NAME=rop search with maxhits
FILE=bins/elf/varsub
CMDS=<<EOF
e search.maxhits=1
/Rq pop r15
EOF
EXPECT=<<EOF
0x0040052c: pop r12; pop r13; pop r14; pop r15; ret;
EOF
RUN

NAME=rop search without maxhits
FILE=bins/elf/varsub
CMDS=/Rq pop r15~?
EXPECT=<<EOF
7
EOF
RUN

NAME=rop search without maxhits
FILE=bins/elf/varsub
CMDS=<<EOF
e search.maxhits=2
/Rq pop r15~?
EOF
EXPECT=<<EOF
2
EOF
RUN

NAME=search all rop gadgets
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.nbytes=8
e asm.arch=x86
e asm.bits=32
/R
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b5     80b801000000b9  cmp byte [eax+0x01], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 14

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 12

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 11

  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 10

  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 9

  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 8

  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 7

  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 5

  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 3

  0x000000c2                 c3  ret
Gadget size: 1

EOF
RUN

NAME=search rop gadgets with a regexp
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R/ mov e[abcd]x
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 12

  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 10

  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 8

EOF
RUN

NAME=search rop gadgets and show them linearly
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rq
EOF
EXPECT=<<EOF
0x000000b4: int 0x80; mov eax, 0x01; mov ecx, 0x00; int 0x80; ret;
0x000000b5: cmp byte [eax+0x01], 0xb9; add byte [eax], al; add byte [eax], al; int 0x80; ret;
0x000000b6: mov eax, 0x01; mov ecx, 0x00; int 0x80; ret;
0x000000b7: add dword [eax], eax; add byte [eax], al; mov ecx, 0x00; int 0x80; ret;
0x000000b8: add byte [eax], al; add byte [ecx], bh; int 0x80; ret;
0x000000b9: add byte [eax], al; mov ecx, 0x00; int 0x80; ret;
0x000000ba: add byte [ecx], bh; int 0x80; ret;
0x000000bb: mov ecx, 0x00; int 0x80; ret;
0x000000bc: add byte [eax], al; add byte [eax], al; int 0x80; ret;
0x000000be: add byte [eax], al; int 0x80; ret;
0x000000c0: int 0x80; ret;
0x000000c2: ret;
EOF
RUN

NAME=search rop gadgets with filter
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R ecx
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 12

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 11

  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 10

  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 9

  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 8

EOF
RUN

NAME=search rop gadgets with filter and output JSON
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rj ecx
EOF
EXPECT=<<EOF
[{"opcodes":[{"offset":180,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":182,"size":5,"opcode":"mov eax, 0x01","type":"mov"},{"offset":187,"size":5,"opcode":"mov ecx, 0x00","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":15},{"opcodes":[{"offset":182,"size":5,"opcode":"mov eax, 0x01","type":"mov"},{"offset":187,"size":5,"opcode":"mov ecx, 0x00","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":13},{"opcodes":[{"offset":183,"size":2,"opcode":"add dword [eax], eax","type":"add"},{"offset":185,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":187,"size":5,"opcode":"mov ecx, 0x00","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":12},{"opcodes":[{"offset":184,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":186,"size":6,"opcode":"add byte [ecx], bh","type":"add"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":11},{"opcodes":[{"offset":185,"size":2,"opcode":"add byte [eax], al","type":"add"},{"offset":187,"size":5,"opcode":"mov ecx, 0x00","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":10},{"opcodes":[{"offset":186,"size":6,"opcode":"add byte [ecx], bh","type":"add"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":9},{"opcodes":[{"offset":187,"size":5,"opcode":"mov ecx, 0x00","type":"mov"},{"offset":192,"size":2,"opcode":"int 0x80","type":"swi"},{"offset":194,"size":1,"opcode":"ret","type":"ret"}],"retaddr":194,"size":8}]
EOF
RUN

NAME=search rop gadgets with a regex of the form (a|b)
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/R/ "(ecx|eax)"
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b5     80b801000000b9  cmp byte [eax+0x01], 0xb9
  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 14

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 12

  0x000000b8               0000  add byte [eax], al
  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 11

  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 10

  0x000000ba       00b900000000  add byte [ecx], bh
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 9

  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 8

  0x000000bc               0000  add byte [eax], al
  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 7

  0x000000be               0000  add byte [eax], al
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 5

EOF
RUN

NAME=search rop gadgets with another end gadget as part of it.
FILE=bins/elf/analysis/unoriginal
CMDS=<<EOF
e asm.bits=32
e gadget.len=15
e search.from=0x08048340
e search.to=0x08048400
/R push esp
EOF
EXPECT=<<EOF
  0x08048350               fff4  push esp
  0x08048352               6690  nop
  0x08048354               6690  nop
  0x08048356               6690  nop
  0x08048358               6690  nop
  0x0804835a               6690  nop
  0x0804835c               6690  nop
  0x0804835e               6690  nop
  0x08048360             8b1c24  mov ebx, dword [esp]
  0x08048363                 c3  ret
Gadget size: 20

EOF
RUN

NAME=search rop with sequence.
FILE=bins/elf/analysis/x86-helloworld-gcc
CMDS=/R "pop esi;pop edi;pop ebp;ret"
EXPECT=<<EOF
  0x0804847a             c41c5b  les ebx, fword [ebx+ebx*2]
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 7

  0x0804847b               1c5b  sbb al, 0x5b
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 6

  0x0804847c                 5b  pop ebx
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 5

  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 4

EOF
RUN

NAME=search rop with regex sequence.
FILE=bins/elf/analysis/x86-helloworld-gcc
CMDS=<<EOF
e asm.bits=32
/R/ "pop esi;pop edi;pop ebp;ret"
EOF
EXPECT=<<EOF
  0x0804847a             c41c5b  les ebx, fword [ebx+ebx*2]
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 7

  0x0804847b               1c5b  sbb al, 0x5b
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 6

  0x0804847c                 5b  pop ebx
  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 5

  0x0804847d                 5e  pop esi
  0x0804847e                 5f  pop edi
  0x0804847f                 5d  pop ebp
  0x08048480                 c3  ret
Gadget size: 4

EOF
RUN

NAME=search rop for AVR
FILE=malloc://512
CMDS=<<EOF
e asm.arch=avr
e cfg.bigendian=false
e scr.color=false
wx 80e190e2089560e570e6089580e790e208958ae19be208950895a0e3b0e4c0e5d0e608956de071e00895
/R ldi
EOF
EXPECT=<<EOF
  0x00000000               80e1  ldi r24, 0x10
  0x00000002               90e2  ldi r25, 0x20
  0x00000004               0895  ret
Gadget size: 6

  0x00000002               90e2  ldi r25, 0x20
  0x00000004               0895  ret
Gadget size: 4

  0x00000006               60e5  ldi r22, 0x50
  0x00000008               70e6  ldi r23, 0x60
  0x0000000a               0895  ret
Gadget size: 6

  0x00000008               70e6  ldi r23, 0x60
  0x0000000a               0895  ret
Gadget size: 4

  0x0000000c               80e7  ldi r24, 0x70
  0x0000000e               90e2  ldi r25, 0x20
  0x00000010               0895  ret
Gadget size: 6

  0x00000012               8ae1  ldi r24, 0x1a
  0x00000014               9be2  ldi r25, 0x2b
  0x00000016               0895  ret
Gadget size: 6

  0x00000014               9be2  ldi r25, 0x2b
  0x00000016               0895  ret
Gadget size: 4

  0x0000001a               a0e3  ldi r26, 0x30
  0x0000001c               b0e4  ldi r27, 0x40
  0x0000001e               c0e5  ldi r28, 0x50
  0x00000020               d0e6  ldi r29, 0x60
  0x00000022               0895  ret
Gadget size: 10

  0x0000001c               b0e4  ldi r27, 0x40
  0x0000001e               c0e5  ldi r28, 0x50
  0x00000020               d0e6  ldi r29, 0x60
  0x00000022               0895  ret
Gadget size: 8

  0x0000001e               c0e5  ldi r28, 0x50
  0x00000020               d0e6  ldi r29, 0x60
  0x00000022               0895  ret
Gadget size: 6

  0x00000020               d0e6  ldi r29, 0x60
  0x00000022               0895  ret
Gadget size: 4

  0x00000024               6de0  ldi r22, 0x0d
  0x00000026               71e0  ldi r23, 0x01
  0x00000028               0895  ret
Gadget size: 6

  0x00000026               71e0  ldi r23, 0x01
  0x00000028               0895  ret
Gadget size: 4

EOF
EXPECT_ERR=
RUN


NAME=search rop gadgets given the detailed stack change (=0)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rs "=0"
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc08
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc0c
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10cc
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d0
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d4
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d8
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1118
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x111c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1120
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x125c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1260
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1264
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1890
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1894
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ecc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed0
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed4
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed8
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

EOF
RUN

NAME=search rop gadgets given the detailed stack change (<0x2000)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rs "<0x2000"
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc08
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc0c
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10cc
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d0
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d4
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d8
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1118
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x111c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1120
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x125c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1260
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1264
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1890
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1894
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ecc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed0
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed4
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed8
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

EOF
RUN

NAME=search rop gadgets given the detailed stack change (<=0x2000)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rs "<=0x2000"
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc08
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc0c
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10cc
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d0
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d4
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d8
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1118
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x111c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1120
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x125c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1260
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1264
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1890
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1894
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ecc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed0
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed4
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed8
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

EOF
RUN

NAME=search rop gadgets given the detailed stack change (>0x1)
FILE=bins/arm/elf/hello-linux-arm64
CMDS=<<EOF
/Rs ">0x1"
EOF
EXPECT=<<EOF
Gadget 0x400ff4
Stack change: 0x651
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x401a1c
Stack change: 0x4b0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x401a20
Stack change: 0x4b0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x401a24
Stack change: 0x4b0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x401a28
Stack change: 0x4b0
Changed registers: sp 
Register dependencies:

Gadget 0x402438
Stack change: 0x970
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x40243c
Stack change: 0x970
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x402440
Stack change: 0x970
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x402444
Stack change: 0x970
Changed registers: sp 
Register dependencies:

Gadget 0x403d94
Stack change: 0x600
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x403d98
Stack change: 0x600
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x403d9c
Stack change: 0x600
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x403da0
Stack change: 0x600
Changed registers: sp 
Register dependencies:

Gadget 0x405c5c
Stack change: 0x2180
Changed registers: x19 x20 x12 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c60
Stack change: 0x2180
Changed registers: x12 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c64
Stack change: 0x2180
Changed registers: x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c68
Stack change: 0x2180
Changed registers: sp 
Register dependencies:
Var Read: x12

Gadget 0x4098e8
Stack change: 0x2180
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x4098ec
Stack change: 0x2180
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x4098f0
Stack change: 0x2180
Changed registers: x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x412714
Stack change: 0x460
Changed registers: x0 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x20

Gadget 0x412718
Stack change: 0x460
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:

Gadget 0x41271c
Stack change: 0x460
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x412720
Stack change: 0x460
Changed registers: sp 
Register dependencies:

Gadget 0x4128f4
Stack change: 0x470
Changed registers: x19 x20 x21 x22 x25 sp 
Register dependencies:

Gadget 0x4128f8
Stack change: 0x470
Changed registers: x21 x22 x25 sp 
Register dependencies:

Gadget 0x4128fc
Stack change: 0x470
Changed registers: x25 sp 
Register dependencies:

Gadget 0x412900
Stack change: 0x470
Changed registers: sp 
Register dependencies:

Gadget 0x4129a8
Stack change: 0x1030
Changed registers: x29 x30 x12 x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129ac
Stack change: 0x1030
Changed registers: x12 x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129b0
Stack change: 0x1030
Changed registers: x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129dc
Stack change: 0x1e861
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x412a1c
Stack change: 0x1e8c1
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x413234
Stack change: 0x470
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x413238
Stack change: 0x470
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x41323c
Stack change: 0x470
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x41503c
Stack change: 0x20ac1
Changed registers: x0 x29 x30 sp 
Register dependencies:
Var Read: x30

Gadget 0x415040
Stack change: 0x20ad1
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x421ecc
Stack change: 0xb0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x421ed0
Stack change: 0xb0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x421ed4
Stack change: 0xb0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x421ed8
Stack change: 0xb0
Changed registers: sp 
Register dependencies:

Gadget 0x4236e8
Stack change: 0x250
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4236ec
Stack change: 0x250
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4236f0
Stack change: 0x250
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x4236f4
Stack change: 0x250
Changed registers: sp 
Register dependencies:

Gadget 0x423ee0
Stack change: 0xc0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x423ee4
Stack change: 0xc0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x423ee8
Stack change: 0xc0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x423eec
Stack change: 0xc0
Changed registers: sp 
Register dependencies:

Gadget 0x4249c4
Stack change: 0x7c0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4249c8
Stack change: 0x7c0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4249cc
Stack change: 0x7c0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x4249d0
Stack change: 0x7c0
Changed registers: sp 
Register dependencies:

Gadget 0x425aa8
Stack change: 0x4b0
Changed registers: x29 x30 x25 x26 sp 
Register dependencies:

Gadget 0x425aac
Stack change: 0x4b0
Changed registers: x29 x30 x25 x26 sp 
Register dependencies:

Gadget 0x42f3a4
Stack change: 0x2c730
Changed registers: x2 x30 x29 sp 
Register dependencies:

Gadget 0x42f538
Stack change: 0x2cd30
Changed registers: x3 x30 x29 sp 
Register dependencies:

Gadget 0x434d0c
Stack change: 0x870
Changed registers: x23 x24 x25 x26 x27 sp 
Register dependencies:

Gadget 0x434d10
Stack change: 0x870
Changed registers: x25 x26 x27 sp 
Register dependencies:

Gadget 0x434d14
Stack change: 0x870
Changed registers: x27 sp 
Register dependencies:

Gadget 0x434d18
Stack change: 0x870
Changed registers: sp 
Register dependencies:

Gadget 0x435dc0
Stack change: 0x8a0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x435dc4
Stack change: 0x8a0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x435dc8
Stack change: 0x8a0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x435dcc
Stack change: 0x8a0
Changed registers: sp 
Register dependencies:

Gadget 0x43bfe4
Stack change: 0x420
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43bfe8
Stack change: 0x420
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43bfec
Stack change: 0x420
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43bff0
Stack change: 0x420
Changed registers: sp 
Register dependencies:

Gadget 0x43ce34
Stack change: 0x110
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43ce38
Stack change: 0x110
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43ce3c
Stack change: 0x110
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43ce40
Stack change: 0x110
Changed registers: sp 
Register dependencies:

Gadget 0x43d72c
Stack change: 0x110
Changed registers: x27 x28 x21 x22 sp 
Register dependencies:

Gadget 0x43d730
Stack change: 0x110
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x43d734
Stack change: 0x110
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x43e850
Stack change: 0x1030
Changed registers: x29 x30 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x43e854
Stack change: 0x1030
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x43e8f4
Stack change: 0x1030
Changed registers: x0 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x21
Var Read: x12

Gadget 0x43ea9c
Stack change: 0x490
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43eaa0
Stack change: 0x490
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43eaa4
Stack change: 0x490
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43eaa8
Stack change: 0x490
Changed registers: sp 
Register dependencies:

Gadget 0x43f618
Stack change: 0x2e0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43f61c
Stack change: 0x2e0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43f620
Stack change: 0x2e0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43f624
Stack change: 0x2e0
Changed registers: sp 
Register dependencies:

Gadget 0x43fe5c
Stack change: 0x3c631
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x4422d0
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Memory Read: x0 Value: 0x7
Var Read: x1
Var Read: x0

Gadget 0x4422d4
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Var Read: x1
Var Read: x0

Gadget 0x4422d8
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Var Read: x1
Var Read: x0

Gadget 0x4422dc
Stack change: 0x10
Changed registers: x1 sp 
Register dependencies:

Gadget 0x4472f4
Stack change: 0x5f0
Changed registers: x21 x22 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4472f8
Stack change: 0x5f0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4472fc
Stack change: 0x5f0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x447300
Stack change: 0x5f0
Changed registers: sp 
Register dependencies:

Gadget 0x4492dc
Stack change: 0x8280
Changed registers: x12 x21 x22 x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x4492e0
Stack change: 0x8280
Changed registers: x21 x22 x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x4492e4
Stack change: 0x8280
Changed registers: x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x44a0f8
Stack change: 0x1a411
Changed registers: x0 x29 x30 
Register dependencies:
Var Read: x0
Var write: x0 Initial value: 0x16 New Value: 0xfffff5ca

Gadget 0x44bf40
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf44
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf48
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf4c
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x450520
Stack change: 0x520
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x450524
Stack change: 0x520
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x450528
Stack change: 0x520
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x45052c
Stack change: 0x520
Changed registers: sp 
Register dependencies:

Gadget 0x451974
Stack change: 0x1d9e1
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x451a08
Stack change: 0x1da11
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x451ff4
Stack change: 0x260
Changed registers: x21 x22 x23 x24 x25 sp 
Register dependencies:

Gadget 0x451ff8
Stack change: 0x260
Changed registers: x23 x24 x25 sp 
Register dependencies:

Gadget 0x451ffc
Stack change: 0x260
Changed registers: x25 sp 
Register dependencies:

Gadget 0x452000
Stack change: 0x260
Changed registers: sp 
Register dependencies:

Gadget 0x452438
Stack change: 0x260
Changed registers: x29 x30 x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x45243c
Stack change: 0x260
Changed registers: x29 x30 x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x452440
Stack change: 0x260
Changed registers: x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x452848
Stack change: 0x450
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:
Memory Write: x0 Initial Value: 0xffffffffffffffff New Value: 0x0
Memory Write: x1 Initial Value: 0xffffffffffffffff New Value: 0x0

Gadget 0x45284c
Stack change: 0x450
Changed registers: x27 x28 sp 
Register dependencies:
Memory Write: x0 Initial Value: 0x0 New Value: 0x0
Memory Write: x1 Initial Value: 0x0 New Value: 0x0

Gadget 0x452850
Stack change: 0x450
Changed registers: sp 
Register dependencies:
Memory Write: x0 Initial Value: 0x0 New Value: 0x0
Memory Write: x1 Initial Value: 0x0 New Value: 0x0

Gadget 0x452854
Stack change: 0x450
Changed registers: sp 
Register dependencies:

Gadget 0x4538c0
Stack change: 0x6d0
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:
Memory Write: x21 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff
Memory Write: x19 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4538c4
Stack change: 0x6d0
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:

Gadget 0x4538c8
Stack change: 0x6d0
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x4538cc
Stack change: 0x6d0
Changed registers: sp 
Register dependencies:

Gadget 0x453b0c
Stack change: 0x6c0
Changed registers: x19 x20 x21 x22 x23 x24 sp 
Register dependencies:

Gadget 0x453b10
Stack change: 0x6c0
Changed registers: x21 x22 x23 x24 sp 
Register dependencies:

Gadget 0x453b14
Stack change: 0x6c0
Changed registers: x23 x24 sp 
Register dependencies:

Gadget 0x453b18
Stack change: 0x6c0
Changed registers: sp 
Register dependencies:

Gadget 0x453c44
Stack change: 0x6d0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x453c48
Stack change: 0x6d0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x453c4c
Stack change: 0x6d0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x453d48
Stack change: 0x247a1
Changed registers: sp x29 x30 x0 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0x453ce8
Memory Read: x0 Value: 0x318

Gadget 0x453ec0
Stack change: 0xa70
Changed registers: x29 x30 x19 x20 x21 sp 
Register dependencies:

Gadget 0x453ec4
Stack change: 0xa70
Changed registers: x19 x20 x21 sp 
Register dependencies:

Gadget 0x453ec8
Stack change: 0xa70
Changed registers: x21 sp 
Register dependencies:

Gadget 0x453ecc
Stack change: 0xa70
Changed registers: sp 
Register dependencies:

Gadget 0x453ef4
Stack change: 0xa70
Changed registers: x0 x19 x20 x21 sp 
Register dependencies:

Gadget 0x45400c
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454010
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454014
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454148
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x45414c
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454150
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454450
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x454454
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x454458
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x45445c
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x4570d4
Stack change: 0x2fd5a
Changed registers: sp x29 x30 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4570d8
Stack change: 0x2fd5a
Changed registers: sp x29 x30 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4570dc
Stack change: 0x2fd7a
Changed registers: x29 x30 sp 
Register dependencies:

EOF
RUN

NAME=search rop gadgets given the detailed stack change (>=0x1)
FILE=bins/arm/elf/hello-linux-arm64
CMDS=<<EOF
/Rs ">=0x1"
EOF
EXPECT=<<EOF
Gadget 0x400ff4
Stack change: 0x651
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x401a1c
Stack change: 0x4b0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x401a20
Stack change: 0x4b0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x401a24
Stack change: 0x4b0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x401a28
Stack change: 0x4b0
Changed registers: sp 
Register dependencies:

Gadget 0x402438
Stack change: 0x970
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x40243c
Stack change: 0x970
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x402440
Stack change: 0x970
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x402444
Stack change: 0x970
Changed registers: sp 
Register dependencies:

Gadget 0x403d94
Stack change: 0x600
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x403d98
Stack change: 0x600
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x403d9c
Stack change: 0x600
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x403da0
Stack change: 0x600
Changed registers: sp 
Register dependencies:

Gadget 0x405c5c
Stack change: 0x2180
Changed registers: x19 x20 x12 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c60
Stack change: 0x2180
Changed registers: x12 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c64
Stack change: 0x2180
Changed registers: x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x405c68
Stack change: 0x2180
Changed registers: sp 
Register dependencies:
Var Read: x12

Gadget 0x4098e8
Stack change: 0x2180
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x4098ec
Stack change: 0x2180
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x4098f0
Stack change: 0x2180
Changed registers: x27 x28 sp 
Register dependencies:
Var Read: x12

Gadget 0x412714
Stack change: 0x460
Changed registers: x0 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x20

Gadget 0x412718
Stack change: 0x460
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:

Gadget 0x41271c
Stack change: 0x460
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x412720
Stack change: 0x460
Changed registers: sp 
Register dependencies:

Gadget 0x4128f4
Stack change: 0x470
Changed registers: x19 x20 x21 x22 x25 sp 
Register dependencies:

Gadget 0x4128f8
Stack change: 0x470
Changed registers: x21 x22 x25 sp 
Register dependencies:

Gadget 0x4128fc
Stack change: 0x470
Changed registers: x25 sp 
Register dependencies:

Gadget 0x412900
Stack change: 0x470
Changed registers: sp 
Register dependencies:

Gadget 0x4129a8
Stack change: 0x1030
Changed registers: x29 x30 x12 x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129ac
Stack change: 0x1030
Changed registers: x12 x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129b0
Stack change: 0x1030
Changed registers: x19 sp 
Register dependencies:
Var Read: x12

Gadget 0x4129dc
Stack change: 0x1e861
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x412a1c
Stack change: 0x1e8c1
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x413234
Stack change: 0x470
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x413238
Stack change: 0x470
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x41323c
Stack change: 0x470
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x41503c
Stack change: 0x20ac1
Changed registers: x0 x29 x30 sp 
Register dependencies:
Var Read: x30

Gadget 0x415040
Stack change: 0x20ad1
Changed registers: x29 x30 sp 
Register dependencies:

Gadget 0x421ecc
Stack change: 0xb0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x421ed0
Stack change: 0xb0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x421ed4
Stack change: 0xb0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x421ed8
Stack change: 0xb0
Changed registers: sp 
Register dependencies:

Gadget 0x4236e8
Stack change: 0x250
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4236ec
Stack change: 0x250
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4236f0
Stack change: 0x250
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x4236f4
Stack change: 0x250
Changed registers: sp 
Register dependencies:

Gadget 0x423ee0
Stack change: 0xc0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x423ee4
Stack change: 0xc0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x423ee8
Stack change: 0xc0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x423eec
Stack change: 0xc0
Changed registers: sp 
Register dependencies:

Gadget 0x4249c4
Stack change: 0x7c0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4249c8
Stack change: 0x7c0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4249cc
Stack change: 0x7c0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x4249d0
Stack change: 0x7c0
Changed registers: sp 
Register dependencies:

Gadget 0x425aa8
Stack change: 0x4b0
Changed registers: x29 x30 x25 x26 sp 
Register dependencies:

Gadget 0x425aac
Stack change: 0x4b0
Changed registers: x29 x30 x25 x26 sp 
Register dependencies:

Gadget 0x42f3a4
Stack change: 0x2c730
Changed registers: x2 x30 x29 sp 
Register dependencies:

Gadget 0x42f538
Stack change: 0x2cd30
Changed registers: x3 x30 x29 sp 
Register dependencies:

Gadget 0x434d0c
Stack change: 0x870
Changed registers: x23 x24 x25 x26 x27 sp 
Register dependencies:

Gadget 0x434d10
Stack change: 0x870
Changed registers: x25 x26 x27 sp 
Register dependencies:

Gadget 0x434d14
Stack change: 0x870
Changed registers: x27 sp 
Register dependencies:

Gadget 0x434d18
Stack change: 0x870
Changed registers: sp 
Register dependencies:

Gadget 0x435dc0
Stack change: 0x8a0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x435dc4
Stack change: 0x8a0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x435dc8
Stack change: 0x8a0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x435dcc
Stack change: 0x8a0
Changed registers: sp 
Register dependencies:

Gadget 0x43bfe4
Stack change: 0x420
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43bfe8
Stack change: 0x420
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43bfec
Stack change: 0x420
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43bff0
Stack change: 0x420
Changed registers: sp 
Register dependencies:

Gadget 0x43ce34
Stack change: 0x110
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43ce38
Stack change: 0x110
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43ce3c
Stack change: 0x110
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43ce40
Stack change: 0x110
Changed registers: sp 
Register dependencies:

Gadget 0x43d72c
Stack change: 0x110
Changed registers: x27 x28 x21 x22 sp 
Register dependencies:

Gadget 0x43d730
Stack change: 0x110
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x43d734
Stack change: 0x110
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x43e850
Stack change: 0x1030
Changed registers: x29 x30 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x43e854
Stack change: 0x1030
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x12

Gadget 0x43e8f4
Stack change: 0x1030
Changed registers: x0 x19 x20 x21 x22 sp 
Register dependencies:
Var Read: x21
Var Read: x12

Gadget 0x43ea9c
Stack change: 0x490
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43eaa0
Stack change: 0x490
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43eaa4
Stack change: 0x490
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43eaa8
Stack change: 0x490
Changed registers: sp 
Register dependencies:

Gadget 0x43f618
Stack change: 0x2e0
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43f61c
Stack change: 0x2e0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x43f620
Stack change: 0x2e0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x43f624
Stack change: 0x2e0
Changed registers: sp 
Register dependencies:

Gadget 0x43fe5c
Stack change: 0x3c631
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x4422d0
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Memory Read: x0 Value: 0x7
Var Read: x1
Var Read: x0

Gadget 0x4422d4
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Var Read: x1
Var Read: x0

Gadget 0x4422d8
Stack change: 0x10
Changed registers: x0 x1 sp 
Register dependencies:
Var Read: x1
Var Read: x0

Gadget 0x4422dc
Stack change: 0x10
Changed registers: x1 sp 
Register dependencies:

Gadget 0x4472f4
Stack change: 0x5f0
Changed registers: x21 x22 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4472f8
Stack change: 0x5f0
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x4472fc
Stack change: 0x5f0
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x447300
Stack change: 0x5f0
Changed registers: sp 
Register dependencies:

Gadget 0x4492dc
Stack change: 0x8280
Changed registers: x12 x21 x22 x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x4492e0
Stack change: 0x8280
Changed registers: x21 x22 x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x4492e4
Stack change: 0x8280
Changed registers: x23 x24 sp 
Register dependencies:
Var Read: x12

Gadget 0x44a0f8
Stack change: 0x1a411
Changed registers: x0 x29 x30 
Register dependencies:
Var Read: x0
Var write: x0 Initial value: 0x16 New Value: 0xfffff5ca

Gadget 0x44bf40
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf44
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf48
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x44bf4c
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x450520
Stack change: 0x520
Changed registers: x23 x24 x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x450524
Stack change: 0x520
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:

Gadget 0x450528
Stack change: 0x520
Changed registers: x27 x28 sp 
Register dependencies:

Gadget 0x45052c
Stack change: 0x520
Changed registers: sp 
Register dependencies:

Gadget 0x451974
Stack change: 0x1d9e1
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x451a08
Stack change: 0x1da11
Changed registers: x29 x30 x0 sp 
Register dependencies:

Gadget 0x451ff4
Stack change: 0x260
Changed registers: x21 x22 x23 x24 x25 sp 
Register dependencies:

Gadget 0x451ff8
Stack change: 0x260
Changed registers: x23 x24 x25 sp 
Register dependencies:

Gadget 0x451ffc
Stack change: 0x260
Changed registers: x25 sp 
Register dependencies:

Gadget 0x452000
Stack change: 0x260
Changed registers: sp 
Register dependencies:

Gadget 0x452438
Stack change: 0x260
Changed registers: x29 x30 x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x45243c
Stack change: 0x260
Changed registers: x29 x30 x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x452440
Stack change: 0x260
Changed registers: x0 sp 
Register dependencies:
Var Read: x3

Gadget 0x452848
Stack change: 0x450
Changed registers: x25 x26 x27 x28 sp 
Register dependencies:
Memory Write: x0 Initial Value: 0xffffffffffffffff New Value: 0x0
Memory Write: x1 Initial Value: 0xffffffffffffffff New Value: 0x0

Gadget 0x45284c
Stack change: 0x450
Changed registers: x27 x28 sp 
Register dependencies:
Memory Write: x0 Initial Value: 0x0 New Value: 0x0
Memory Write: x1 Initial Value: 0x0 New Value: 0x0

Gadget 0x452850
Stack change: 0x450
Changed registers: sp 
Register dependencies:
Memory Write: x0 Initial Value: 0x0 New Value: 0x0
Memory Write: x1 Initial Value: 0x0 New Value: 0x0

Gadget 0x452854
Stack change: 0x450
Changed registers: sp 
Register dependencies:

Gadget 0x4538c0
Stack change: 0x6d0
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:
Memory Write: x21 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff
Memory Write: x19 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4538c4
Stack change: 0x6d0
Changed registers: x19 x20 x21 x22 sp 
Register dependencies:

Gadget 0x4538c8
Stack change: 0x6d0
Changed registers: x21 x22 sp 
Register dependencies:

Gadget 0x4538cc
Stack change: 0x6d0
Changed registers: sp 
Register dependencies:

Gadget 0x453b0c
Stack change: 0x6c0
Changed registers: x19 x20 x21 x22 x23 x24 sp 
Register dependencies:

Gadget 0x453b10
Stack change: 0x6c0
Changed registers: x21 x22 x23 x24 sp 
Register dependencies:

Gadget 0x453b14
Stack change: 0x6c0
Changed registers: x23 x24 sp 
Register dependencies:

Gadget 0x453b18
Stack change: 0x6c0
Changed registers: sp 
Register dependencies:

Gadget 0x453c44
Stack change: 0x6d0
Changed registers: x21 x22 x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x453c48
Stack change: 0x6d0
Changed registers: x23 x24 x25 x26 sp 
Register dependencies:

Gadget 0x453c4c
Stack change: 0x6d0
Changed registers: x25 x26 sp 
Register dependencies:

Gadget 0x453d48
Stack change: 0x247a1
Changed registers: sp x29 x30 x0 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0x453ce8
Memory Read: x0 Value: 0x318

Gadget 0x453ec0
Stack change: 0xa70
Changed registers: x29 x30 x19 x20 x21 sp 
Register dependencies:

Gadget 0x453ec4
Stack change: 0xa70
Changed registers: x19 x20 x21 sp 
Register dependencies:

Gadget 0x453ec8
Stack change: 0xa70
Changed registers: x21 sp 
Register dependencies:

Gadget 0x453ecc
Stack change: 0xa70
Changed registers: sp 
Register dependencies:

Gadget 0x453ef4
Stack change: 0xa70
Changed registers: x0 x19 x20 x21 sp 
Register dependencies:

Gadget 0x45400c
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454010
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454014
Stack change: 0xebf
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454148
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x45414c
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454150
Stack change: 0x84f
Changed registers: sp 
Register dependencies:
Var Read: x4

Gadget 0x454450
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x454454
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x454458
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x45445c
Stack change: 0xae0
Changed registers: sp 
Register dependencies:

Gadget 0x4570d4
Stack change: 0x2fd5a
Changed registers: sp x29 x30 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4570d8
Stack change: 0x2fd5a
Changed registers: sp x29 x30 
Register dependencies:
Memory Write: x30 Initial Value: 0xffffffffffffffff New Value: 0xffffffffffffffff

Gadget 0x4570dc
Stack change: 0x2fd7a
Changed registers: x29 x30 sp 
Register dependencies:

EOF
RUN

NAME=search rop gadgets given the detailed gadget size (=4)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rl "=4"
echo "================================"
/R | grep -A 8 0x00000900
echo "================================"
/R | grep -A 8 0x00000934
echo "================================"
/R | grep -A 8 0x00000c10
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

================================
  0x00000900           4bbbd1e9  ldmib r1, {r0, r1, r3, r6, r8, sb, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000934           7bb9d1e9  ldmib r1, {r0, r1, r3, r4, r5, r6, r8, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000c08           0830002b  blhs 0xcc30
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
================================
  0x00000934           7bb9d1e9  ldmib r1, {r0, r1, r3, r4, r5, r6, r8, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000c08           0830002b  blhs 0xcc30
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
================================
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 8

  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 4

  0x000010cc           204603b0  andlt r4, r3, r0, lsr 12
  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20
EOF
RUN

NAME=search rop gadgets given the detailed gadget size (<10)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rl "<10"
echo "================================"
/R | grep -A 8 0x00000900
echo "================================"
/R | grep -A 8 0x00000934
echo "================================"
/R | grep -A 8 0x00000c0c
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc0c
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d8
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1120
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1894
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ed8
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

================================
  0x00000900           4bbbd1e9  ldmib r1, {r0, r1, r3, r6, r8, sb, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000934           7bb9d1e9  ldmib r1, {r0, r1, r3, r4, r5, r6, r8, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000c08           0830002b  blhs 0xcc30
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
================================
  0x00000934           7bb9d1e9  ldmib r1, {r0, r1, r3, r4, r5, r6, r8, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000c08           0830002b  blhs 0xcc30
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
================================
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 8

  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 4

  0x000010cc           204603b0  andlt r4, r3, r0, lsr 12
  0x000010d0           bde8f08f  svchi 0xf0e8bd
EOF
RUN

NAME=search rop gadgets given the detailed gadget size (<=10)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rl "<=10"
echo "================================"
/R | grep -A 8 0x00000900
echo "================================"
/R | grep -A 8 0x000010d8
echo "================================"
/R | grep -A 8 0x00001edc
EOF
EXPECT=<<EOF
Gadget 0x900
Stack change: 0x0
Changed registers: r0 r1 r3 r6 r8 r9 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x4

Gadget 0x934
Stack change: 0x0
Changed registers: r0 r1 r3 r4 r5 r6 r8 r11 r12 sp 
Register dependencies:
Memory Read: r1 Value: 0x80007ab

Gadget 0xc0c
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0xc10
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d8
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1120
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1894
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ed8
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1edc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

================================
  0x00000900           4bbbd1e9  ldmib r1, {r0, r1, r3, r6, r8, sb, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000934           7bb9d1e9  ldmib r1, {r0, r1, r3, r4, r5, r6, r8, fp, ip, sp, pc} ^
Gadget size: 4

  0x00000c08           0830002b  blhs 0xcc30
  0x00000c0c           e7d10020  andhs sp, r0, r7, ror 3
  0x00000c10           03b0bde8  pop {r0, r1, ip, sp, pc}
================================
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16

  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 8

  0x00001118           01025a60  subsvs r0, sl, r1, lsl 4
  0x0000111c           00f05efb  blx 0x17bd126
  0x00001120           08342046  strtmi r3, [r0], -r8, lsl 8
  0x00001124           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16
================================
  0x00001edc           02b0bde8  pop {r1, ip, sp, pc}
Gadget size: 20

  0x00001ed0           b1f90c00  strheq pc, [ip], -r1
  0x00001ed4           08b902b0  andlt fp, r2, r8, lsl 18
  0x00001ed8           10bd2046  qadd16mi fp, r0, r0
  0x00001edc           02b0bde8  pop {r1, ip, sp, pc}
Gadget size: 16

  0x00001ed4           08b902b0  andlt fp, r2, r8, lsl 18
  0x00001ed8           10bd2046  qadd16mi fp, r0, r0
  0x00001edc           02b0bde8  pop {r1, ip, sp, pc}
Gadget size: 12

  0x00001ed8           10bd2046  qadd16mi fp, r0, r0
  0x00001edc           02b0bde8  pop {r1, ip, sp, pc}
Gadget size: 8

  0x00001edc           02b0bde8  pop {r1, ip, sp, pc}
Gadget size: 4

EOF
RUN

NAME=search rop gadgets given the detailed gadget size (>10)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rl ">10"
echo "================================"
/R | grep -A 8 0x000010cc
echo "================================"
/R | grep -A 8 0x000010d0
echo "================================"
/R | grep -A 8 0x000010d4
EOF
EXPECT=<<EOF
Gadget 0xc08
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10cc
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d0
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d4
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1118
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x111c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x125c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1260
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1264
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1890
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ecc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed0
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed4
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

================================
  0x000010cc           204603b0  andlt r4, r3, r0, lsr 12
  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
================================
  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16

  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
================================
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16

  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 8

EOF
RUN

NAME=search rop gadgets given the detailed gadget size (>=10)
FILE=bins/arm/crackme.arm32.bin
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
/Rl ">=10"
echo "================================"
/R | grep -A 8 0x000010cc
echo "================================"
/R | grep -A 8 0x000010d0
echo "================================"
/R | grep -A 8 0x000010d4
EOF
EXPECT=<<EOF
Gadget 0xc08
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10cc
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d0
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x10d4
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1118
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x111c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x125c
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1260
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1264
Stack change: 0x0
Changed registers: lr r0 r1 r12 sp 
Register dependencies:

Gadget 0x1890
Stack change: 0x0
Changed registers: r0 r1 r12 sp 
Register dependencies:

Gadget 0x1ecc
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed0
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

Gadget 0x1ed4
Stack change: 0x0
Changed registers: r1 r12 sp 
Register dependencies:

================================
  0x000010cc           204603b0  andlt r4, r3, r0, lsr 12
  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
================================
  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16

  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
================================
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 20

  0x000010d0           bde8f08f  svchi 0xf0e8bd
  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 16

  0x000010d4           00240c23  movwhs r2, 0xc400
  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 12

  0x000010d8           20462b60  eorvs r4, fp, r0, lsr 12
  0x000010dc           03b0bde8  pop {r0, r1, ip, sp, pc}
Gadget size: 8

EOF
RUN

NAME=/Rk constraint filtering
FILE=bins/elf/analysis/x86-helloworld-phdr
ARGS=-n
CMDS=<<EOF
e asm.arch=x86
e asm.bits=32
/Rk eax=1
/Rk ecx=0
/Rk eax=1,ecx=0
echo "Expected no results for eax=0"
/Rk eax=0
echo "Testing MOV_OP_CONST"
/Rk eax+=1
echo "Testing MOV_OP_REG"
/Rk eax=ebx+ecx
/Rk invalidconstraint
EOF
EXPECT=<<EOF
  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

  0x000000b7               0100  add dword [eax], eax
  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 12

  0x000000b9               0000  add byte [eax], al
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 10

  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 8

  0x000000b4               cd80  int 0x80
  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 15

  0x000000b6         b801000000  mov eax, 0x01
  0x000000bb         b900000000  mov ecx, 0x00
  0x000000c0               cd80  int 0x80
  0x000000c2                 c3  ret
Gadget size: 13

Expected no results for eax=0
Testing MOV_OP_CONST
Testing MOV_OP_REG
EOF
RUN

NAME=/Rgl test
FILE=bins/elf/crackme0x05
CMDS=<<EOF
aaa
/Rgl
EOF
EXPECT=<<EOF
Gadget 0x8048275 (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x08048275  6f               outsd         | Stack change: 0x4
  0x08048276  6e               outsb         | Modified regs: edi esp
  0x08048277  5f               pop edi       | Dependencies:  esp esp
  0x08048278  7374             jnb 0x80482ee | 
  0x0804827a  61               popad         | 

Gadget 0x8048276 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048276  6e               outsb         | Stack change: 0x4
  0x08048277  5f               pop edi       | Modified regs: edi esp
  0x08048278  7374             jnb 0x80482ee | Dependencies:  esp esp
  0x0804827a  61               popad         | 

Gadget 0x8048277 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048277  5f               pop edi       | Stack change: 0x4
  0x08048278  7374             jnb 0x80482ee | Modified regs: edi esp
  0x0804827a  61               popad         | Dependencies:  esp esp

Gadget 0x8048278 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048278  7374             jnb 0x80482ee | Stack change: 0x0
  0x0804827a  61               popad         | Modified regs: 

Gadget 0x804827a (size 1 bytes)
------------------------------------------------------------------------------------------------------
  0x0804827a  61               popad | Stack change: 0x0

Gadget 0x8048292 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048292  7363             jnb 0x80482f7 | Stack change: 0x0
  0x08048294  61               popad         | Modified regs: 

Gadget 0x80482b0 (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b0  62635f           bound esp, qword [ebx+0x5f] | Stack change: 0x0
  0x080482b3  7374             jnb 0x8048329               | Modified regs: 
  0x080482b5  61               popad                       | Dependencies:  ebx esp ebx

Gadget 0x80482af (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x080482af  6962635f737461   imul esp, dword [edx+0x63], 0x6174735f | Stack change: 0x4
  0x080482b6  7274             jb 0x804832c                           | Modified regs: esp edi
  0x080482b8  5f               pop edi                                | Dependencies:  edx edx esp esp
  0x080482b9  6d               insd                                   | 
  0x080482ba  61               popad                                  | 

Gadget 0x80482b4 (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b4  7461             jz 0x8048317 | Stack change: 0x4
  0x080482b6  7274             jb 0x804832c | Modified regs: edi esp
  0x080482b8  5f               pop edi      | Dependencies:  esp esp
  0x080482b9  6d               insd         | 
  0x080482ba  61               popad        | 

Gadget 0x80482b6 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b6  7274             jb 0x804832c | Stack change: 0x4
  0x080482b8  5f               pop edi      | Modified regs: edi esp
  0x080482b9  6d               insd         | Dependencies:  esp esp
  0x080482ba  61               popad        | 

Gadget 0x80482b7 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b7  745f             jz 0x8048318 | Stack change: 0x0
  0x080482b9  6d               insd         | Modified regs: 
  0x080482ba  61               popad        | Dependencies:  

Gadget 0x80482b8 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b8  5f               pop edi | Stack change: 0x4
  0x080482b9  6d               insd    | Modified regs: edi esp
  0x080482ba  61               popad   | Dependencies:  esp esp

Gadget 0x80482b9 (size 2 bytes)
------------------------------------------------------------------------------------------------------
  0x080482b9  6d               insd  | Stack change: 0x0
  0x080482ba  61               popad | Modified regs: 

Gadget 0x8048349 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048349  0100             add dword [eax], eax | Stack change: 0x0
  0x0804834b  00e8             add al, ch           | Modified regs: eax
  0x0804834d  cf               iretd                | Dependencies:  eax eax eax eax ecx

Gadget 0x804834b (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x0804834b  00e8             add al, ch | Stack change: 0x0
  0x0804834d  cf               iretd      | Modified regs: eax

Gadget 0x804834d (size 1 bytes)
------------------------------------------------------------------------------------------------------
  0x0804834d  cf               iretd | Stack change: 0x0

Gadget 0x8048342 (size 17 bytes)
------------------------------------------------------------------------------------------------------
  0x08048342  e8ad000000       call 0x80483f4 | Stack change: 0x8
  0x08048347  e804010000       call 0x8048450 | Modified regs: esp ebp
  0x0804834c  e8cf020000       call 0x8048620 | Dependencies:  esp esp esp ebp esp esp esp esp
  0x08048351  c9               leave          | 
  0x08048352  c3               ret            | 

Gadget 0x8048345 (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x08048345  0000             add byte [eax], al | Stack change: 0x8
  0x08048347  e804010000       call 0x8048450     | Modified regs: esp ebp
  0x0804834c  e8cf020000       call 0x8048620     | Dependencies:  eax eax eax esp esp ebp esp esp esp esp
  0x08048351  c9               leave              | 
  0x08048352  c3               ret                | 

Gadget 0x8048347 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048347  e804010000       call 0x8048450 | Stack change: 0x8
  0x0804834c  e8cf020000       call 0x8048620 | Modified regs: esp ebp
  0x08048351  c9               leave          | Dependencies:  esp esp ebp esp esp esp esp
  0x08048352  c3               ret            | 

Gadget 0x8048348 (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x08048348  0401             add al, 0x01       | Stack change: 0x8
  0x0804834a  0000             add byte [eax], al | Modified regs: eax esp ebp
  0x0804834c  e8cf020000       call 0x8048620     | Dependencies:  eax eax eax eax esp ebp esp esp esp esp
  0x08048351  c9               leave              | 
  0x08048352  c3               ret                | 

Gadget 0x804834a (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x0804834a  0000             add byte [eax], al | Stack change: 0x8
  0x0804834c  e8cf020000       call 0x8048620     | Modified regs: esp ebp
  0x08048351  c9               leave              | Dependencies:  eax eax eax esp ebp esp esp esp esp
  0x08048352  c3               ret                | 

Gadget 0x804834c (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804834c  e8cf020051       call 0x59048620 | Stack change: 0x0
  0x08048351  83               invalid         | Modified regs: esp eax
  0x08048352  04               invalid         | Dependencies:  esp ecx eax ecx eax eax

Gadget 0x80483fa (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x080483fa  0000             add byte [eax], al      | Stack change: 0x4
  0x080483fc  005b81           add byte [ebx-0x7f], bl | Modified regs: esp
  0x080483ff  c3               ret                     | Dependencies:  eax eax eax ebx ebx ebx esp esp

Gadget 0x80483fc (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x080483fc  005b81           add byte [ebx-0x7f], bl | Stack change: 0x4
  0x080483ff  c3               ret                     | Modified regs: esp

Gadget 0x804840a (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x0804840a  ff85c07402ff     inc dword [ebp-0xfd8b40]  | Stack change: 0x8
  0x08048410  d0585b           rcr byte [eax+0x5b], 0x01 | Modified regs: esp ebp
  0x08048413  c9               leave                     | Dependencies:  ebp ebp eax eax ebp esp esp esp esp
  0x08048414  c3               ret                       | 

Gadget 0x804840c (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x0804840c  c07402ffd0       shl byte [edx+eax*1-0x01], 0xd0 | Stack change: 0x10
  0x08048411  58               pop eax                         | Modified regs: eax esp ebx ebp
  0x08048412  5b               pop ebx                         | Dependencies:  eax edx eax edx esp esp esp esp ebp esp esp esp esp
  0x08048413  c9               leave                           | 
  0x08048414  c3               ret                             | 

Gadget 0x804840e (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804840e  02ff             add bh, bh                | Stack change: 0x8
  0x08048410  d0585b           rcr byte [eax+0x5b], 0x01 | Modified regs: ebx esp ebp
  0x08048413  c9               leave                     | Dependencies:  ebx eax eax ebp esp esp esp esp
  0x08048414  c3               ret                       | 

Gadget 0x804840f (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x0804840f  ffd0             call eax | Stack change: 0x10
  0x08048411  58               pop eax  | Modified regs: esp eax ebx ebp
  0x08048412  5b               pop ebx  | Dependencies:  esp esp esp esp esp ebp esp esp esp esp
  0x08048413  c9               leave    | 
  0x08048414  c3               ret      | 

Gadget 0x8048410 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048410  d0585b           rcr byte [eax+0x5b], 0x01 | Stack change: 0x8
  0x08048413  c9               leave                     | Modified regs: esp ebp
  0x08048414  c3               ret                       | Dependencies:  eax eax ebp esp esp esp esp

Gadget 0x8048411 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048411  58               pop eax | Stack change: 0x10
  0x08048412  5b               pop ebx | Modified regs: eax esp ebx ebp
  0x08048413  c9               leave   | Dependencies:  esp esp esp esp ebp esp esp esp esp
  0x08048414  c3               ret     | 

Gadget 0x8048412 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048412  5b               pop ebx | Stack change: 0xc
  0x08048413  c9               leave   | Modified regs: ebx esp ebp
  0x08048414  c3               ret     | Dependencies:  esp esp ebp esp esp esp esp

Gadget 0x804843f (size 16 bytes)
------------------------------------------------------------------------------------------------------
  0x0804843f  088b1085d275     or byte [ebx+0x75d28510], cl | Stack change: 0x4
  0x08048445  ebc6             jmp 0x804840d                | Modified regs: eax ecx esp
  0x08048447  0524a00408       add eax, 0x804a024           | Dependencies:  ebx ebx ecx eax ecx esp esp
  0x0804844c  01c9             add ecx, ecx                 | 
  0x0804844e  c3               ret                          | 

Gadget 0x8048441 (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x08048441  1085d275ebc6     adc byte [ebp-0x39148a2e], al | Stack change: 0x4
  0x08048447  0524a00408       add eax, 0x804a024            | Modified regs: eax ecx esp
  0x0804844c  01c9             add ecx, ecx                  | Dependencies:  ebp ebp eax eax ecx esp esp
  0x0804844e  c3               ret                           | 

Gadget 0x8048442 (size 13 bytes)
------------------------------------------------------------------------------------------------------
  0x08048442  85d2             test edx, edx              | Stack change: 0x8
  0x08048444  75eb             jnz 0x8048431              | Modified regs: esp ebp
  0x08048446  c60524a0040801   mov byte [0x804a024], 0x01 | Dependencies:  ebp esp esp esp esp
  0x0804844d  c9               leave                      | 
  0x0804844e  c3               ret                        | 

Gadget 0x8048443 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048443  d275eb           shl byte [ebp-0x15], cl    | Stack change: 0x8
  0x08048446  c60524a0040801   mov byte [0x804a024], 0x01 | Modified regs: esp ebp
  0x0804844d  c9               leave                      | Dependencies:  ebp ebp ecx ebp esp esp esp esp
  0x0804844e  c3               ret                        | 

Gadget 0x8048444 (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x08048444  75eb             jnz 0x8048431              | Stack change: 0x8
  0x08048446  c60524a0040801   mov byte [0x804a024], 0x01 | Modified regs: esp ebp
  0x0804844d  c9               leave                      | Dependencies:  ebp esp esp esp esp
  0x0804844e  c3               ret                        | 

Gadget 0x8048445 (size 10 bytes)
------------------------------------------------------------------------------------------------------
  0x08048445  ebc6             jmp 0x804840d      | Stack change: 0x4
  0x08048447  0524a00408       add eax, 0x804a024 | Modified regs: eax ecx esp
  0x0804844c  01c9             add ecx, ecx       | Dependencies:  eax ecx esp esp
  0x0804844e  c3               ret                | 

Gadget 0x8048446 (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x08048446  c60524a0040801   mov byte [0x804a024], 0x01 | Stack change: 0x8
  0x0804844d  c9               leave                      | Modified regs: esp ebp
  0x0804844e  c3               ret                        | Dependencies:  ebp esp esp esp esp

Gadget 0x8048447 (size 8 bytes)
------------------------------------------------------------------------------------------------------
  0x08048447  0524a00408       add eax, 0x804a024 | Stack change: 0x4
  0x0804844c  01c9             add ecx, ecx       | Modified regs: eax ecx esp
  0x0804844e  c3               ret                | Dependencies:  eax ecx esp esp

Gadget 0x8048448 (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x08048448  24a0             and al, 0xa0 | Stack change: 0x4
  0x0804844a  0408             add al, 0x08 | Modified regs: eax ecx esp
  0x0804844c  01c9             add ecx, ecx | Dependencies:  eax eax eax ecx esp esp
  0x0804844e  c3               ret          | 

Gadget 0x8048449 (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x08048449  a0040801c9       mov al, byte [0xc9010804] | Stack change: 0x4
  0x0804844e  c3               ret                       | Modified regs: eax esp

Gadget 0x804844a (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x0804844a  0408             add al, 0x08 | Stack change: 0x4
  0x0804844c  01c9             add ecx, ecx | Modified regs: eax ecx esp
  0x0804844e  c3               ret          | Dependencies:  eax ecx esp esp

Gadget 0x804844b (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x0804844b  0801             or byte [ecx], al | Stack change: 0x8
  0x0804844d  c9               leave             | Modified regs: esp ebp
  0x0804844e  c3               ret               | Dependencies:  ecx ecx eax ebp esp esp esp esp

Gadget 0x804844c (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x0804844c  01c9             add ecx, ecx | Stack change: 0x4
  0x0804844e  c3               ret          | Modified regs: ecx esp

Gadget 0x804846f (size 19 bytes)
------------------------------------------------------------------------------------------------------
  0x0804846f  e88c7bfbf7       call 0x0             | Stack change: 0x8
  0x08048474  8db600000000     lea esi, dword [esi] | Modified regs: esp esi edi ebp
  0x0804847a  8dbf00000000     lea edi, dword [edi] | Dependencies:  esp esi edi ebp esp esp esp esp
  0x08048480  c9               leave                | 
  0x08048481  c3               ret                  | 

Gadget 0x8048471 (size 17 bytes)
------------------------------------------------------------------------------------------------------
  0x08048471  7bfb             jnp 0x804846e                   | Stack change: 0x4
  0x08048473  f78db6000000008dbf00 test dword [ebp+0xb6], 0xbf8d00 | Modified regs: ecx esp
  0x0804847d  0000             add byte [eax], al              | Dependencies:  ebp eax eax eax ecx esp esp
  0x0804847f  00c9             add cl, cl                      | 
  0x08048481  c3               ret                             | 

Gadget 0x8048472 (size 16 bytes)
------------------------------------------------------------------------------------------------------
  0x08048472  fb               sti                             | Stack change: 0x4
  0x08048473  f78db6000000008dbf00 test dword [ebp+0xb6], 0xbf8d00 | Modified regs: ecx esp
  0x0804847d  0000             add byte [eax], al              | Dependencies:  ebp eax eax eax ecx esp esp
  0x0804847f  00c9             add cl, cl                      | 
  0x08048481  c3               ret                             | 

Gadget 0x8048473 (size 15 bytes)
------------------------------------------------------------------------------------------------------
  0x08048473  f78db6000000008dbf00 test dword [ebp+0xb6], 0xbf8d00 | Stack change: 0x4
  0x0804847d  0000             add byte [eax], al              | Modified regs: ecx esp
  0x0804847f  00c9             add cl, cl                      | Dependencies:  ebp eax eax eax ecx esp esp
  0x08048481  c3               ret                             | 

Gadget 0x8048474 (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x08048474  8db600000000     lea esi, dword [esi] | Stack change: 0x8
  0x0804847a  8dbf00000000     lea edi, dword [edi] | Modified regs: esi edi esp ebp
  0x08048480  c9               leave                | Dependencies:  esi edi ebp esp esp esp esp
  0x08048481  c3               ret                  | 

Gadget 0x8048475 (size 13 bytes)
------------------------------------------------------------------------------------------------------
  0x08048475  b600             mov dh, 0x00            | Stack change: 0x4
  0x08048477  0000             add byte [eax], al      | Modified regs: edx ecx esp
  0x08048479  008dbf000000     add byte [ebp+0xbf], cl | Dependencies:  edx eax eax eax ebp ebp ecx ecx esp esp
  0x0804847f  00c9             add cl, cl              | 
  0x08048481  c3               ret                     | 

Gadget 0x8048476 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048476  0000             add byte [eax], al   | Stack change: 0x8
  0x08048478  0000             add byte [eax], al   | Modified regs: edi esp ebp
  0x0804847a  8dbf00000000     lea edi, dword [edi] | Dependencies:  eax eax eax eax eax eax edi ebp esp esp esp esp
  0x08048480  c9               leave                | 
  0x08048481  c3               ret                  | 

Gadget 0x8048477 (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x08048477  0000             add byte [eax], al      | Stack change: 0x4
  0x08048479  008dbf000000     add byte [ebp+0xbf], cl | Modified regs: ecx esp
  0x0804847f  00c9             add cl, cl              | Dependencies:  eax eax eax ebp ebp ecx ecx esp esp
  0x08048481  c3               ret                     | 

Gadget 0x8048478 (size 10 bytes)
------------------------------------------------------------------------------------------------------
  0x08048478  0000             add byte [eax], al   | Stack change: 0x8
  0x0804847a  8dbf00000000     lea edi, dword [edi] | Modified regs: edi esp ebp
  0x08048480  c9               leave                | Dependencies:  eax eax eax edi ebp esp esp esp esp
  0x08048481  c3               ret                  | 

Gadget 0x8048479 (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x08048479  008dbf000000     add byte [ebp+0xbf], cl | Stack change: 0x4
  0x0804847f  00c9             add cl, cl              | Modified regs: ecx esp
  0x08048481  c3               ret                     | Dependencies:  ebp ebp ecx ecx esp esp

Gadget 0x804847a (size 8 bytes)
------------------------------------------------------------------------------------------------------
  0x0804847a  8dbf00000000     lea edi, dword [edi] | Stack change: 0x8
  0x08048480  c9               leave                | Modified regs: edi esp ebp
  0x08048481  c3               ret                  | Dependencies:  edi ebp esp esp esp esp

Gadget 0x804847b (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804847b  bf00000000       mov edi, 0x00 | Stack change: 0x8
  0x08048480  c9               leave         | Modified regs: edi esp ebp
  0x08048481  c3               ret           | Dependencies:  ebp esp esp esp esp

Gadget 0x804847c (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x0804847c  0000             add byte [eax], al | Stack change: 0x8
  0x0804847e  0000             add byte [eax], al | Modified regs: esp ebp
  0x08048480  c9               leave              | Dependencies:  eax eax eax eax eax eax ebp esp esp esp esp
  0x08048481  c3               ret                | 

Gadget 0x804847d (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x0804847d  0000             add byte [eax], al | Stack change: 0x4
  0x0804847f  00c9             add cl, cl         | Modified regs: ecx esp
  0x08048481  c3               ret                | Dependencies:  eax eax eax ecx esp esp

Gadget 0x80484b5 (size 19 bytes)
------------------------------------------------------------------------------------------------------
  0x080484b5  e8dafeffff       call 0x8048394        | Stack change: 0x8
  0x080484ba  c7042400000000   mov dword [esp], 0x00 | Modified regs: esp ebp
  0x080484c1  e8eefeffff       call 0x80483b4        | Dependencies:  esp esp esp ebp esp esp esp esp
  0x080484c6  c9               leave                 | 
  0x080484c7  c3               ret                   | 

Gadget 0x80484ba (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x080484ba  c7042400000000   mov dword [esp], 0x00 | Stack change: 0x8
  0x080484c1  e8eefeffff       call 0x80483b4        | Modified regs: esp ebp
  0x080484c6  c9               leave                 | Dependencies:  esp esp ebp esp esp esp esp
  0x080484c7  c3               ret                   | 

Gadget 0x80484bd (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x080484bd  0000             add byte [eax], al | Stack change: 0x8
  0x080484bf  0000             add byte [eax], al | Modified regs: esp ebp
  0x080484c1  e8eefeffff       call 0x80483b4     | Dependencies:  eax eax eax eax eax eax esp ebp esp esp esp esp
  0x080484c6  c9               leave              | 
  0x080484c7  c3               ret                | 

Gadget 0x80484bf (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x080484bf  0000             add byte [eax], al | Stack change: 0x8
  0x080484c1  e8eefeffff       call 0x80483b4     | Modified regs: esp ebp
  0x080484c6  c9               leave              | Dependencies:  eax eax eax esp ebp esp esp esp esp
  0x080484c7  c3               ret                | 

Gadget 0x80484c1 (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x080484c1  e8eefeffff       call 0x80483b4 | Stack change: 0x8
  0x080484c6  c9               leave          | Modified regs: esp ebp
  0x080484c7  c3               ret            | Dependencies:  esp ebp esp esp esp esp

Gadget 0x80484c5 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x080484c5  ffc9             dec ecx | Stack change: 0x4
  0x080484c7  c3               ret     | Modified regs: ecx esp

Gadget 0x8048530 (size 16 bytes)
------------------------------------------------------------------------------------------------------
  0x08048530  ebaa             jmp 0x80484dc              | Stack change: 0x8
  0x08048532  c7042479860408   mov dword [esp], 0x8048679 | Modified regs: esp ebp
  0x08048539  e856feffff       call 0x8048394             | Dependencies:  esp esp ebp esp esp esp esp
  0x0804853e  c9               leave                      | 
  0x0804853f  c3               ret                        | 

Gadget 0x8048531 (size 15 bytes)
------------------------------------------------------------------------------------------------------
  0x08048531  aa               stosb                      | Stack change: 0x8
  0x08048532  c7042479860408   mov dword [esp], 0x8048679 | Modified regs: edi esp ebp
  0x08048539  e856feffff       call 0x8048394             | Dependencies:  eax edi edi esp esp ebp esp esp esp esp
  0x0804853e  c9               leave                      | 
  0x0804853f  c3               ret                        | 

Gadget 0x8048532 (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x08048532  c7042479860408   mov dword [esp], 0x8048679 | Stack change: 0x8
  0x08048539  e856feffff       call 0x8048394             | Modified regs: esp ebp
  0x0804853e  c9               leave                      | Dependencies:  esp esp ebp esp esp esp esp
  0x0804853f  c3               ret                        | 

Gadget 0x8048534 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048534  2479             and al, 0x79              | Stack change: 0x8
  0x08048536  860408           xchg byte [eax+ecx*1], al | Modified regs: eax esp ebp
  0x08048539  e856feffff       call 0x8048394            | Dependencies:  eax ecx eax eax ecx eax eax esp ebp esp esp esp esp
  0x0804853e  c9               leave                     | 
  0x0804853f  c3               ret                       | 

Gadget 0x8048535 (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x08048535  7986             jns 0x80484bd  | Stack change: 0x8
  0x08048537  0408             add al, 0x08   | Modified regs: eax esp ebp
  0x08048539  e856feffff       call 0x8048394 | Dependencies:  eax esp ebp esp esp esp esp
  0x0804853e  c9               leave          | 
  0x0804853f  c3               ret            | 

Gadget 0x8048536 (size 10 bytes)
------------------------------------------------------------------------------------------------------
  0x08048536  860408           xchg byte [eax+ecx*1], al | Stack change: 0x8
  0x08048539  e856feffff       call 0x8048394            | Modified regs: eax esp ebp
  0x0804853e  c9               leave                     | Dependencies:  ecx eax eax ecx eax eax esp ebp esp esp esp esp
  0x0804853f  c3               ret                       | 

Gadget 0x8048537 (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x08048537  0408             add al, 0x08   | Stack change: 0x8
  0x08048539  e856feffff       call 0x8048394 | Modified regs: eax esp ebp
  0x0804853e  c9               leave          | Dependencies:  eax esp ebp esp esp esp esp
  0x0804853f  c3               ret            | 

Gadget 0x8048539 (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x08048539  e856feffff       call 0x8048394 | Stack change: 0x8
  0x0804853e  c9               leave          | Modified regs: esp ebp
  0x0804853f  c3               ret            | Dependencies:  esp ebp esp esp esp esp

Gadget 0x804858d (size 15 bytes)
------------------------------------------------------------------------------------------------------
  0x0804858d  890424           mov dword [esp], eax | Stack change: 0x8
  0x08048590  e833ffffff       call 0x80484c8       | Modified regs: esp eax ebp
  0x08048595  b800000000       mov eax, 0x00        | Dependencies:  eax esp esp ebp esp esp esp esp
  0x0804859a  c9               leave                | 
  0x0804859b  c3               ret                  | 

Gadget 0x804858e (size 14 bytes)
------------------------------------------------------------------------------------------------------
  0x0804858e  0424             add al, 0x24   | Stack change: 0x8
  0x08048590  e833ffffff       call 0x80484c8 | Modified regs: eax esp ebp
  0x08048595  b800000000       mov eax, 0x00  | Dependencies:  eax esp ebp esp esp esp esp
  0x0804859a  c9               leave          | 
  0x0804859b  c3               ret            | 

Gadget 0x8048590 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048590  e833ffffff       call 0x80484c8      | Stack change: 0x0
  0x08048595  b800000095       mov eax, 0x95000000 | Modified regs: esp eax
  0x0804859a  85               invalid             | Dependencies:  esp ecx eax eax eax
  0x0804859b  04               invalid             | 

Gadget 0x80485a6 (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x080485a6  f653e8           not byte [ebx-0x18] | Stack change: 0x4
  0x080485a9  6800000081       push 0x81000000     | Modified regs: esp
  0x080485ae  c3               ret                 | Dependencies:  ebx ebx esp esp esp

Gadget 0x80485a9 (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x080485a9  6800000081       push 0x81000000 | Stack change: 0x4
  0x080485ae  c3               ret             | Modified regs: esp

Gadget 0x80485fa (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x080485fa  da83c41c5b5e     fiadd dword [ebx+0x5e5b1cc4] | Stack change: 0xc
  0x08048600  5f               pop edi                      | Modified regs: edi esp ebp
  0x08048601  c9               leave                        | Dependencies:  esp esp ebp esp esp esp esp
  0x08048602  c3               ret                          | 

Gadget 0x80485fc (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x080485fc  c41c5b           les ebx, fword [ebx+ebx*2] | Stack change: 0x10
  0x080485ff  5e               pop esi                    | Modified regs: ebx esi esp edi ebp
  0x08048600  5f               pop edi                    | Dependencies:  ebx esp esp esp esp ebp esp esp esp esp
  0x08048601  c9               leave                      | 
  0x08048602  c3               ret                        | 

Gadget 0x80485fd (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x080485fd  1c5b             sbb al, 0x5b | Stack change: 0x10
  0x080485ff  5e               pop esi      | Modified regs: eax esi esp edi ebp
  0x08048600  5f               pop edi      | Dependencies:  eax esp esp esp esp ebp esp esp esp esp
  0x08048601  c9               leave        | 
  0x08048602  c3               ret          | 

