ROPSHELL 
ropshell> use 13274accb3f37815a223d1ce3a26da9d (download)
name         : libc-2.27.so (i386/ELF)
base address : 0x18610
total gadgets: 16602

ropshell> suggest
call
    > 0x00018ea1 : call eax
    > 0x0001e4df : call ebx
    > 0x0001aa64 : call ecx
    > 0x00018f21 : call edx
    > 0x0001a14e : call esi
jmp
    > 0x0007935e : push esp; ret
    > 0x000191c3 : jmp eax
    > 0x0007fb45 : jmp ebx
    > 0x000199a0 : jmp ecx
    > 0x0002ab1f : jmp edx
load mem
    > 0x00068cf7 : mov eax, [edx]; ret
    > 0x00135048 : mov eax, [edx + 4]; ret
    > 0x00075423 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00075459 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0014d902 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x00024b5e : pop eax; ret
    > 0x00018be5 : pop ebx; ret
    > 0x0002d54d : pop edx; ret
    > 0x00018706 : pop esi; ret
    > 0x0001869b : pop edi; ret
pop pop ret
    > 0x00024b5e : pop eax; ret
    > 0x0015674b : pop ebp; pop ebx; ret
    > 0x000ad377 : pop eax; pop edi; pop esi; ret
    > 0x0004046a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001c773 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x001361e1 : add esp, 0x10; ret
    > 0x001361e1 : add esp, 0x10; ret
    > 0x00165382 : add esp, 0x20; ret
    > 0x000f1b80 : add esp, 0x3c; ret
    > 0x000e8c55 : add esp, 0x4c; ret
stack pivoting
    > 0x000195d2 : xchg eax, esp; ret
    > 0x0002d61f : mov esp, ecx; jmp edx
    > 0x00041238 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0009ae3b : xchg esp, esp; mov bl, 0xfa; call [eax - 0x18]
    > 0x0009ae3b : xchg esp, esp; mov bl, 0xfa; call [eax - 0x18]
syscall
    > 0x000bfe45 : call gs:[0x10]; ret
write mem
    > 0x00097b6c : add [eax], edx; ret
    > 0x00097b8c : add [eax], esi; ret
    > 0x00082690 : add [eax], edi; ret
    > 0x0005aff8 : add [ecx], eax; ret
    > 0x0003efd2 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact