Free Online ROP Gadgets Search

ropshell> use dd0a39cabe1d42e80f69e63146e44c33 (download)
name         : gostack (x86_64/RAW)
base address : 0x0
total gadgets: 10471

ropshell> suggest "load mem"
> 0x0005c4f1 : movsxd rax, [rcx]; ret
> 0x00070d95 : mov edi, [rcx]; ret
> 0x000332a5 : mov rbx, [rcx + 0x10]; ret
> 0x000332a6 : mov ebx, [rcx + 0x10]; ret
> 0x0000596c : mov rax, [rdx]; call rax
> 0x00060ee9 : mov rax, [rsi]; mov [rdi], rax; ret
> 0x00005aa5 : mov rcx, [rdx]; call rcx
> 0x0005295a : mov rsi, [rdx]; call rsi
> 0x0002b0c6 : mov rdi, [rdx]; call rdi
> 0x0009f705 : mov r8, [rdx]; call r8
> 0x0005dd3d : mov r12, [rdx]; call r12
> 0x0009f706 : mov eax, [rdx]; call r8
> 0x00060eca : mov eax, [rsi]; mov [rdi], eax; ret
> 0x00005aa6 : mov ecx, [rdx]; call rcx
> 0x0005295b : mov esi, [rdx]; call rsi
> 0x0002b0c7 : mov edi, [rdx]; call rdi
> 0x000660c3 : mov rbx, [rax + 8]; mov rax, rcx; ret
> 0x000660c4 : mov ebx, [rax + 8]; mov rax, rcx; ret
> 0x000049c0 : mov rcx, [rax]; cmp [rbx], rcx; sete al; ret
> 0x000049a0 : mov ecx, [rax]; cmp [rbx], ecx; sete al; ret
> 0x0009de6c : mov rcx, [rdx + 0x28]; call rcx
> 0x0009de6d : mov ecx, [rdx + 0x28]; call rcx
> 0x00032ada : mov rax, [rbx]; mov rdx, rbx; call rax
> 0x0009e17d : mov rbx, [rax]; mov rdx, rax; call rbx
> 0x00038b32 : mov rbx, [rdx]; mov rax, rcx; call rbx
> 0x00007975 : mov rcx, [rdi]; mov rdx, rdi; call rcx
> 0x00087aba : mov rcx, [r8]; mov rdx, r8; call rcx
> 0x00032adb : mov eax, [rbx]; mov rdx, rbx; call rax
> 0x0009e17e : mov ebx, [rax]; mov rdx, rax; call rbx
> 0x00038b33 : mov ebx, [rdx]; mov rax, rcx; call rbx
> 0x00007976 : mov ecx, [rdi]; mov rdx, rdi; call rcx
> 0x000332a1 : mov rax, [rcx + 8]; mov rbx, [rcx + 0x10]; ret
> 0x00039c40 : mov rax, [r14 + 0x30]; mov [rax + 0x114], 1; ret
> 0x000332a2 : mov eax, [rcx + 8]; mov rbx, [rcx + 0x10]; ret
> 0x00039c41 : mov eax, [rsi + 0x30]; mov [rax + 0x114], 1; ret
> 0x00013cc4 : mov rcx, [rbx]; not rcx; nop ; mov [rax + 0x40], rcx; ret
> 0x00013cc5 : mov ecx, [rbx]; not rcx; nop ; mov [rax + 0x40], rcx; ret
> 0x000645c9 : mov rax, [rdx + 8]; mov ecx, 1; xchg [rax], ecx; ret
> 0x0008e930 : mov rcx, [rax + 0x10]; cmp [rbx + 0x10], rcx; sete al; ret
> 0x00097956 : mov rcx, [rdi + 0xf8]; mov rax, rbx; call rcx
> 0x00097e87 : mov rcx, [r10 + 0x98]; mov rax, rdi; call rcx
> 0x00066120 : mov rdx, [rax + 0x28]; mov rax, rcx; call rdx
> 0x000190ed : mov rsi, [rax + 0x10]; mov rax, rsi; call rcx
> 0x000645ca : mov eax, [rdx + 8]; mov ecx, 1; xchg [rax], ecx; ret
> 0x0008e931 : mov ecx, [rax + 0x10]; cmp [rbx + 0x10], rcx; sete al; ret
> 0x00097957 : mov ecx, [rdi + 0xf8]; mov rax, rbx; call rcx
> 0x00066121 : mov edx, [rax + 0x28]; mov rax, rcx; call rdx
> 0x000190ee : mov esi, [rax + 0x10]; mov rax, rsi; call rcx
> 0x00098f91 : mov rbx, [rcx]; mov eax, r10d; mov rdx, rcx; call rbx
> 0x00098f92 : mov ebx, [rcx]; mov eax, r10d; mov rdx, rcx; call rbx
> 0x0007a68c : mov rax, [rbx + 8]; mov rbp, [rsp + 0x18]; add rsp, 0x20; ret
> 0x00065d49 : mov rbx, [rdx + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0007a68d : mov eax, [rbx + 8]; mov rbp, [rsp + 0x18]; add rsp, 0x20; ret
> 0x00065d4a : mov ebx, [rdx + 8]; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0002ef88 : mov rdx, [rax]; mov [rcx + 0xa0], rdx; nop ; mov [rax], rcx; ret
> 0x0002ef89 : mov edx, [rax]; mov [rcx + 0xa0], rdx; nop ; mov [rax], rcx; ret
> 0x00011412 : mov esi, [rbx + 0xc]; mov rax, r13; mov rbx, rsi; call rcx
> 0x0000fea0 : mov edi, [rbx + 0xc]; mov rax, rcx; mov rbx, rdi; call rsi
> 0x00011971 : mov ebx, [rdi]; sbb [rax], al; mov rbp, [rsp + 0x10]; add rsp, 0x18; ret
> 0x0007ab66 : mov rdx, [rcx]; mov rcx, rbx; mov rbx, rdx; mov rbp, [rsp + 0x20]; add rsp, 0x28; ret
> 0x0007a4e3 : mov eax, [rcx]; mov rbx, [rcx + 8]; mov rbp, [rsp + 0x30]; add rsp, 0x38; ret
> 0x0007ab67 : mov edx, [rcx]; mov rcx, rbx; mov rbx, rdx; mov rbp, [rsp + 0x20]; add rsp, 0x28; ret
> 0x0003c456 : mov rbx, [rsi + 0x280]; mov rax, [rsp + 0x18]; mov rdx, rdi; call rcx
> 0x0009dea4 : mov rdx, [rbx + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0009dc36 : mov rdx, [rsi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0009dd10 : mov rdx, [rdi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0007c313 : mov r8, [rax + 0x20]; mov rax, rbx; mov rbx, rdi; nop [rax]; call r8
> 0x0003c457 : mov ebx, [rsi + 0x280]; mov rax, [rsp + 0x18]; mov rdx, rdi; call rcx
> 0x0009dea5 : mov edx, [rbx + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0009dc37 : mov edx, [rsi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0009dd11 : mov edx, [rdi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x000836bd : mov rcx, [r9 + 0x10]; movzx r8d, [r9 + 0x18]; mov rbp, [rsp + 0x58]; add rsp, 0x60; ret
> 0x0005c4e0 : mov rcx, [r14 + 0x30]; inc [rcx + 0x108]; mov rcx, [rcx + 0xd0]; movsxd rax, [rcx]; ret
> 0x0005c4e1 : mov ecx, [rsi + 0x30]; inc [rcx + 0x108]; mov rcx, [rcx + 0xd0]; movsxd rax, [rcx]; ret
> 0x0009de5e : mov rdx, [rcx + 0xb0]; mov rax, [rcx + 0xb8]; mov rcx, [rdx + 0x28]; call rcx
> 0x00091724 : mov rdi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x0009de5f : mov edx, [rcx + 0xb0]; mov rax, [rcx + 0xb8]; mov rcx, [rdx + 0x28]; call rcx
> 0x00091725 : mov edi, [rcx + 0x10]; mov rsi, rax; mov rax, [rsp + 0x58]; mov rcx, rdx; call rsi
> 0x0009dc33 : mov rcx, [rsi]; mov rdx, [rsi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x00054ed7 : mov rcx, [r9]; lea rax, [rsp + 0x2f8]; mov rbx, [rsp + 0x2f0]; mov rdx, r9; call rcx
> 0x0005837d : mov rsi, [rcx]; mov rdi, [rip + 0x10b099]; mov rbx, rax; mov rdx, rcx; mov rax, rdi; call rsi
> 0x0009dc34 : mov ecx, [rsi]; mov rdx, [rsi + 8]; mov rcx, [rcx + 0x18]; mov rax, rdx; call rcx
> 0x0005837e : mov esi, [rcx]; mov rdi, [rip + 0x10b099]; mov rbx, rax; mov rdx, rcx; mov rax, rdi; call rsi
> 0x0009c4f2 : mov rsi, [rdx + 0x10]; mov rdx, [rdx + 0x18]; mov rsi, [rsi + 0x18]; mov rax, rdx; call rsi
> 0x0005fc49 : mov rsi, [rdi + 8]; sub rsi, [rsp + 0x28]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x18], eax; ret
> 0x0009c4f3 : mov esi, [rdx + 0x10]; mov rdx, [rdx + 0x18]; mov rsi, [rsi + 0x18]; mov rax, rdx; call rsi
> 0x0005fc4a : mov esi, [rdi + 8]; sub rsi, [rsp + 0x28]; mov fs:[0xfffffffffffffff8], rdi; mov rsp, rsi; mov [rsp + 0x18], eax; ret
> 0x0001f39a : mov rax, [rsi + 0x10]; add rax, [rdi + 0x68]; mov [rsi + 0x10], rax; mov rbp, [rsp + 0x40]; add rsp, 0x48; ret
> 0x000836b9 : mov rbx, [r9 + 8]; mov rcx, [r9 + 0x10]; movzx r8d, [r9 + 0x18]; mov rbp, [rsp + 0x58]; add rsp, 0x60; ret
> 0x0007df2a : mov r8, [rsi + 0x18]; mov rbx, [rsp + 0x68]; mov rcx, rax; mov rdi, rdx; mov rax, [rsp + 0x88]; call r8
> 0x0002ae6d : mov rbx, [r11 + r9]; mov rdi, [r11 + r9 + 8]; mov rax, rcx; mov rcx, rdi; lea rdx, [rsp + 0x80]; call rsi
> 0x00010c4d : mov rcx, [rsi + 0x30]; mov rdx, [rcx + 0x18]; mov rcx, [rdx]; mov rax, [rsp + 0x48]; mov rbx, rax; call rcx
> 0x000836b6 : mov rax, [r9]; mov rbx, [r9 + 8]; mov rcx, [r9 + 0x10]; movzx r8d, [r9 + 0x18]; mov rbp, [rsp + 0x58]; add rsp, 0x60; ret
> 0x0001144b : mov rcx, [rbx + 0x30]; mov rdx, [rcx + 0x18]; mov rcx, [rdx]; mov rax, [rsp + 0x48]; mov rbx, rax; nop ; call rcx
> 0x0007c476 : mov rdi, [rax + 0x28]; lea r8, [rcx + rdx]; lea r9, [rcx + rsi]; mov rax, rbx; mov rbx, r8; mov rcx, r9; call rdi
> 0x0001052c : mov rdi, [rsi + 0x30]; mov rdx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x68]; mov rbx, rcx; nop ; call rdi
> 0x0001144c : mov ecx, [rbx + 0x30]; mov rdx, [rcx + 0x18]; mov rcx, [rdx]; mov rax, [rsp + 0x48]; mov rbx, rax; nop ; call rcx
> 0x0007c477 : mov edi, [rax + 0x28]; lea r8, [rcx + rdx]; lea r9, [rcx + rsi]; mov rax, rbx; mov rbx, r8; mov rcx, r9; call rdi
> 0x0001052d : mov edi, [rsi + 0x30]; mov rdx, [rdi + 0x18]; mov rdi, [rdx]; mov rax, [rsp + 0x68]; mov rbx, rcx; nop ; call rdi
> 0x0005cf17 : mov rbp, [rbx + 0x30]; mov [rbx], 0; mov [rbx + 0x20], 0; mov [rbx + 0x18], 0; mov [rbx + 0x30], 0; mov rbx, [rbx + 8]; jmp rbx
> 0x0005cf18 : mov ebp, [rbx + 0x30]; mov [rbx], 0; mov [rbx + 0x20], 0; mov [rbx + 0x18], 0; mov [rbx + 0x30], 0; mov rbx, [rbx + 8]; jmp rbx