Gadget 0x80485fe (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x080485fe  5b               pop ebx | Stack change: 0x14
  0x080485ff  5e               pop esi | Modified regs: ebx esp esi edi ebp
  0x08048600  5f               pop edi | Dependencies:  esp esp esp esp esp esp ebp esp esp esp esp
  0x08048601  c9               leave   | 
  0x08048602  c3               ret     | 

Gadget 0x80485ff (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x080485ff  5e               pop esi | Stack change: 0x10
  0x08048600  5f               pop edi | Modified regs: esi esp edi ebp
  0x08048601  c9               leave   | Dependencies:  esp esp esp esp ebp esp esp esp esp
  0x08048602  c3               ret     | 

Gadget 0x8048600 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048600  5f               pop edi | Stack change: 0xc
  0x08048601  c9               leave   | Modified regs: edi esp ebp
  0x08048602  c3               ret     | Dependencies:  esp esp ebp esp esp esp esp

Gadget 0x8048609 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x08048609  8dbc2700000000   lea edi, dword [edi] | Stack change: 0xc
  0x08048610  55               push ebp             | Modified regs: edi esp ebp
  0x08048611  89e5             mov ebp, esp         | Dependencies:  edi ebp esp esp ebp esp esp esp esp
  0x08048613  c9               leave                | 
  0x08048614  c3               ret                  | 

Gadget 0x804860a (size 11 bytes)
------------------------------------------------------------------------------------------------------
  0x0804860a  bc27000000       mov esp, 0x27           | Stack change: 0x4
  0x0804860f  005589           add byte [ebp-0x77], dl | Modified regs: esp
  0x08048612  e5c9             in eax, 0xc9            | Dependencies:  ebp ebp edx esp esp
  0x08048614  c3               ret                     | 

Gadget 0x804860d (size 8 bytes)
------------------------------------------------------------------------------------------------------
  0x0804860d  0000             add byte [eax], al      | Stack change: 0x4
  0x0804860f  005589           add byte [ebp-0x77], dl | Modified regs: esp
  0x08048612  e5c9             in eax, 0xc9            | Dependencies:  eax eax eax ebp ebp edx esp esp
  0x08048614  c3               ret                     | 

Gadget 0x804860e (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804860e  0000             add byte [eax], al | Stack change: 0xaa6f6fa3
  0x08048610  55               push ebp           | Modified regs: esp ebp
  0x08048611  89e5             mov ebp, esp       | Dependencies:  eax eax eax ebp esp esp ebp esp esp esp esp
  0x08048613  c9               leave              | 
  0x08048614  c3               ret                | 

Gadget 0x804860f (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x0804860f  005589           add byte [ebp-0x77], dl | Stack change: 0x4
  0x08048612  e5c9             in eax, 0xc9            | Modified regs: esp
  0x08048614  c3               ret                     | Dependencies:  ebp ebp edx esp esp

Gadget 0x8048610 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048610  55               push ebp     | Stack change: 0x3c
  0x08048611  89e5             mov ebp, esp | Modified regs: esp ebp
  0x08048613  c9               leave        | Dependencies:  ebp esp esp ebp esp esp esp esp
  0x08048614  c3               ret          | 

Gadget 0x8048611 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048611  89e5             mov ebp, esp | Stack change: 0x44
  0x08048613  c9               leave        | Modified regs: ebp esp
  0x08048614  c3               ret          | Dependencies:  esp ebp esp esp esp esp

Gadget 0x8048612 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048612  e5c9             in eax, 0xc9 | Stack change: 0x4
  0x08048614  c3               ret          | Modified regs: esp

Gadget 0x8048615 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048615  8b1c24           mov ebx, dword [esp] | Stack change: 0x4
  0x08048618  c3               ret                  | Modified regs: ebx esp

Gadget 0x8048616 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048616  1c24             sbb al, 0x24 | Stack change: 0x4
  0x08048618  c3               ret          | Modified regs: eax esp

Gadget 0x8048639 (size 10 bytes)
------------------------------------------------------------------------------------------------------
  0x08048639  0383f8ff75f4     add eax, dword [ebx-0xb8a0008] | Stack change: 0x10
  0x0804863f  58               pop eax                        | Modified regs: eax esp ebx ebp
  0x08048640  5b               pop ebx                        | Dependencies:  ebx eax esp esp esp esp esp esp esp esp
  0x08048641  5d               pop ebp                        | 
  0x08048642  c3               ret                            | 

Gadget 0x804863c (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804863c  ff75f4           push dword [ebp-0x0c] | Stack change: 0x10
  0x0804863f  58               pop eax               | Modified regs: esp eax ebx ebp
  0x08048640  5b               pop ebx               | Dependencies:  ebp esp esp esp esp esp esp esp esp esp
  0x08048641  5d               pop ebp               | 
  0x08048642  c3               ret                   | 

Gadget 0x804863d (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x0804863d  75f4             jnz 0x8048633 | Stack change: 0x10
  0x0804863f  58               pop eax       | Modified regs: eax esp ebx ebp
  0x08048640  5b               pop ebx       | Dependencies:  esp esp esp esp esp esp esp esp
  0x08048641  5d               pop ebp       | 
  0x08048642  c3               ret           | 

Gadget 0x804863e (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x0804863e  f4               hlt     | Stack change: 0x10
  0x0804863f  58               pop eax | Modified regs: eax esp ebx ebp
  0x08048640  5b               pop ebx | Dependencies:  esp esp esp esp esp esp esp esp
  0x08048641  5d               pop ebp | 
  0x08048642  c3               ret     | 

Gadget 0x804863f (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x0804863f  58               pop eax | Stack change: 0x10
  0x08048640  5b               pop ebx | Modified regs: eax esp ebx ebp
  0x08048641  5d               pop ebp | Dependencies:  esp esp esp esp esp esp esp esp
  0x08048642  c3               ret     | 

Gadget 0x8048640 (size 3 bytes)
------------------------------------------------------------------------------------------------------
  0x08048640  5b               pop ebx | Stack change: 0xc
  0x08048641  5d               pop ebp | Modified regs: ebx esp ebp
  0x08048642  c3               ret     | Dependencies:  esp esp esp esp esp esp

Gadget 0x8048641 (size 2 bytes)
------------------------------------------------------------------------------------------------------
  0x08048641  5d               pop ebp | Stack change: 0x8
  0x08048642  c3               ret     | Modified regs: ebp esp

Gadget 0x8048655 (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x08048655  e8c6fdffff       call 0x8048420 | Stack change: 0x10
  0x0804865a  59               pop ecx        | Modified regs: esp ecx ebx ebp
  0x0804865b  5b               pop ebx        | Dependencies:  esp esp esp esp esp ebp esp esp esp esp
  0x0804865c  c9               leave          | 
  0x0804865d  c3               ret            | 

Gadget 0x8048659 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048659  ff595b           call far fword [ecx+0x5b] | Stack change: 0x8
  0x0804865c  c9               leave                     | Modified regs: esp ebp
  0x0804865d  c3               ret                       | Dependencies:  esp ecx ebp esp esp esp esp

Gadget 0x804865a (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x0804865a  59               pop ecx | Stack change: 0x10
  0x0804865b  5b               pop ebx | Modified regs: ecx esp ebx ebp
  0x0804865c  c9               leave   | Dependencies:  esp esp esp esp ebp esp esp esp esp
  0x0804865d  c3               ret     | 

Gadget 0x804866b (size 2 bytes)
------------------------------------------------------------------------------------------------------
  0x0804866b  50               push eax | Stack change: 0x0
  0x0804866c  61               popad    | Modified regs: esp

Gadget 0x8048677 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048677  0a00             or al, byte [eax] | Stack change: 0x0
  0x08048679  50               push eax          | Modified regs: eax esp
  0x0804867a  61               popad             | Dependencies:  eax eax eax eax esp

Gadget 0x804868d (size 9 bytes)
------------------------------------------------------------------------------------------------------
  0x0804868d  00494f           add byte [ecx+0x4f], cl | Stack change: 0xffffffff
  0x08048690  4c               dec esp                 | Modified regs: esp ecx
  0x08048691  49               dec ecx                 | Dependencies:  ecx ecx ecx esp ecx ebx ebx eax
  0x08048692  204372           and byte [ebx+0x72], al | 
  0x08048695  61               popad                   | 

Gadget 0x804868f (size 7 bytes)
------------------------------------------------------------------------------------------------------
  0x0804868f  4f               dec edi                 | Stack change: 0xffffffff
  0x08048690  4c               dec esp                 | Modified regs: edi esp ecx
  0x08048691  49               dec ecx                 | Dependencies:  edi esp ecx ebx ebx eax
  0x08048692  204372           and byte [ebx+0x72], al | 
  0x08048695  61               popad                   | 

Gadget 0x8048690 (size 6 bytes)
------------------------------------------------------------------------------------------------------
  0x08048690  4c               dec esp                 | Stack change: 0xffffffff
  0x08048691  49               dec ecx                 | Modified regs: esp ecx
  0x08048692  204372           and byte [ebx+0x72], al | Dependencies:  esp ecx ebx ebx eax
  0x08048695  61               popad                   | 

Gadget 0x8048691 (size 5 bytes)
------------------------------------------------------------------------------------------------------
  0x08048691  49               dec ecx                 | Stack change: 0x0
  0x08048692  204372           and byte [ebx+0x72], al | Modified regs: ecx
  0x08048695  61               popad                   | Dependencies:  ecx ebx ebx eax

Gadget 0x8048692 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x08048692  204372           and byte [ebx+0x72], al | Stack change: 0x0
  0x08048695  61               popad                   | Modified regs: 

EOF
RUN

NAME=subchains test
FILE==
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wa "pop r12; pop r13; pop r14; pop r15; ret"
e gadget.subchains=false
/Rq
echo "===================================================="
e gadget.subchains=true
/Rq
EOF
EXPECT=<<EOF
0x00000000: pop r12; pop r13; pop r14; pop r15; ret;
0x00000001: pop rsp; pop r13; pop r14; pop r15; ret;
0x00000002: pop r13; pop r14; pop r15; ret;
0x00000003: pop rbp; pop r14; pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000005: pop rsi; pop r15; ret;
0x00000006: pop r15; ret;
0x00000007: pop rdi; ret;
0x00000008: ret;
====================================================
0x00000000: pop r12; pop r13; pop r14; pop r15; ret;
0x00000002: pop r13; pop r14; pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000006: pop r15; ret;
0x00000001: pop rsp; pop r13; pop r14; pop r15; ret;
0x00000002: pop r13; pop r14; pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000006: pop r15; ret;
0x00000002: pop r13; pop r14; pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000006: pop r15; ret;
0x00000003: pop rbp; pop r14; pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000006: pop r15; ret;
0x00000004: pop r14; pop r15; ret;
0x00000006: pop r15; ret;
0x00000005: pop rsi; pop r15; ret;
0x00000006: pop r15; ret;
0x00000006: pop r15; ret;
0x00000007: pop rdi; ret;
0x00000008: ret;
EOF
RUN

NAME=search rop gadgets with comments
FILE==
CMDS=<<EOF
e asm.arch=x86
e asm.bits=64
wa "pop r12; ret"
CC Rizin is Cool! @ 0
CC Its elegant! @ 2
/R
echo "========================================================="
e gadget.comments=true
/R
EOF
EXPECT=<<EOF
  0x00000000               415c  pop r12
  0x00000002                 c3  ret
Gadget size: 3

