ropshell> use fadb3e5e0f0200befcf977d0cccdf983 (download)
name         : pwn (x86_64/ELF)
base address : 0x400390
total gadgets: 8930
ropshell> suggest "load mem"
> 0x00419c80 : mov eax, [rdx]; ret
> 0x0046ddf7 : mov eax, [rsi]; pop rbx; ret
> 0x004203a0 : mov rax, [rdi + 0x68]; ret
> 0x0047ddbc : mov eax, [rsi + 4]; ret
> 0x004203a1 : mov eax, [rdi + 0x68]; ret
> 0x0042c4e3 : movzx eax, [rdi]; sub eax, ecx; ret
> 0x004380e3 : movzx ecx, [rsi]; sub eax, ecx; ret
> 0x0042fd43 : movzx edx, [rsi]; sub eax, edx; ret
> 0x0042005e : mov rax, [rdi]; mov [rdx], rax; ret
> 0x0043ef60 : mov rdx, [rsi]; mov [rdi], rdx; ret
> 0x004a6728 : mov rsi, [rbx]; call r14
> 0x004a6777 : mov rsi, [r15]; call r14
> 0x00470784 : mov rdi, [rbp]; call r12
> 0x0044a0df : mov rdi, [r12]; call rbx
> 0x0041766c : mov rdi, [r13]; call r14
> 0x00449c56 : mov rdi, [r14]; call rbx
> 0x00449c97 : mov rdi, [r15]; call rbx
> 0x0046dcd8 : mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x004a6729 : mov esi, [rbx]; call r14
> 0x004a6778 : mov esi, [rdi]; call r14
> 0x00449c57 : mov edi, [rsi]; call rbx
> 0x00470785 : mov edi, [rbp]; call r12
> 0x004a68eb : mov rax, [rsi + 0x10]; add rsp, 8; ret
> 0x0042c60f : movzx edx, [rsi + rcx]; sub eax, edx; ret
> 0x00443150 : mov rax, [rcx]; mov [rdx], rax; mov rax, rdi; ret
> 0x004a5c58 : mov rdx, [r12]; mov edi, 1; call rax
> 0x004a79f8 : mov rdx, [r15]; mov rdi, rbp; call rbx
> 0x004431d1 : mov eax, [rcx]; mov [rdx], ax; mov rax, rdi; ret
> 0x004a79f9 : mov edx, [rdi]; mov rdi, rbp; call rbx
> 0x00484c60 : mov rax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00484c40 : mov rdx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00484c54 : mov rdx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00484c61 : mov eax, [rbx + 0x18]; mov [rax], rdi; pop rbx; ret
> 0x00484c41 : mov edx, [rbx + 0x18]; mov [rdx], rax; pop rbx; ret
> 0x00484c55 : mov edx, [rdi + 0x30]; mov [rax], rdx; pop rbx; ret
> 0x00401782 : mov ebp, [rax]; neg ebp; mov eax, ebp; pop rbx; pop rbp; pop r12; ret
> 0x0041c2cb : mov rax, [rbp + 0xd8]; call [rax + 0x40]
> 0x00469993 : mov rax, [r14 + 0xd8]; call [rax + 0x38]
> 0x0041c2cc : mov eax, [rbp + 0xd8]; call [rax + 0x40]
> 0x0047fd54 : mov rax, [r13]; add rax, [rdx + 8]; call rax
> 0x0043eef4 : mov rcx, [rsi]; mov [rdi + 1], rdx; mov [rdi], rcx; ret
> 0x004a6283 : mov rdx, [r13]; mov esi, 1; mov edi, 1; call rax
> 0x0044a092 : mov rdi, [rax]; mov [rsp + 8], rax; call rbx
> 0x0047fd55 : mov eax, [rbp]; add rax, [rdx + 8]; call rax
> 0x004a6284 : mov edx, [rbp]; mov esi, 1; mov edi, 1; call rax
> 0x0044a093 : mov edi, [rax]; mov [rsp + 8], rax; call rbx
> 0x00443276 : mov rax, [rcx + 5]; mov [rdx + 5], rax; mov rax, rdi; ret
> 0x00443224 : mov eax, [rcx + 3]; mov [rdx + 3], eax; mov rax, rdi; ret
> 0x00447d40 : mov eax, [r8 + 4]; add rsp, 8; pop rbx; pop rbp; pop r12; pop r13; ret
> 0x0046ed4b : mov ecx, [rdx + 0x48]; cmp ecx, [rdx + 0x4c]; cmove eax, ecx; ret
> 0x0042c4c4 : movzx ecx, [rsi + rdx]; movzx eax, [rdi + rdx]; sub eax, ecx; ret
> 0x0041a217 : mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x00444ff4 : mov rcx, [rsi + 0x10]; movdqu xmm[rdi], xmm0; mov [rdi + 0x10], rcx; ret
> 0x00444f03 : mov rdx, [rsi + 5]; mov [rdi], rcx; mov [rdi + 5], rdx; ret
> 0x0041a11d : mov rdx, [r15 + 0x40]; sub rdx, rsi; mov rdi, r15; call rax
> 0x0041983e : mov rbp, [rdi + 0x98]; mov rdi, rbp; call [rbp + 0x20]
> 0x0041a160 : mov r13, [r15 + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x0041a218 : mov ebx, [rdi + 0x98]; mov rdi, rbx; call [rbx + 0x20]
> 0x0041a161 : mov ebp, [rdi + 0x98]; mov rdi, r13; call [r13 + 0x20]
> 0x004a3da8 : mov r8, [rax]; lea rax, [rax + 8]; mov [r10], r8; add rsp, 8; ret
> 0x004a79f4 : mov rsi, [r14 + 8]; mov rdx, [r15]; mov rdi, rbp; call rbx
> 0x004191af : mov rax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x0046e17a : mov rax, [r13 + 0xd8]; mov esi, ebx; mov rdi, r13; call [rax + 0x18]
> 0x004198c6 : mov r9, [rax + 0x10]; lea r8, [rsp + 0x18]; call [rbp + 0x18]
> 0x004826a3 : mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x004191b0 : mov eax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x004198c7 : mov ecx, [rax + 0x10]; lea r8, [rsp + 0x18]; call [rbp + 0x18]
> 0x0044a521 : mov rsi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x0044a522 : mov esi, [rax]; mov rdi, [rbp - 0x40]; mov r13d, ebx; mov rax, [rbp - 0x48]; call rax
> 0x0041ecf2 : movzx esi, [r14]; mov rdi, r12; lea rbx, [r14 + 1]; call [rax + 0x18]
> 0x004a66c8 : mov rcx, [rdx + 8]; mov edx, 1; sbb eax, eax; cmp [rsi + 8], rcx; cmova eax, edx; ret
> 0x00402e64 : mov rdx, [rbp + 0x30]; mov [rax + 0x30], rdx; mov rax, rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x00402e65 : mov edx, [rbp + 0x30]; mov [rax + 0x30], rdx; mov rax, rbx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0040659f : mov rdx, [rbp]; mov edx, [rdx + 0xc]; mov [rbx + 0x1c], edx; add rsp, 8; pop rbx; pop rbp; ret
> 0x0046d48c : mov rax, [r12 + 0xd8]; movsxd rdx, ebx; mov rsi, r13; mov rdi, r12; call [rax + 0x38]
> 0x0046d981 : mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0046dcce : mov rax, [rdx]; lea rcx, [rax + 4]; mov [rdx], rcx; mov edx, [rax]; mov eax, edx; pop rbx; ret
> 0x0047d4a4 : mov r12, [rax]; mov rbx, rax; mov [rip + 0x2724ef], r15; mov rdi, r14; mov [rax], 0; call r13
> 0x0048269f : mov r14, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x004826a0 : mov esi, [rdi + 0x20]; mov r15, [rdi + 0x28]; mov eax, esi; mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x0041a500 : mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x0041a501 : mov ecx, [rdi + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x00466fcb : mov rsi, [r15 + 0x18]; mov rdx, [r15 + 0x20]; mov rax, [rdi + 0xd8]; sub rdx, rsi; sar rdx, 2; call [rax + 0x38]
> 0x0041a4f9 : mov rax, [r15 + 0xa0]; mov rcx, [r15 + 0x10]; mov rdx, [r15 + 0x18]; sar r8, 2; lea rsi, [rax + 0x58]; call [r13 + 0x30]
> 0x0046d979 : mov rdx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0046d97a : mov edx, [rax + 0x40]; mov [rax + 8], rcx; mov rcx, [rax + 0x10]; mov [rax], rdx; mov [rax + 0x10], rdx; mov [rax + 0x40], rcx; ret
> 0x0045aa72 : movzx esi, [rax + 0xe]; mov [rdx + 0xe], sil; mov [rax + 0xe], cl; mov rdx, r13; mov rsi, [rsp + 0x20]; mov rdi, r12; call r15
> 0x0041919f : mov r8, [rdx + 0x88]; mov [r8 + 8], r9; add [r8 + 4], 1; mov rax, [rdx + 0xd8]; mov rbx, rdx; mov rdi, rdx; call [rax + 0x60]
> 0x0041a206 : mov r14, [rax + 0x40]; mov rax, [rax + 0x50]; mov [rsp + 8], r14; mov [rsp], rax; mov rbx, [r15 + 0x98]; mov rdi, rbx; call [rbx + 0x20]