Free Online ROP Gadgets Search

ropshell> use 1df4ce32afb2f7897a554b9cbe432382 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x263c0
total gadgets: 16124

ropshell> suggest "write mem"
> 0x00078544 : adc [rax], ecx; ret
> 0x000a227c : adc [rcx], eax; ret
> 0x00086885 : add [rcx], edi; ret
> 0x0003b63c : adc [rdx], ecx; ret
> 0x0008f26b : add [rdi], rax; ret
> 0x0005333a : adc [rdi], eax; ret
> 0x001352a3 : adc [rax + 0xb0], ebx; ret
> 0x00039ae8 : adc [rax + 0x39], ecx; ret
> 0x0016db6f : adc [rax + 0x30], edi; ret
> 0x0016e574 : adc [rax + 0x20], ebp; ret
> 0x0016d416 : adc [rcx + 7], rdi; ret
> 0x0016df98 : adc [rcx + 0x50], edi; ret
> 0x000792cb : adc [rdx + 8], eax; ret
> 0x0016d8fe : adc [rsi + 3], rdx; ret
> 0x000eb6bf : adc [rsi + 8], eax; ret
> 0x0013c1fc : adc [rsi + 8], ecx; ret
> 0x0016d8ff : adc [rsi + 3], edx; ret
> 0x000862cb : adc [rsi + 0x70], edi; ret
> 0x00147e4a : adc [rdi + 0x18], eax; ret
> 0x000fc1ee : adc [rdi + 0x20], ecx; ret
> 0x00133670 : add [rbp + 0x1d], esi; ret
> 0x0013746f : add [rdi], ecx; xchg eax, esp; ret
> 0x0012937d : adc [rbx + 0x10], eax; pop rbx; ret
> 0x00131e2a : add [rcx + 0x5c], eax; pop r13; ret
> 0x000f16db : adc [rbx], eax; pop rbx; pop rbp; pop r12; ret
> 0x000a2279 : adc [rdx], eax; movups xmm[rcx], xmm0; ret
> 0x0016d7cb : adc [rdi], rdx; vmovups zmm[rsi - 0x40], zmm2; ret
> 0x0016d7cc : adc [rdi], edx; vmovups zmm[rsi - 0x40], zmm2; ret
> 0x000ee143 : add [rdx + 2], edi; cmove eax, edx; ret
> 0x00147fd0 : add [rdi + 0x28], edx; mov eax, 1; ret
> 0x0013615e : add [rax + 0x24448948], edx; adc [rax - 0x77], cl; ret
> 0x00027ae3 : adc [rbx + 0x4864001a], esi; add eax, [0]; ret
> 0x0014805c : add [rbx + 0x28], ebp; pop rbx; pop rbp; pop r12; ret
> 0x0016d81c : add [rdx + 2], esi; mov [rdi], cl; ret
> 0x0013615d : add [r8 + 0x24448948], edx; adc [rax - 0x77], cl; ret
> 0x000de06a : adc [rsi], eax; pop rbx; pop rbp; pop r12; pop r13; pop r14; ret
> 0x0016d40f : adc [rcx + 6], rsi; vmovups zmm[r9 + 0x1c0], zmm15; ret
> 0x0016d410 : adc [rcx + 6], esi; vmovups zmm[r9 + 0x1c0], zmm15; ret
> 0x0010176b : add [rbx], ebp; xor eax, eax; add rsp, 8; pop rbx; pop rbp; ret
> 0x00133d46 : adc [rcx], esi; rol [rbx + 0x127502f8], cl; mov eax, edx; ret
> 0x0007e1c4 : add [rbx + 0x18], rbp; mov rax, r12; pop rbx; pop rbp; pop r12; ret
> 0x0008ac66 : adc [rbx + 0x13e8c107], ecx; mov [rsi], eax; xor eax, eax; ret
> 0x00086942 : add [rdi + 0xb], esi; mov [rdi], esi; xor eax, eax; ret
> 0x0009f4d1 : add [rbp + 0x40ea75c0], eax; or [rdi], dh; mov eax, ecx; ret
