ropshell> use d443f227870b9c29182cc7a7a007d881 (download)
name         : libc-2.23-2.so (x86_64/ELF)
base address : 0x1f8b0
total gadgets: 19488
ropshell> suggest "load mem"
> 0x0007050c : mov eax, [rdx]; ret
> 0x000c7f30 : mov eax, [rdi]; ret
> 0x00071fe7 : mov eax, [rsi]; pop rbx; ret
> 0x0013ba12 : mov rax, [rdi + 0x18]; ret
> 0x0013ba13 : mov eax, [rdi + 0x18]; ret
> 0x0016dc93 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0008e293 : movzx edx, [rsi]; sub eax, edx; ret
> 0x000e7037 : mov rax, [rdx]; mov [rdx], rdi; ret
> 0x0007c77e : mov rax, [rdi]; mov [rdx], rax; ret
> 0x000207ba : mov rdx, [rax]; call rbp
> 0x000a5370 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x000ba5f0 : mov rdi, [rax]; call r14
> 0x000ac0d4 : mov rdi, [rbp]; call r12
> 0x001024cf : mov rdi, [r12]; call rbx
> 0x00038f5c : mov rdi, [r13]; call r14
> 0x00102046 : mov rdi, [r14]; call rbx
> 0x00102087 : mov rdi, [r15]; call rbx
> 0x000d1741 : mov eax, [rbx]; add [rcx - 0x77], al; ret
> 0x000207bb : mov edx, [rax]; call rbp
> 0x000ba5f1 : mov edi, [rax]; call r14
> 0x00102047 : mov edi, [rsi]; call rbx
> 0x000ac0d5 : mov edi, [rbp]; call r12
> 0x0014462f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00075406 : mov edx, [rdi + 0xc0]; mov eax, edx; ret
> 0x0010d83a : mov eax, [r14]; pop rbp; pop r12; pop r13; pop r14; ret
> 0x0001fc03 : mov eax, [rbx + 4]; pop rbx; pop rbp; pop r12; ret
> 0x00166480 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x00102868 : mov rsi, [rbx]; mov rdi, r12; call rbp
> 0x000a2066 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x000ded8a : movzx ecx, [rbp]; movzx eax, al; or [0], rdx; ret
> 0x00036256 : mov edx, [rdi]; xor eax, eax; test edx, edx; sete al; ret
> 0x00102869 : mov esi, [rbx]; mov rdi, r12; call rbp
> 0x000f6006 : mov rdx, [rsi + 0x78]; mov [rdi + 0x100], rdx; ret
> 0x000da4b0 : mov rdi, [rsi + 0x28]; call -7; xor eax, eax; pop rbx; ret
> 0x000da4b1 : mov edi, [rsi + 0x28]; call -7; xor eax, eax; pop rbx; ret
> 0x00038f59 : mov rsi, [r15]; mov rdi, [r13]; call r14
> 0x00038f5a : mov esi, [rdi]; mov rdi, [r13]; call r14
> 0x000773d0 : mov rax, [rbx + 0x20]; mov [rbx + 0x28], rax; pop rbx; ret
> 0x00137702 : mov rax, [r12 + 8]; call [rax + 0x10]
> 0x001353c0 : mov rax, [r14 + 0x60]; call [rax + 8]
> 0x0013793a : mov rax, [r15 + 8]; call [rax + 0x10]
> 0x000773a4 : mov rdx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x0006dc5f : mov rdx, [rdi + 0xa0]; mov [rdx + 0x130], rcx; rep ; ret
> 0x00088bc8 : mov rdi, [rbx + 0x48]; call [rbx + 0x40]
> 0x00112a63 : mov rdi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x000736de : mov r9, [rax + 0x10]; call [rbp + 0x18]
> 0x001353c1 : mov eax, [rsi + 0x60]; call [rax + 8]
> 0x000736df : mov ecx, [rax + 0x10]; call [rbp + 0x18]
> 0x000773a5 : mov edx, [rax + 0x18]; mov [rax + 0x20], rdx; pop rbx; ret
> 0x00088bc9 : mov edi, [rbx + 0x48]; call [rbx + 0x40]
> 0x00112a64 : mov edi, [rdx + 0x50]; mov rsi, rdx; call rax
> 0x0015ae24 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x001665a6 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00077401 : mov rax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret
> 0x00076217 : mov rdx, [rbx + 0xf8]; mov [rdx], rax; xor eax, eax; pop rbx; ret
> 0x00047f05 : mov r9, [rsi + 0x30]; mov rsi, [rsi + 0x70]; xor eax, eax; ret
