ROPSHELL 
ropshell> use 13274accb3f37815a223d1ce3a26da9d (download)
name         : libc-2.27.so (i386/ELF)
base address : 0x18610
total gadgets: 16602

ropshell> suggest "stack pivoting"
> 0x000195d2 : xchg eax, esp; ret
> 0x0002d61f : mov esp, ecx; jmp edx
> 0x00041238 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x0009ae3b : xchg esp, esp; mov bl, 0xfa; call [eax - 0x18]
> 0x0009ae3b : xchg esp, esp; mov bl, 0xfa; call [eax - 0x18]
> 0x000c35d3 : lea esp, [ebx + edi*8 - 1]; call [ebx - 0x18]
> 0x00059c5f : lea esp, [edx + edi*8 - 1]; call [esi - 0x18]
> 0x000c7d7f : lea esp, [edi + edx*8 - 1]; call [esi - 0x73]
> 0x000b6a6d : xchg ebp, esp; sbb eax, [eax]; add [ebx - 0x877b], cl; inc [ebx]; test [eax - 0x5dce8], bl; jmp eax
> 0x0005d925 : xchg esp, ebx; sbb al, [eax]; add [ebx - 0x4e37b], cl; inc [ebx]; test [eax - 0x5f9bc], bl; jmp eax
> 0x0014d1e4 : lea esp, [ecx - 0x3c7e0002]; cwde ; lahf ; add eax, [eax]; add ebx, [ebx + ecx*4]; jmp ebx
> 0x00057e27 : xchg esi, esp; sldt [eax]; mov eax, [ebp - 0x590]; movzx edx, dl; add eax, [eax + edx*4 - 0x5fbc8]; jmp eax
> 0x00109aa9 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x000a27d3 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact