcx, [rdx + 0x48]; call rcx
> 0x004780ae : mov ecx, [rdx + 0x48]; call rcx
> 0x0045c9ab : mov rax, [rbx]; mov rdx, rbx; call rax
> 0x00422526 : mov rbx, [rdx]; mov eax, 0x10000; call rbx
> 0x00405dcb : mov rcx, [rdi]; mov rdx, rdi; call rcx
> 0x0045c9ac : mov eax, [rbx]; mov rdx, rbx; call rax
> 0x00422527 : mov ebx, [rdx]; mov eax, 0x10000; call rbx
> 0x00463fb1 : mov ecx, [rbx]; add [rax], al; jmp rax
> 0x00405dcc : mov ecx, [rdi]; mov rdx, rdi; call rcx
> 0x00435401 : mov rax, [rcx + 8]; mov rbx, [rcx + 0x10]; ret
> 0x0043ca00 : mov rax, [r14 + 0x30]; mov [rax + 0x114], 1; ret
> 0x00435402 : mov eax, [rcx + 8]; mov rbx, [rcx + 0x10]; ret
> 0x0043ca01 : mov eax, [rsi + 0x30]; mov [rax + 0x114], 1; ret
> 0x00447983 : mov rdx, [rax]; mov rax, [rdx]; call rax
> 0x00447984 : mov edx, [rax]; mov rax, [rdx]; call rax
> 0x00470be9 : mov rax, [rdx + 8]; mov ecx, 1; xchg [rax], ecx; ret
> 0x00468578 : mov rcx, [rax + 0x18]; cmp [rbx + 0x18], rcx; sete al; ret
> 0x0046831a : mov rcx, [rbx + 0x18]; cmp [rax + 0x18], rcx; sete al; ret
> 0x0046940b : mov rcx, [rsi + 0x20]; mov rax, rdx; call rcx
> 0x00482ea0 : mov rcx, [r9 + 0x48]; mov rax, rbx; call rcx
> 0x0046933a : mov rdx, [rax + 0x28]; mov rax, rcx; call rdx
> 0x0043468a : mov rdx, [rbx + 0x18]; mov rax, rcx; call rdx
> 0x00418fde : mov rsi, [rax + 0x10]; mov rax, rsi; call rcx
> 0x00470bea : mov eax, [rdx + 8]; mov ecx, 1; xchg [rax], ecx; ret
> 0x00468579 : mov ecx, [rax + 0x18]; cmp [rbx + 0x18], rcx; sete al; ret
> 0x0046831b : mov ecx, [rbx + 0x18]; cmp [rax + 0x18], rcx; sete al; ret
> 0x0046940c : mov ecx, [rsi + 0x20]; mov rax, rdx; call rcx
> 0x0046933b : mov edx, [rax + 0x28]; mov rax, rcx; call rdx
> 0x0043468b : mov edx, [rbx + 0x18]; mov rax, rcx; call rdx
> 0x00418fdf : mov esi, [rax + 0x10]; mov rax, rsi; call rcx
> 0x0047038c : mov r9, [rdx]; mov rcx, r8; mov rdi, rsi; call r9
> 0x0042237a : mov rdx, [rcx + 0x98]; mov rax, [rdx]; call rax
> 0x0042237b : mov edx, [rcx + 0x98]; mov rax, [rdx]; call rax
> 0x00447925 : mov rdi, [rbx + 8]; mov rax, rsi; mov rbx, rdi; call rcx
> 0x00469d56 : mov r8, [rax + 0x20]; mov rax, rbx; mov rbx, rdx; call r8
> 0x0040fe7a : mov esi, [rbx + 0xc]; mov rax, r13; mov rbx, rsi; call rcx
> 0x0040f771 : mov edi, [rbx + 0xc]; mov rax, r12; mov rbx, rdi; call rcx
> 0x004010f4 : mov edi, [rdx + 8]; add rdx, rdi; mov rax, rdx; mov rbx, rsi; mov rcx, rbx; ret
> 0x00463c2b : mov rbp, [rax + 0x68]; mov [rax + 0x38], 0; mov [rax + 0x68], 0; pop rbp; ret
> 0x00463c2c : mov ebp, [rax + 0x68]; mov [rax + 0x38], 0; mov [rax + 0x68], 0; pop rbp; ret
> 0x00447922 : mov rsi, [rbx]; mov rdi, [rbx + 8]; mov rax, rsi; mov rbx, rdi; call rcx
> 0x00447923 : mov esi, [rbx]; mov rdi, [rbx + 8]; mov rax, rsi; mov rbx, rdi; call rcx
> 0x00462221 : mov rcx, [r14 + 0x30]; inc [rcx + 0x108]; mov rcx, [rcx + 0xd0]; movsxd rax, [rcx]; ret
> 0x00467b13 : mov rsi, [rdx + rcx]; mov rcx, [rdx + rcx + 8]; mov rax, rsi; mov rbx, rcx; pop rbp; ret
> 0x00467b14 : mov esi, [rdx + rcx]; mov rcx, [rdx + rcx + 8]; mov rax, rsi; mov rbx, rcx; pop rbp; ret
> 0x0047f47e : mov rdi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x0047f47f : mov edi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x0045cbb9 : mov rsi, [rcx]; mov rdi, [rip + 0xe6825]; mov rbx, rax; mov rdx, rcx; mov rax, rdi; call rsi
> 0x0045cbba : mov esi, [rcx]; mov rdi, [rip + 0xe6825]; mov rbx, rax; mov rdx, rcx; mov rax, rdi; call rsi
> 0x0040ead1 : mov rdx, [rsi + 0x18]; mov rsi, [rdx]; mov rax, [rsp + 0x48]; mov rbx, rcx; call rsi
> 0x0040f021 : mov rdx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x90]; mov rbx, rcx; call rdi
> 0x0040ead2 : mov edx, [rsi + 0x18]; mov rsi, [rdx]; mov rax, [rsp + 0x48]; mov rbx, rcx; call rsi
> 0x0040f022 : mov edx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x90]; mov rbx, rcx; call rdi
> 0x00465849 : mov rsi, [rdi + 8]; sub rsi, [rsp]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x20], eax; pop rbp; ret
> 0x0046584a : mov esi, [rdi + 8]; sub rsi, [rsp]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x20], eax; pop rbp; ret
> 0x0042c929 : mov rbx, [r10 + r8]; mov r8, [r10 + r8 + 8]; mov rax, rcx; mov rcx, r8; lea rdx, [rsp + 0x70]; call rdi
> 0x0040f01d : mov rdi, [rsi + 0x30]; mov rdx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x90]; mov rbx, rcx; call rdi
> 0x0042c92a : mov ebx, [rdx + rax]; mov r8, [r10 + r8 + 8]; mov rax, rcx; mov rcx, r8; lea rdx, [rsp + 0x70]; call rdi
> 0x0040f01e : mov edi, [rsi + 0x30]; mov rdx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x90]; mov rbx, rcx; call rdi
> 0x00447a29 : mov rdx, [rsi]; mov rsi, [rdx]; mov rax, [rip + 0xfbaaa]; mov rbx, [rip + 0xfbaab]; mov rcx, r9; mov rdi, r8; call rsi
> 0x00447a2a : mov edx, [rsi]; mov rsi, [rdx]; mov rax, [rip + 0xfbaaa]; mov rbx, [rip + 0xfbaab]; mov rcx, r9; mov rdi, r8; call rsi
> 0x00469eac : mov rdi, [rax + 0x28]; lea r8, [rcx + rdx]; lea r9, [rcx + rsi]; mov rax, rbx; mov rbx, r8; mov rcx, r9; call rdi
> 0x00469ead : mov edi, [rax + 0x28]; lea r8, [rcx + rdx]; lea r9, [rcx + rsi]; mov rax, rbx; mov rbx, r8; mov rcx, r9; call rdi
> 0x0047f477 : mov rbx, [rcx]; mov rdx, [rcx + 8]; mov rdi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x0047f478 : mov ebx, [rcx]; mov rdx, [rcx + 8]; mov rdi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x00462d17 : mov rbp, [rbx + 0x30]; mov [rbx], 0; mov [rbx + 0x20], 0; mov [rbx + 0x18], 0; mov [rbx + 0x30], 0; mov rbx, [rbx + 8]; jmp rbx
> 0x00462d18 : mov ebp, [rbx + 0x30]; mov [rbx], 0; mov [rbx + 0x20], 0; mov [rbx + 0x18], 0; mov [rbx + 0x30], 0; mov rbx, [rbx + 8]; jmp rbx