ROPSHELL 
ropshell> use 1aee20173ca5259f866644667ad046d8 (download)
name         : vuln (i386/ELF)
base address : 0x80490a0
total gadgets: 6653

ropshell> suggest
call
    > 0x08049c90 : call eax
    > 0x08078d0d : call ebx
    > 0x08052dd1 : call ecx
    > 0x08049cdd : call edx
    > 0x08053e57 : call esi
jmp
    > 0x080b074a : push esp; ret
    > 0x0805333b : jmp eax
    > 0x08061205 : jmp ebx
    > 0x0804f63e : jmp ecx
    > 0x08049bcc : jmp edx
load mem
    > 0x080b06b4 : mov eax, [edx + 0x4c]; ret
    > 0x0809d6ed : mov eax, [edx]; pop ebx; pop esi; ret
    > 0x0809e54f : mov edx, [eax]; mov eax, edx; ret
    > 0x08064c7d : mov edi, [esi]; jmp ebx
    > 0x080590f0 : mov eax, [ecx]; mov [edx], eax; ret
load reg
    > 0x080b073a : pop eax; ret
    > 0x0804e02e : pop ebx; ret
    > 0x08049e29 : pop ecx; ret
    > 0x0804ae6a : pop esi; ret
    > 0x0804b27f : pop edi; ret
pop pop ret
    > 0x080b073a : pop eax; ret
    > 0x0804ae69 : pop ebx; pop esi; ret
    > 0x080583b8 : pop eax; pop edx; pop ebx; ret
    > 0x080aa73a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x080567a7 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x08050989 : add esp, 0x1c; ret
    > 0x08050989 : add esp, 0x1c; ret
    > 0x080ae6c6 : add esp, 0x20; ret
stack pivoting
    > 0x0804a960 : xchg eax, esp; ret
    > 0x08049e25 : lea esp, [ecx - 4]; ret
    > 0x080a0826 : mov esp, ecx; jmp edx
    > 0x0804b4da : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x0809c2b1 : xchg esp, eax; xor esi, edi; call [eax + 0x6a]
syscall
    > 0x08071640 : int 0x80; ret
    > 0x0806e559 : call gs:[0x10]; ret
write mem
    > 0x080afb94 : add [ecx], eax; ret
    > 0x0809cbcf : add [ecx], esi; ret
    > 0x08050e8a : add [ecx], edi; ret
    > 0x080685f1 : add [eax + 0x5f028d02], ecx; ret
    > 0x08059485 : add [ebx + 0x5e5b04c4], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact