ROPSHELL 
ropshell> use 0dd5e0dad8aeb27fb7213c93b50d00cd (download)
name         : libc-2.21.so (i386/ELF)
base address : 0x17500
total gadgets: 16523

ropshell> suggest
call
    > 0x000187c1 : call eax
    > 0x0001daca : call ebx
    > 0x0001838a : call ecx
    > 0x000226ec : call edx
    > 0x0001c1fa : call esi
jmp
    > 0x001200e6 : push esp; ret
    > 0x00018cb3 : jmp eax
    > 0x000781e4 : jmp ebx
    > 0x0005f636 : jmp ecx
    > 0x0002a2d3 : jmp edx
load mem
    > 0x00062f17 : mov eax, [edx]; ret
    > 0x0002149b : mov eax, [ecx + 0x1160]; ret
    > 0x0006dc90 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x0011e180 : mov eax, [edx + 4]; add esp, 0xc; ret
    > 0x000f8c0f : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x00024438 : pop eax; ret
    > 0x000184fe : pop ebx; ret
    > 0x000b73a7 : pop ecx; ret
    > 0x0002bd8c : pop edx; ret
    > 0x00018218 : pop esi; ret
pop pop ret
    > 0x00024438 : pop eax; ret
    > 0x0013c20b : pop ebp; pop ebx; ret
    > 0x000a2487 : pop eax; pop edi; pop esi; ret
    > 0x0003dc4a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001d1a4 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00077f11 : add esp, 0x100; ret
    > 0x00077f11 : add esp, 0x100; ret
    > 0x00019355 : add esp, 0x24; ret
    > 0x000d757f : add esp, 0x3c; ret
    > 0x00113790 : add esp, 0x4c; ret
stack pivoting
    > 0x00110909 : xchg eax, esp; ret
    > 0x0002be5d : mov esp, ecx; jmp edx
    > 0x0003ea57 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x000b785c : lea esp, [esi + edi*8 - 1]; call [ecx + 0x56]
    > 0x000ac03b : lea esp, [edi + edi*8 - 1]; call [eax - 0x18]
syscall
    > 0x000b3315 : call gs:[0x10]; ret
    > 0x000e82d1 : int 0x80; pop ebp; pop edi; pop esi; pop ebx; ret
write mem
    > 0x0009204c : add [eax], edx; ret
    > 0x0009206c : add [eax], esi; ret
    > 0x00086241 : add [eax + 0x5f028d02], ecx; ret
    > 0x00087d55 : add [ebx + 0x5b5fffd8], eax; ret
    > 0x00103334 : adc [esi + 0x5f], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact