ROPSHELL 
ropshell> use 201f2f41d0886537aa6d3d322275474b (download)
name         : ld-2.11.2.so (i386/ELF)
base address : 0x830
total gadgets: 970

ropshell> suggest "load mem"
> 0x0000e540 : mov eax, [ecx]; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x0000a8f4 : mov eax, [edx]; add eax, [ecx]; call eax
> 0x0000bd51 : mov eax, [edi]; add eax, [edx]; call eax
> 0x00013292 : mov eax, [ebx + 0x14]; call [ebx]
> 0x000008c3 : mov eax, [ebp + 8]; add [eax + 4], 1; pop ebp; ret
> 0x00012717 : mov edx, [edi]; add edx, [eax + 4]; call edx
> 0x0000b09a : mov eax, [esi + 8]; add eax, [edx]; call eax
> 0x00015f13 : mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; jmp edx
> 0x00014c02 : mov ecx, [edx]; mov [ebp - 0x10], edx; mov [esp], ecx; call eax
> 0x00008880 : mov edx, [ecx]; mov [eax + 0xc], edx; add esp, 8; pop esi; pop edi; pop ebp; ret
> 0x0001328f : mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x0000a8f1 : mov ecx, [ebp + 8]; mov eax, [edx]; add eax, [ecx]; call eax
> 0x0000bd4e : mov edx, [ebp + 8]; mov eax, [edi]; add eax, [edx]; call eax
> 0x00015f10 : mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; jmp edx
> 0x0000d1fa : mov ecx, [edx + 8]; mov [esp], eax; mov [esp + 4], ecx; call [ebp - 0x50]
> 0x00014b76 : mov edx, [eax + 4]; mov eax, [ebp + 0xc]; pop ebp; cmp edx, [eax + 4]; sete al; movzx eax, al; ret
> 0x0000cfa2 : mov eax, [ecx + 8]; mov [esp + 4], eax; mov eax, [ebp - 0x30]; mov [esp], eax; call edx
> 0x0001328c : mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x0000d3ae : mov edx, [ecx + 8]; mov [esp + 4], edx; mov edx, [ebp - 0x50]; mov [esp], edx; call eax
> 0x00015f0d : mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; jmp edx
> 0x0000d746 : mov ecx, [eax]; mov [ebp - 0x28], eax; mov [eax], 0; mov [esp], edi; mov [ebp - 0x24], ecx; call [ebp - 0x1c]
> 0x00010120 : mov ebp, [eax]; or [eax], al; add [ecx + 0x30838b08], cl; or [eax], al; add [ebx + 0x5d], bl; mov [edx], eax; ret
> 0x00015f0b : mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; mov esp, [ecx + 0x10]; jmp edx
> 0x00013287 : mov edi, [ebx + 4]; mov [ebx], eax; mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]
> 0x00013285 : mov esi, [ebx]; mov edi, [ebx + 4]; mov [ebx], eax; mov edx, [ebx + 0xc]; mov ecx, [ebx + 0x10]; mov eax, [ebx + 0x14]; call [ebx]

© 2014 - 2019 - Powered by ROPEME | Contact