ROPSHELL 
ropshell> use 10f6cd85d683ae08273ef4f3d0a297de (download)
name         : libc.so.6 (i386/ELF)
base address : 0x18690
total gadgets: 16559

ropshell> suggest
call
    > 0x00018fc1 : call eax
    > 0x0001e19f : call ebx
    > 0x0001a754 : call ecx
    > 0x00019041 : call edx
    > 0x00019e2e : call esi
jmp
    > 0x0007971e : push esp; ret
    > 0x000192e3 : jmp eax
    > 0x0007fd85 : jmp ebx
    > 0x00019810 : jmp ecx
    > 0x0002acef : jmp edx
load mem
    > 0x00068f47 : mov eax, [edx]; ret
    > 0x001350d8 : mov eax, [edx + 4]; ret
    > 0x00075733 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00075769 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0014da12 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x00024e1e : pop eax; ret
    > 0x00018d05 : pop ebx; ret
    > 0x0002d71d : pop edx; ret
    > 0x00018807 : pop esi; ret
    > 0x0001871b : pop edi; ret
pop pop ret
    > 0x00024e1e : pop eax; ret
    > 0x0015685b : pop ebp; pop ebx; ret
    > 0x000ad427 : pop eax; pop edi; pop esi; ret
    > 0x0004064a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001c3ac : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00136271 : add esp, 0x10; ret
    > 0x00136271 : add esp, 0x10; ret
    > 0x001654b2 : add esp, 0x20; ret
    > 0x000f1a40 : add esp, 0x3c; ret
    > 0x000e8df5 : add esp, 0x4c; ret
stack pivoting
    > 0x0003e71a : xchg eax, esp; ret
    > 0x0002d7ef : mov esp, ecx; jmp edx
    > 0x00041418 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x000bba15 : xchg esp, esp; mov bh, 0xfa; call [eax - 0x73]
    > 0x000bba15 : xchg esp, esp; mov bh, 0xfa; call [eax - 0x73]
syscall
    > 0x000bff65 : call gs:[0x10]; ret
write mem
    > 0x00097c5c : add [eax], edx; ret
    > 0x00097c7c : add [eax], esi; ret
    > 0x00082780 : add [eax], edi; ret
    > 0x0005b248 : add [ecx], eax; ret
    > 0x0003f1b2 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact