ropshell> use d371da546786965fe0ee40147ffef716 (download)
name         : libc-2.31.so (x86_64/RAW)
base address : 0x0
total gadgets: 18357
ropshell> suggest "load mem"
> 0x00088710 : mov eax, [rdx]; ret
> 0x000e1464 : mov eax, [rdi]; ret
> 0x001ae286 : mov edi, [rdx]; ret
> 0x000e1414 : mov rax, [rdi + 0x20]; ret
> 0x00105bc1 : mov eax, [rdx + 8]; ret
> 0x000e1415 : mov eax, [rdi + 0x20]; ret
> 0x00187de3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x000afa14 : movzx edx, [rsi]; sub eax, edx; ret
> 0x000966d5 : mov rax, [rdi]; mov [rdx], rax; ret
> 0x00107775 : mov rcx, [r12]; call rax
> 0x0002703b : mov rdx, [rax]; call rbx
> 0x000ba040 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x0011ccdf : mov rdi, [rbp]; call rbx
> 0x0011df32 : mov rdi, [r8]; call rbx
> 0x0011d9d1 : mov rdi, [r12]; call rbx
> 0x0011da3b : mov rdi, [r13]; call rbx
> 0x0011dafb : mov rdi, [r14]; call rbx
> 0x0011dc6c : mov rdi, [r15]; call rbx
> 0x00128399 : mov eax, [r12]; pop rbx; pop rbp; pop r12; ret
> 0x0002703c : mov edx, [rax]; call rbx
> 0x0011df33 : mov edi, [rax]; call rbx
> 0x0011dafc : mov edi, [rsi]; call rbx
> 0x0011cce0 : mov edi, [rbp]; call rbx
> 0x00180fbf : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x0008a8cf : mov eax, [rcx]; add rsp, 8; pop rbx; pop rbp; ret
> 0x000a1a10 : mov rdi, [rbx + 0x48]; call rax
> 0x0004a439 : mov rdi, [rbp + 8]; call rax
> 0x000a1a11 : mov edi, [rbx + 0x48]; call rax
> 0x0004a43a : mov edi, [rbp + 8]; call rax
> 0x001796c0 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00101e1b : mov r8, [rax]; mov [rax], rdi; mov rax, r8; ret
> 0x00150070 : mov eax, [r8]; mov [rdx], eax; mov eax, 1; ret
> 0x000c038e : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret
> 0x00115aa1 : mov rax, [r13 + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x00085973 : mov rdx, [rdi + 0xa0]; mov [rdx + 0xe0], rcx; ret
> 0x00115aa2 : mov eax, [rbp + 0x10]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x0016e44e : mov ecx, [rbp + 1]; fnstcw [rsi]; jmp r9
> 0x00085974 : mov edx, [rdi + 0xa0]; mov [rdx + 0xe0], rcx; ret
> 0x00107582 : mov rdx, [r12]; mov rax, [rbp - 0x1e0]; call rax
> 0x00110284 : mov eax, [rsi]; mov [rdi + 0x108], eax; xor eax, eax; ret
> 0x00129da2 : mov eax, [rbp]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x00129da1 : mov eax, [r13]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x0008ff54 : mov rax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x0014a779 : mov rax, [rbp + 8]; call [rax + 0x28]
> 0x0008ff3b : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x0012ee43 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0019a26b : mov rdi, [r13 + 0x10]; add rdi, rbp; call r12
> 0x0008ff55 : mov eax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x0008ff3c : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x0012ee44 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x00135400 : mov ebp, [rcx + 0x6401000b]; mov [r8], r9d; add rsp, 0x18; ret
> 0x00152f18 : mov rax, [rdx]; bswap eax; mov [r8 + 0x54], eax; mov eax, 1; ret
> 0x0014424c : mov rax, [r12]; mov [rax + 8], 0; pop rbx; pop rbp; pop r12; ret