> 0x00047b75 : mov r9, [rdi + 0x30]; mov rdi, [rdi + 0x68]; xor eax, eax; ret
> 0x000a20e9 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00077402 : mov eax, [rdx + 0x20]; sub rax, [rdx + 0x18]; sar rax, 2; ret
> 0x000a9f94 : mov eax, [r8 + 4]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x00114098 : mov eax, [r14 + 0x18]; mov [rbp - 0x80], eax; call r9
> 0x00074e8b : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x00047f06 : mov ecx, [rsi + 0x30]; mov rsi, [rsi + 0x70]; xor eax, eax; ret
> 0x00047b76 : mov ecx, [rdi + 0x30]; mov rdi, [rdi + 0x68]; xor eax, eax; ret
> 0x00076218 : mov edx, [rbx + 0xf8]; mov [rdx], rax; xor eax, eax; pop rbx; ret
> 0x00036544 : mov rax, [rsi]; and rax, [rdx]; mov [rdi], rax; xor eax, eax; ret
> 0x00106a0f : mov rdx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; rep ; ret
> 0x0014330b : mov ecx, [rdx]; mov rdx, r13; add r9, [rbp - 0x88]; call rax
> 0x00106a10 : mov edx, [rbx]; mov [rax], rdx; add rsp, 8; pop rbx; pop rbp; rep ; ret
> 0x0002e0b0 : mov rax, [rsi + 0x70]; movsxd rdi, edi; mov eax, [rax + rdi*4]; ret
> 0x00072929 : mov rax, [rbp + 0xd8]; mov rdi, rbp; call [rax + 0x20]
> 0x0012c01d : mov rax, [r10 + 8]; mov rdi, r10; call [rax + 0x20]
> 0x0004b3ba : mov rax, [r13 + 0xd8]; sub rdx, rsi; call [rax + 0x38]
> 0x00074047 : mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x000a54b4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00073f4d : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov rdi, r15; call rax
> 0x0007364e : mov rbp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x00073a7b : mov r9, [rdx + 8]; mov rdx, r12; call [rbp + 0x18]
> 0x00073f90 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0007292a : mov eax, [rbp + 0xd8]; mov rdi, rbp; call [rax + 0x20]
> 0x00074048 : mov ebx, [rdi + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x00073f91 : mov ebp, [rdi + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x00138a40 : mov rax, [r12]; mov [rbx + 8], rax; mov eax, 1; pop rbx; pop rbp; pop r12; ret
> 0x001362dd : mov rdi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x001362de : mov edi, [rbx]; mov rax, [rdi + 8]; call [rax + 0x20]
> 0x0006b3bc : mov rdx, [r9 + 0x88]; mov [rdx + 8], r8; add [rdx + 4], 1; ret
> 0x000cfc3e : mov rdi, [rax + r15]; mov rsi, [rbp - 0x1c0]; call [r14 + 0x40]
> 0x0006b3bd : mov edx, [rcx + 0x88]; mov [rdx + 8], r8; add [rdx + 4], 1; ret
> 0x00113a51 : mov edx, [rbp + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x0012370b : movzx edx, [r10 + 1]; add r10, 2; mov [r8], edx; mov [r9], r10; ret
> 0x00113a50 : mov edx, [r13 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x00113c6a : mov edx, [r14 + 0x18]; mov [rbp - 0x80], edx; mov rdx, rbx; call rax
> 0x000cfc3f : mov edi, [rax + rdi]; mov rsi, [rbp - 0x1c0]; call [r14 + 0x40]
> 0x0012db48 : mov rsi, [rbx + 0x10]; mov rdx, rbp; mov rdi, r13; call [rax + 0x10]
> 0x00131b34 : mov rdi, [rcx + 0x10]; mov eax, 1; mov [rdx], rsi; mov [rdx + 8], rdi; ret
> 0x000352d3 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0012db49 : mov esi, [rbx + 0x10]; mov rdx, rbp; mov rdi, r13; call [rax + 0x10]
> 0x00131b35 : mov edi, [rcx + 0x10]; mov eax, 1; mov [rdx], rsi; mov [rdx + 8], rdi; ret
> 0x00136df9 : mov rax, [rbx]; mov rdx, [rax + 8]; mov rdi, rax; call [rdx + 0x20]