  0x00000001                 5c  pop rsp
  0x00000002                 c3  ret
Gadget size: 2

  0x00000002                 c3  ret
Gadget size: 1

=========================================================
  0x00000000               415c  pop r12 ; Rizin is Cool!
  0x00000002                 c3  ret ; Its elegant!
Gadget size: 3

  0x00000001                 5c  pop rsp
  0x00000002                 c3  ret ; Its elegant!
Gadget size: 2

  0x00000002                 c3  ret ; Its elegant!
Gadget size: 1

EOF
RUN

NAME= search rop with conditional terminator
FILE==
CMDS=<<EOF
e asm.arch=arm
e asm.bits=32
e cfg.bigendian=false
wx 04e02de50000a0e10110a0e10080bd081eff2fe10220a0e100f020e3
pi 1
echo =========Without allow_conditional==============
/R
echo ===========With allow_conditional===============
e gadget.conditional=true
echo ======================/R========================
/R
echo ======================/Rq=======================
/Rq
echo ======================/Rg=======================
/Rg
echo ======================/Rt=======================
/Rt
echo ======================/Rj=======================
/Rj
echo ======================/Rgl======================
/Rgl
EOF
EXPECT=<<EOF
str lr, [sp, -4]!
=========Without allow_conditional==============
  0x00000000           04e02de5  str lr, [sp, -4]!
  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 20

  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 16

  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 12

  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 8

  0x00000010           1eff2fe1  bx lr
Gadget size: 4

===========With allow_conditional===============
======================/R========================
  0x00000000           04e02de5  str lr, [sp, -4]!
  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
Gadget size: 16 [Conditional]

  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
Gadget size: 12 [Conditional]

  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
Gadget size: 8 [Conditional]

  0x0000000c           0080bd08  ldmeq sp!, {pc}
Gadget size: 4 [Conditional]

  0x00000000           04e02de5  str lr, [sp, -4]!
  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 20

  0x00000004           0000a0e1  mov r0, r0
  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 16

  0x00000008           0110a0e1  mov r1, r1
  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 12

  0x0000000c           0080bd08  ldmeq sp!, {pc}
  0x00000010           1eff2fe1  bx lr
Gadget size: 8

  0x00000010           1eff2fe1  bx lr
Gadget size: 4

======================/Rq=======================
0x00000000: str lr, [sp, -4]!; mov r0, r0; mov r1, r1; ldmeq sp!, {pc}; [Conditional]
0x00000000: str lr, [sp, -4]!; mov r0, r0; mov r1, r1; ldmeq sp!, {pc}; bx lr;
0x00000004: mov r0, r0; mov r1, r1; ldmeq sp!, {pc}; [Conditional]
0x00000004: mov r0, r0; mov r1, r1; ldmeq sp!, {pc}; bx lr;
0x00000008: mov r1, r1; ldmeq sp!, {pc}; [Conditional]
0x00000008: mov r1, r1; ldmeq sp!, {pc}; bx lr;
0x0000000c: ldmeq sp!, {pc}; [Conditional]
0x0000000c: ldmeq sp!, {pc}; bx lr;
0x00000010: bx lr;
======================/Rg=======================
Gadget 0x0 [Conditional]
Stack change: 0xfffffffc
Changed registers: sp r0 r1 
Register dependencies:
Memory Write: lr Initial Value: 0xffffffff New Value: 0x0
Var Read: r0
Var Read: r1

Gadget 0x0
Stack change: 0xfffffffc
Changed registers: sp r0 r1 
Register dependencies:
Memory Write: lr Initial Value: 0xffffffff New Value: 0x0
Var Read: r0
Var Read: r1

Gadget 0x4 [Conditional]
Stack change: 0x0
Changed registers: r0 r1 
Register dependencies:
Var Read: r0
Var Read: r1

Gadget 0x4
Stack change: 0x0
Changed registers: r0 r1 
Register dependencies:
Var Read: r0
Var Read: r1

Gadget 0x8 [Conditional]
Stack change: 0x0
Changed registers: r1 
Register dependencies:
Var Read: r1

Gadget 0x8
Stack change: 0x0
Changed registers: r1 
Register dependencies:
Var Read: r1

Gadget 0xc [Conditional]
Stack change: 0x0
Changed registers: 
Register dependencies:

Gadget 0xc
Stack change: 0x0
Changed registers: 
Register dependencies:

Gadget 0x10
Stack change: 0x0
Changed registers: 
Register dependencies:

======================/Rt=======================
      addr                                    bytes disasm                                                                           
-------------------------------------------------------------------------------------------------------------------------------------
0x00000000         04e02de50000a0e10110a0e10080bd08 [Conditional] str lr, [sp, -4]!; ; mov r0, r0; ; mov r1, r1; ; ldmeq sp!, {pc}; 
0x00000000 04e02de50000a0e10110a0e10080bd081eff2fe1 str lr, [sp, -4]!; ; mov r0, r0; ; mov r1, r1; ; ldmeq sp!, {pc}; ; bx lr; 
0x00000004                 0000a0e10110a0e10080bd08 [Conditional] mov r0, r0; ; mov r1, r1; ; ldmeq sp!, {pc}; 
0x00000004         0000a0e10110a0e10080bd081eff2fe1 mov r0, r0; ; mov r1, r1; ; ldmeq sp!, {pc}; ; bx lr; 
0x00000008                         0110a0e10080bd08 [Conditional] mov r1, r1; ; ldmeq sp!, {pc}; 
0x00000008                 0110a0e10080bd081eff2fe1 mov r1, r1; ; ldmeq sp!, {pc}; ; bx lr; 
0x0000000c                                 0080bd08 [Conditional] ldmeq sp!, {pc}; 
0x0000000c                         0080bd081eff2fe1 ldmeq sp!, {pc}; ; bx lr; 
0x00000010                                 1eff2fe1 bx lr; 
======================/Rj=======================
[{"opcodes":[{"offset":0,"size":4,"opcode":"str lr, [sp, -4]!","type":"store"},{"offset":4,"size":4,"opcode":"mov r0, r0","type":"mov"},{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"}],"retaddr":12,"size":16,"is_conditional":true},{"opcodes":[{"offset":0,"size":4,"opcode":"str lr, [sp, -4]!","type":"store"},{"offset":4,"size":4,"opcode":"mov r0, r0","type":"mov"},{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"},{"offset":16,"size":4,"opcode":"bx lr","type":"ret"}],"retaddr":16,"size":20},{"opcodes":[{"offset":4,"size":4,"opcode":"mov r0, r0","type":"mov"},{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"}],"retaddr":12,"size":12,"is_conditional":true},{"opcodes":[{"offset":4,"size":4,"opcode":"mov r0, r0","type":"mov"},{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"},{"offset":16,"size":4,"opcode":"bx lr","type":"ret"}],"retaddr":16,"size":16},{"opcodes":[{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"}],"retaddr":12,"size":8,"is_conditional":true},{"opcodes":[{"offset":8,"size":4,"opcode":"mov r1, r1","type":"mov"},{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"},{"offset":16,"size":4,"opcode":"bx lr","type":"ret"}],"retaddr":16,"size":12},{"opcodes":[{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"}],"retaddr":12,"size":4,"is_conditional":true},{"opcodes":[{"offset":12,"size":4,"opcode":"ldmeq sp!, {pc}","type":"cret"},{"offset":16,"size":4,"opcode":"bx lr","type":"ret"}],"retaddr":16,"size":8},{"opcodes":[{"offset":16,"size":4,"opcode":"bx lr","type":"ret"}],"retaddr":16,"size":4}]
======================/Rgl======================
Gadget 0x0 (size 16 bytes) [Conditional]
------------------------------------------------------------------------------------------------------
  0x00000000  04e02de5         str lr, [sp, -4]! | Stack change: 0xfffffffc
  0x00000004  0000a0e1         mov r0, r0        | Modified regs: sp r0 r1
  0x00000008  0110a0e1         mov r1, r1        | Dependencies:  sp lr sp r0 r1
  0x0000000c  0080bd08         ldmeq sp!, {pc}   | 

Gadget 0x0 (size 16 bytes)
------------------------------------------------------------------------------------------------------
  0x00000000  04e02de5         str lr, [sp, -4]! | Stack change: 0xfffffffc
  0x00000004  0000a0e1         mov r0, r0        | Modified regs: sp r0 r1
  0x00000008  0110a0e1         mov r1, r1        | Dependencies:  sp lr sp r0 r1
  0x0000000c  0080bd08         ldmeq sp!, {pc}   | 

Gadget 0x4 (size 12 bytes) [Conditional]
------------------------------------------------------------------------------------------------------
  0x00000004  0000a0e1         mov r0, r0      | Stack change: 0x0
  0x00000008  0110a0e1         mov r1, r1      | Modified regs: r0 r1
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Dependencies:  r0 r1

Gadget 0x4 (size 12 bytes)
------------------------------------------------------------------------------------------------------
  0x00000004  0000a0e1         mov r0, r0      | Stack change: 0x0
  0x00000008  0110a0e1         mov r1, r1      | Modified regs: r0 r1
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Dependencies:  r0 r1

Gadget 0x8 (size 8 bytes) [Conditional]
------------------------------------------------------------------------------------------------------
  0x00000008  0110a0e1         mov r1, r1      | Stack change: 0x0
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Modified regs: r1

Gadget 0x8 (size 8 bytes)
------------------------------------------------------------------------------------------------------
  0x00000008  0110a0e1         mov r1, r1      | Stack change: 0x0
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Modified regs: r1

Gadget 0xc (size 4 bytes) [Conditional]
------------------------------------------------------------------------------------------------------
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Stack change: 0x0

Gadget 0xc (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x0000000c  0080bd08         ldmeq sp!, {pc} | Stack change: 0x0

Gadget 0x10 (size 4 bytes)
------------------------------------------------------------------------------------------------------
  0x00000010  1eff2fe1         bx lr | Stack change: 0x0

EOF
RUN

NAME= detail rop search  (/Rg)  on mips (1 delay slot)
FILE==
CMDS=<<EOF
e asm.arch=mips
e asm.bits=32
e cfg.bigendian=false
wa "addiu sp, sp, 0x20; jr ra; nop"
pi 3
echo "================================================"
/R
echo "================================================"
/Rg 
EOF
EXPECT=<<EOF
addiu sp, sp, 0x20
jr ra
nop
================================================
  0x00000000           2000bd27  addiu sp, sp, 0x20
  0x00000004           0800e003  jr ra
  0x00000008           00000000  nop
Gadget size: 12

  0x00000004           0800e003  jr ra
  0x00000008           00000000  nop
Gadget size: 8

================================================
Gadget 0x0
Stack change: 0x20
Changed registers: sp 
Register dependencies:

Gadget 0x4
Stack change: 0x0
Changed registers: 
Register dependencies:

EOF
RUN

NAME=consistency check between /R and /Rg
FILE=bins/elf/analysis/mips64r2-busybox
CMDS=<<EOF
/R~Gadget~?
/Rg~Gadget~?
EOF
EXPECT=<<EOF
1951
1951
EOF
RUN