> 0x00170b04 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x00122123 : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0011d14f : mov rsi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x00122124 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0011d150 : mov esi, [rbx]; mov r13, rbx; mov rdi, rbp; call r12
> 0x001797e6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x0008ff95 : mov rax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret
> 0x000581e1 : mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000b6bd9 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x0015005d : movzx eax, [r8 + 0x88]; mov [rdx + 0x6c], ax; mov eax, 1; ret
> 0x0012230c : mov ecx, [rax + rax]; neg eax; mov fs:[rdx], eax; mov rax, -1; ret
> 0x000581e2 : mov ecx, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000ad4f4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x000373b4 : mov rax, [rsi + 0x70]; movsxd rdi, edi; mov eax, [rax + rdi*4]; ret
> 0x00155507 : mov rax, [r8 + 0x38]; mov rdi, r8; call [rax + 0x20]
> 0x0014abad : mov rax, [r12 + 0x38]; mov rdi, r12; call [rax + 0x20]
> 0x001534f3 : mov rax, [r14 + 0x70]; mov rdi, rbp; call [rax + 0x20]
> 0x00154227 : mov rax, [r15 + 0x60]; mov rdi, rbp; call [rax + 0x20]
> 0x000ba184 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x000ba093 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x00153813 : mov rdx, [r8 + 0x90]; bswap eax; mov [rdx + 0x10], eax; mov eax, 1; ret
> 0x0009782b : mov r8, [rdi + 8]; mov rax, [rdi]; mov rdi, r8; jmp rax
> 0x001534f4 : mov eax, [rsi + 0x70]; mov rdi, rbp; call [rax + 0x20]
> 0x00153a09 : mov esi, [rbx + 0x88]; mov rdi, r15; call [rax + 0x28]
> 0x00157510 : mov rax, [rbx]; mov [rbp + 8], rax; mov eax, 1; pop rbx; pop rbp; pop r12; ret
> 0x001479c3 : mov rdx, [r15]; mov r8, rbp; mov rcx, r14; mov rdi, r13; call r12
> 0x0011cd75 : mov rsi, [r14]; mov rax, [rsp + 8]; mov rdi, r13; call rax
> 0x00150414 : mov rdi, [rax]; mov rax, [rdi + 0x38]; call [rax + 0x10]
> 0x00154750 : mov rdi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x00157511 : mov eax, [rbx]; mov [rbp + 8], rax; mov eax, 1; pop rbx; pop rbp; pop r12; ret
> 0x00154751 : mov edi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x0013f4e8 : movzx edx, [r10 + 1]; add r10, 2; mov [r8], edx; mov [r9], r10; ret
> 0x00112edb : mov rcx, [rdi]; mov rdx, [rsi]; xor eax, eax; cmp rcx, rdx; seta al; sbb eax, 0; ret
> 0x0011d218 : mov rsi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x00112edc : mov ecx, [rdi]; mov rdx, [rsi]; xor eax, eax; cmp rcx, rdx; seta al; sbb eax, 0; ret
> 0x0011d219 : mov esi, [rax]; mov rdi, r14; mov rax, [rbp - 0x58]; mov r15d, r13d; call rax
> 0x0008bbec : mov rdx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00077bea : mov rdx, [r14 + 0x20]; mov rdi, r15; sub rdx, rsi; call [rbx + 0x38]
> 0x0014bce4 : mov rsi, [rbx + 0x10]; mov rdx, r12; mov rdi, r14; call [rax + 0x10]
> 0x00036b8c : mov rsi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x00162d8a : mov r8, [rbx + 0x10]; call [rax + 0x1e0]; mov [rbx], rax; pop rax; pop rdx; pop rbx; ret
> 0x00045f31 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000ef5e5 : movzx eax, [r9 + rax]; mov [rdi + 8], 1; mov [rdi], al; mov eax, 1; ret
> 0x0007ace4 : movzx eax, [r11 + rax]; movsxd rax, [rdi + rax*4]; add rax, rbx; jmp rax
> 0x0008bbed : mov edx, [rbx + 0x40]; mov rdi, rbx; sub rdx, rsi; call [rax + 0x70]
