ropshell> use b955966a91909d1dcc253ee1ec359844 (download)
name         : libc.so (x86_64/ELF)
base address : 0x42ae0
total gadgets: 6911
ropshell> suggest "load mem"
> 0x0006eeb0 : mov eax, [rdi]; ret
> 0x0004fd80 : mov rax, [rdi + 0x18]; ret
> 0x0004fd81 : mov eax, [rdi + 0x18]; ret
> 0x0004fdcd : mov rax, [rdi]; add rax, -1; ret
> 0x000560c3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x000b1310 : mov rax, [rbx]; pop rbx; pop r14; pop r15; ret
> 0x000b0d19 : mov rcx, [rdi]; mov [rax], rcx; ret
> 0x000535d0 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000b133f : mov rsi, [rax]; call rdx
> 0x0006f721 : mov rdi, [rbx]; call r14
> 0x00044510 : mov rdi, [r15]; call rax
> 0x00082c43 : mov eax, [rbx]; pop rbx; pop r14; pop r15; ret
> 0x000b0d1a : mov ecx, [rdi]; mov [rax], rcx; ret
> 0x00053571 : mov edx, [rsi]; mov [rdi], dx; ret
> 0x000b1340 : mov esi, [rax]; call rdx
> 0x0006f722 : mov edi, [rbx]; call r14
> 0x000bfc77 : mov rdi, [r14 + 0x30]; call rcx
> 0x000c00c6 : mov rdi, [r15 + 0x30]; call rcx
> 0x000a0782 : movzx eax, [rbx + 2]; or rax, rcx; pop rbx; ret
> 0x0005c58b : mov ebx, [rax + 4]; mov eax, ebx; pop rbx; ret
> 0x00085111 : mov edi, [rdx + 4]; add [rax - 0x7d], cl; ret
> 0x000bfc78 : mov edi, [rsi + 0x30]; call rcx
> 0x00061495 : mov rax, [rbp]; mov rdi, rsp; call rax
> 0x00061496 : mov eax, [rbp]; mov rdi, rsp; call rax
> 0x00063d91 : mov ecx, [rax]; mov eax, ecx; pop rbx; pop r14; pop r15; ret
> 0x00043640 : mov rax, [rdx]; mov rdx, [rdx + 8]; jmp rax
> 0x00082e1d : mov rbx, [rdi]; mov rax, rbx; add rsp, 8; pop rbx; pop r14; ret
> 0x00043641 : mov eax, [rdx]; mov rdx, [rdx + 8]; jmp rax
> 0x000c68b0 : mov eax, [rsi]; mov [rdi + 0x24], eax; xor eax, eax; ret
> 0x00082e1e : mov ebx, [rdi]; mov rax, rbx; add rsp, 8; pop rbx; pop r14; ret
> 0x000c7eb3 : mov rdi, [rax + 0x10]; call [rax + 8]
> 0x00069ffb : mov rdi, [rbx + 0x18]; call [rbx + 0x10]
> 0x000bedcd : mov edx, [rbx + 0x20]; call [rbx + 0x40]
> 0x000c7eb4 : mov edi, [rax + 0x10]; call [rax + 8]
> 0x00069ffc : mov edi, [rbx + 0x18]; call [rbx + 0x10]
> 0x000694eb : mov rax, [r12]; lea rdi, [rsp + 0x10]; call rax
> 0x0005b396 : mov rax, [r14]; mov rdi, r14; call [rax + 0x38]
> 0x00069566 : mov rax, [r15]; lea rdi, [rsp + 0x10]; call rax
> 0x000535e0 : mov rcx, [rsi]; mov [rdi + 8], dh; mov [rdi], rcx; ret
> 0x00047bcd : mov rdx, [r8]; mov [rsp + 8], r8; call r14
> 0x00047bce : mov edx, [rax]; mov [rsp + 8], r8; call r14
> 0x000bed39 : mov rax, [rbx + 0x68]; mov [rbx], rax; xor eax, eax; pop rbx; ret
> 0x000887ad : mov rdx, [rsi + rax]; xor eax, eax; bt rdx, rcx; setb al; pop rcx; ret
> 0x0006f67e : mov ecx, [rax + 0x48000000]; mov eax, ebx; add rsp, 8; pop rbx; pop r14; ret
> 0x00058904 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x000887ae : mov edx, [rsi + rax]; xor eax, eax; bt rdx, rcx; setb al; pop rcx; ret
> 0x0006cca8 : mov rcx, [r14]; mov [rcx], rax; xor eax, eax; pop rbx; pop r14; pop rbp; ret
> 0x000c7e35 : mov rcx, [rax + 0x58]; mov [rdi], rcx; mov [rax + 0x58], rdi; ret
> 0x00053714 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x000627f9 : mov rsi, [r14 + 0x70]; lea rcx, [rsp + 0x18]; call rbp
> 0x000c0698 : mov rdi, [r12 + 0x30]; mov rsi, r14; mov edx, r15d; call rax
> 0x0006c9b0 : mov rax, [rsi]; mov rcx, [rdi]; mov [rcx + 0x10], rax; xor eax, eax; ret
> 0x000bcf08 : mov rcx, [rax]; mov [rcx + 0x10], 0; mov rax, rbx; pop rbx; pop r14; pop r15; ret
> 0x0006cc27 : mov rcx, [rbx]; mov [rcx], rax; xor eax, eax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0006cc28 : mov ecx, [rbx]; mov [rcx], rax; xor eax, eax; add rsp, 8; pop rbx; pop rbp; ret
> 0x0005c8ff : mov rdi, [rbp + 0x40]; mov rax, [rdi]; call [rax + 0x20]
> 0x000a136c : mov eax, [rsi + 0x24]; mov [rbx + 0x3c], eax; add rsp, 8; pop rbx; pop r14; ret
> 0x000a136b : mov eax, [r14 + 0x24]; mov [rbx + 0x3c], eax; add rsp, 8; pop rbx; pop r14; ret
> 0x0005c900 : mov edi, [rbp + 0x40]; mov rax, [rdi]; call [rax + 0x20]
> 0x00047bc9 : mov rsi, [rbp]; mov rdx, [r8]; mov [rsp + 8], r8; call r14
> 0x00047bca : mov esi, [rbp]; mov rdx, [r8]; mov [rsp + 8], r8; call r14
> 0x0004770a : mov rdx, [r13]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x0004770b : mov edx, [rbp]; mov r8, rbx; mov rcx, r13; mov esi, 1; mov edi, 1; call rax
> 0x00051554 : mov ebx, [rsi]; mov ecx, [rsi + rdx - 4]; mov [rdi], ebx; mov [rdi + rdx - 4], ecx; pop rbx; ret
> 0x00047490 : mov rdx, [r12]; mov esi, ebp; mov r8, rbx; or esi, 2; mov rcx, r12; mov edi, 1; call rax
> 0x000af20d : mov rdx, [rdi + 0x28]; cmp rax, rdx; cmovae rax, rdx; mov [rcx], rax; mov rax, [rdi + 0x18]; pop rcx; ret
> 0x000af20e : mov edx, [rdi + 0x28]; cmp rax, rdx; cmovae rax, rdx; mov [rcx], rax; mov rax, [rdi + 0x18]; pop rcx; ret
> 0x00044498 : mov eax, [rcx]; add [rax], al; lea rcx, [rip - 0x2466f]; movsxd rax, [rcx + rax*4]; add rax, rcx; jmp rax
> 0x0008d979 : mov rax, [r12 + 0x38]; mov [rbx], 0; mov rdi, [rsp + 0x20]; mov [rsp + 0x38], rax; call rax
> 0x00047b53 : mov rdi, [rdx + 8]; mov eax, 1; cmp [rsi + 8], rdi; sbb ecx, ecx; cmp [rsi + 8], rdi; cmovbe eax, ecx; ret
> 0x000bedc2 : mov rsi, [rbx + 0x18]; mov [rbx], rsi; mov rdi, [rbx + 0x30]; mov edx, [rbx + 0x20]; call [rbx + 0x40]
> 0x000bedc3 : mov esi, [rbx + 0x18]; mov [rbx], rsi; mov rdi, [rbx + 0x30]; mov edx, [rbx + 0x20]; call [rbx + 0x40]
> 0x00048be4 : mov rsi, [r9]; mov [rsp + 0x28], r10; mov [rsp + 0x20], r11; mov [rsp + 0x18], rcx; mov [rsp + 0x10], r9; call r14
> 0x00048be5 : mov esi, [rcx]; mov [rsp + 0x28], r10; mov [rsp + 0x20], r11; mov [rsp + 0x18], rcx; mov [rsp + 0x10], r9; call r14