> 0x0007d0ca : add [r14 + 0x18], r12; pop rbx; pop rbp; pop r12; pop r13; pop r14; ret
> 0x000c0230 : add [rsi], ecx; add cl, ch; idiv edi; jmp [rsi + 0xf]
> 0x0016d0a3 : adc [rdi + 1], rcx; vmovups zmm[r9 - 0x80], zmm2; vmovups zmm[r9 - 0x40], zmm3; ret
> 0x0016d7b0 : adc [rdi + 1], rdx; vmovups zmm[rsi - 0x80], zmm2; vmovups zmm[rsi - 0x40], zmm2; ret
> 0x00147ddc : add [rbp + 0x18], rbx; add rsp, 8; mov eax, 1; pop rbx; pop rbp; ret
> 0x00147ddd : add [rbp + 0x18], ebx; add rsp, 8; mov eax, 1; pop rbx; pop rbp; ret
> 0x0003f5e3 : adc [rax], edi; sbb [rax], eax; neg eax; mov fs:[rdx], eax; mov rax, -1; ret
> 0x0016d408 : adc [rcx + 5], rbp; vmovups zmm[r9 + 0x180], zmm14; vmovups zmm[r9 + 0x1c0], zmm15; ret
> 0x0016d409 : adc [rcx + 5], ebp; vmovups zmm[r9 + 0x180], zmm14; vmovups zmm[r9 + 0x1c0], zmm15; ret
> 0x000b099a : add [rdx], ebp; lea rcx, [rax + 1]; lea r9, [rsp + 0x28]; call rbx
> 0x0016d8ea : adc [rsi], rdx; vmovups zmm[rsi + 0x40], zmm2; vmovups zmm[rsi + 0x80], zmm2; vmovups zmm[rsi + 0xc0], zmm2; ret
> 0x0016d8eb : adc [rsi], edx; vmovups zmm[rsi + 0x40], zmm2; vmovups zmm[rsi + 0x80], zmm2; vmovups zmm[rsi + 0xc0], zmm2; ret
> 0x0003cef3 : add [rdi + 0x19], ebx; add [rdi + rax*8], ah; add es:[rax], al; add [rax - 1], bh; ret
> 0x0016df8a : adc [rcx + 0x20], edx; movups xmm[rcx + 0x30], xmm9; movups xmm[rcx + 0x40], xmm8; movups xmm[rcx + 0x50], xmm7; ret
> 0x0016d059 : adc [rdi + 3], rbx; vmovups zmm[r9 - 0x100], zmm4; vmovups zmm[r9 - 0xc0], zmm5; vmovups zmm[r9 - 0x80], zmm6; vmovups zmm[r9 - 0x40], zmm7; ret
> 0x000a22df : adc [rdi + 0x10], ebp; movups xmm[rdi + 0x20], xmm6; movups xmm[rdi + 0x30], xmm7; movups xmm[rdx + rdi - 0x10], xmm8; ret
> 0x000b0eac : add [rdx + 1], ebp; xor r8d, r8d; xor ecx, ecx; xor edx, edx; lea r9, [rsp + 0x20]; call rbx
> 0x0016d3fa : adc [rcx + 3], rbx; vmovups zmm[r9 + 0x100], zmm12; vmovups zmm[r9 + 0x140], zmm13; vmovups zmm[r9 + 0x180], zmm14; vmovups zmm[r9 + 0x1c0], zmm15; ret
> 0x0016df85 : adc [rcx + 0x10], ebx; movups xmm[rcx + 0x20], xmm10; movups xmm[rcx + 0x30], xmm9; movups xmm[rcx + 0x40], xmm8; movups xmm[rcx + 0x50], xmm7; ret
> 0x000f6174 : adc [rsi + 0x50], ebp; movdqu xmm6, xmm[rdi + 0x68]; movups xmm[rsi + 0x60], xmm6; movdqu xmm7, xmm[rdi + 0x78]; movups xmm[rsi + 0x70], xmm7; ret
> 0x0016d3f3 : adc [rcx + 2], rdx; vmovups zmm[r9 + 0xc0], zmm11; vmovups zmm[r9 + 0x100], zmm12; vmovups zmm[r9 + 0x140], zmm13; vmovups zmm[r9 + 0x180], zmm14; vmovups zmm[r9 + 0x1c0], zmm15; ret