> 0x00102911 : mov rsi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x00102912 : mov esi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x0007b5d2 : movzx esi, [r14]; mov rdi, r12; lea rbx, [r14 + 1]; call [rax + 0x18]
> 0x00047f01 : mov r8, [rsi + 0x28]; mov r9, [rsi + 0x30]; mov rsi, [rsi + 0x70]; xor eax, eax; ret
> 0x00047b71 : mov r8, [rdi + 0x28]; mov r9, [rdi + 0x30]; mov rdi, [rdi + 0x68]; xor eax, eax; ret
> 0x0012388e : mov r10, [rsi + 8]; mov [rdi + rdx + 8], r9; mov [rdi + rdx + 0x10], r10; ret
> 0x00071b71 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0012c631 : mov rsi, [rbp + 0x20]; mov r13d, eax; mov rdi, rbx; xor eax, eax; call [rbp + 0x28]
> 0x000f8994 : mov rdi, [r14 + 0x18]; mov edx, 1; mov rsi, [rsp + 0x28]; call [r14 + 0x40]
> 0x0012c632 : mov esi, [rbp + 0x20]; mov r13d, eax; mov rdi, rbx; xor eax, eax; call [rbp + 0x28]
> 0x00135397 : mov esi, [r14 + 0x88]; mov rdi, r12; mov [r14 + 0x58], 0; call [rax + 0x28]
> 0x00129ab0 : mov rdx, [r15]; mov [rbx], rax; mov rsi, rax; mov r8, rbp; mov rcx, r14; mov rdi, r13; call r12
> 0x0013464b : mov edx, [r12]; lea r12, [rip + 0x5ae8d]; mov r13, rax; xor eax, eax; nop [rax + rax]; cmp edx, [0]; ret
> 0x000564cf : mov rdx, [r14 + 0x20]; mov rax, [rdi + 0xd8]; sub rdx, rsi; sar rdx, 2; call [rax + 0x38]
> 0x001348b8 : mov rsi, [rcx + 0x1c]; mov rdi, [rcx + 0x24]; mov eax, 1; mov [rdx], rsi; mov [rdx + 8], rdi; ret
> 0x00135138 : mov rsi, [rdi + 0x20]; mov rdi, [rdi + 0x28]; mov eax, 1; mov [rdx], rsi; mov [rdx + 8], rdi; ret
> 0x000352cf : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x001348b9 : mov esi, [rcx + 0x1c]; mov rdi, [rcx + 0x24]; mov eax, 1; mov [rdx], rsi; mov [rdx + 8], rdi; ret
> 0x000352d0 : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00047b6a : mov rcx, [rdi + 0x98]; mov r8, [rdi + 0x28]; mov r9, [rdi + 0x30]; mov rdi, [rdi + 0x68]; xor eax, eax; ret
> 0x00123889 : mov r9, [rsi]; xor eax, eax; mov r10, [rsi + 8]; mov [rdi + rdx + 8], r9; mov [rdi + rdx + 0x10], r10; ret
> 0x00074330 : mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x00113a48 : mov rdx, [r13 + 0x38]; mov [rbp - 0x70], rdx; mov edx, [r13 + 0x18]; mov [rbp - 0x80], edx; mov rdx, r14; call rax
> 0x000ac6e1 : mov rdi, [r12 + 0x10]; push 1; xor r8d, r8d; push 0; lea rcx, [rax + 4]; lea r9, [rsp + 0x20]; call rbx
> 0x000564cb : mov rsi, [r14 + 0x18]; mov rdx, [r14 + 0x20]; mov rax, [rdi + 0xd8]; sub rdx, rsi; sar rdx, 2; call [rax + 0x38]
> 0x0012e17f : mov edx, [r15 + 0x48]; mov rdi, [r15]; mov r12, rbx; add r12, [r15 + 0x50]; sub edx, ebx; mov rsi, r12; call [r15 + 0x40]
> 0x00139276 : mov rbx, [rdi + 0x48]; mov rax, [rbx + 0x18]; lea r12, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00038360 : movzx esi, [rax + 0xe]; mov [rdx + 0xe], sil; mov [rax + 0xe], cl; mov rdx, r13; mov rsi, [rsp + 0x18]; mov rdi, r12; call r15
> 0x00023abc : movsx rcx, [rdx + 0x19]; mov [rax + 0x4c], ecx; movsx ecx, [rdx + 0x1a]; movsx edx, [rdx + 0x1b]; mov [rax + 0x50], ecx; mov [rax + 0x54], edx; ret
> 0x0006d7af : mov r8, [rdx + 0x88]; mov [r8 + 8], r9; add [r8 + 4], 1; mov rax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x00074036 : mov r14, [rax + 0x40]; mov rax, [rax + 0x50]; mov [rsp + 8], r14; mov [rsp], rax; mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]