ROPSHELL 
ropshell> use 201f2f41d0886537aa6d3d322275474b (download)
name         : ld-2.11.2.so (i386/ELF)
base address : 0x830
total gadgets: 970

ropshell> suggest
call
    > 0x00000e2a : call eax
    > 0x00013122 : call ecx
    > 0x0000329e : call edx
    > 0x0000d530 : call esi
    > 0x00007775 : call [eax]
jmp
    > 0x00001558 : jmp eax
    > 0x0000a8ec : jmp edx
    > 0x00000898 : jmp edi
    > 0x0000a4d8 : jmp [eax]
    > 0x00005e10 : jmp [ebx]
load mem
    > 0x0000e540 : mov eax, [ecx]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x0000a8f4 : mov eax, [edx]; add eax, [ecx]; call eax
    > 0x0000bd51 : mov eax, [edi]; add eax, [edx]; call eax
    > 0x00013292 : mov eax, [ebx + 0x14]; call [ebx]
    > 0x000008c3 : mov eax, [ebp + 8]; add [eax + 4], 1; pop ebp; ret
load reg
    > 0x00016559 : pop esi; ret
    > 0x000161cc : pop edi; ret
    > 0x000008ca : pop ebp; ret
    > 0x0000109a : pop ebx; pop ebp; ret
    > 0x0001688b : mov ebx, [esp]; ret
pop pop ret
    > 0x000008ca : pop ebp; ret
    > 0x0000109a : pop ebx; pop ebp; ret
    > 0x000009ab : pop esi; pop edi; pop ebp; ret
    > 0x000009aa : pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0001540a : add esp, 0x1c; ret
    > 0x0001540a : add esp, 0x1c; ret
    > 0x000132d0 : add esp, 0x3c; ret
stack pivoting
    > 0x000067ea : xchg eax, esp; ret
    > 0x00000a87 : mov esp, ebp; pop ebp; ret
    > 0x0000cea2 : lea esp, [ebp - 8]; pop esi; pop edi; pop ebp; ret
    > 0x00000a19 : leave ; ret
syscall
    > 0x00015ed8 : int 0x80; pop ebp; ret
write mem
    > 0x000159b6 : add [ebx + 0x5d5b08c4], eax; ret
    > 0x0000d669 : adc [ebp + 0x5e5bf465], ecx; pop edi; pop ebp; ret
    > 0x0000d1f1 : add [eax], ecx; mov eax, [ebp - 0x4c]; mov [esp + 8], ecx; mov ecx, [edx + 8]; mov [esp], eax; mov [esp + 4], ecx; call [ebp - 0x50]

© 2014 - 2019 - Powered by ROPEME | Contact