> 0x00036b8d : mov esi, [rdi + 0x78]; mov fs:[rcx], rsi; cmp rax, rdx; mov rdx, -1; cmove rax, rdx; ret
> 0x00124d25 : mov rcx, [r8]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xc6626], 0; ret
> 0x000488f0 : mov rsi, [r13]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x00124d26 : mov ecx, [rax]; mov [rdx + 0x10], rcx; mov [r8], rax; mov [rip + 0xc6626], 0; ret
> 0x000488f1 : mov esi, [rbp]; mov rdi, [r12]; mov rdx, r14; mov rax, [rsp]; call rax
> 0x0008db8b : mov rcx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x00091c38 : mov rdx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x00151dde : mov rsi, [r8 + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x000581dd : mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x0008db8c : mov ecx, [rbx + 0xf8]; sub rax, rdx; sar rax, 2; mov [rcx], rax; xor eax, eax; pop rbx; ret
> 0x00091c39 : mov edx, [rbp + 0x40]; sub rdx, rsi; mov [rsp], rcx; mov rdi, rbp; call rax
> 0x00151ddf : mov esi, [rax + 0x40]; mov edx, [rsi + 0x1c8]; add rsi, 0x38; jmp [rax + 0x18]
> 0x00089fd5 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0008c407 : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov [rsp + 8], rcx; mov rdi, r15; call rax
> 0x000c06a6 : mov rdi, [r12 + 0x10]; push 1; xor edx, edx; push 1; lea r9, [rsp + 0x20]; call rbx
> 0x00159280 : movsx rax, [rsi]; mov rsi, rsp; mov [rsp], rax; mov rax, [rdi + 8]; call [rax + 8]
> 0x00077be6 : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rdi, r15; sub rdx, rsi; call [rbx + 0x38]
> 0x00045f2d : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000824bd : movzx ecx, [r10 + rax]; lea rax, [rip + 0x12f0f7]; movsxd rax, [rax + rcx*4]; add rax, rdx; jmp rax
> 0x0007a9bf : movzx ecx, [r11 + rax]; lea rax, [rip + 0x1366f5]; movsxd rax, [rax + rcx*4]; add rax, rbx; jmp rax
> 0x0007b927 : movzx edx, [r11 + rax]; lea rax, [rip + 0x13588d]; movsxd rax, [rax + rdx*4]; add rax, rbx; jmp rax
> 0x000581d6 : mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00055b68 : movzx r8, [rax + r10]; mov edx, 6; mov [rip + 0x1987cd], al; lea rax, [rip + 0x1987c1]; mov [rax + rdx], 0; ret
> 0x0014c4b5 : mov edx, [r15 + 0x48]; mov rdi, [r15]; add r12, rax; sub edx, eax; mov rsi, r12; call [r15 + 0x40]
> 0x000810e9 : movzx eax, [r10 + rcx]; lea rcx, [rip + 0x13054b]; mov r9, rsi; movsxd rax, [rcx + rax*4]; add rax, rdx; jmp rax
> 0x0012fc1d : mov edx, [rcx + 0x18]; movdqu xmm7, xmm[rcx + 0x30]; mov [rbp - 0x80], edx; mov rdx, r13; movups xmm[rbp - 0x78], xmm7; call rax
> 0x0012fa33 : mov edx, [r14 + 0x18]; movdqu xmm7, xmm[r14 + 0x30]; mov [rbp - 0x80], edx; mov rdx, r13; movups xmm[rbp - 0x78], xmm7; call rax
> 0x000586db : mov rsi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x000586dc : mov esi, [rdx + 0x70]; mov rcx, [rdx + 0x98]; mov r8, [rdx + 0x28]; mov r9, [rdx + 0x30]; mov rdx, [rdx + 0x88]; xor eax, eax; ret
> 0x00157d8a : mov rbp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]
> 0x00048291 : movzx edi, [rax + 0xe]; mov [rdx + 0xe], dil; mov [rax + 0xe], sil; mov rsi, [rsp + 0x10]; mov rdx, rbp; mov rdi, r12; call rbx
> 0x00157d8b : mov ebp, [rdi + 0x48]; mov rax, [rbp + 0x18]; lea r13, [rbp + 0x10]; mov [rbp + 0x10], 0; mov rdi, r13; call [rax + 0x28]