ROPSHELL 
ropshell> use 28b043c5859b71795d37de9a7a022f62 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x20290
total gadgets: 18160

ropshell> suggest
call
    > 0x00021517 : call eax
    > 0x00027343 : call ebx
    > 0x00022986 : call ecx
    > 0x0002ccaf : call edx
    > 0x000225d6 : call esi
jmp
    > 0x00171a5a : push esp; ret
    > 0x000218e7 : jmp eax
    > 0x0005986e : jmp ebx
    > 0x000347ce : jmp ecx
    > 0x00034562 : jmp edx
load mem
    > 0x0007446b : mov eax, [edx]; ret
    > 0x0014712b : mov eax, [edx + eax]; ret
    > 0x0017d6eb : mov edi, [esi]; jmp ebx
    > 0x00080b60 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00080bad : mov eax, [ecx + 8]; sub eax, edx; ret
load reg
    > 0x0002ed92 : pop eax; ret
    > 0x0002c01f : pop ebx; ret
    > 0x00037375 : pop edx; ret
    > 0x00021479 : pop esi; ret
    > 0x00021e78 : pop edi; ret
pop pop ret
    > 0x0002ed92 : pop eax; ret
    > 0x0019176b : pop ebp; pop ebx; ret
    > 0x000c9c47 : pop eax; pop edi; pop esi; ret
    > 0x0004b68a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0003b3f8 : pop ebx; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x001470d4 : add esp, 0x11c; ret
    > 0x001470d4 : add esp, 0x11c; ret
    > 0x001a05c5 : add esp, 0x20; ret
    > 0x00119584 : add esp, 0x3c; ret
    > 0x000489ae : add esp, 0x42c; ret
stack pivoting
    > 0x0002c5d3 : xchg eax, esp; ret
    > 0x000374f3 : mov esp, ecx; jmp edx
    > 0x0011c08f : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0013bfb5 : push esi; pop esp; stc ; call [edx + 0x50]
    > 0x0012cc91 : xchg edi, esp; push esi; stc ; call [ebp - 1]
syscall
    > 0x0008fe39 : call gs:[0x10]; ret
write mem
    > 0x000b3fdc : add [eax], edx; ret
    > 0x000b3ffc : add [eax], esi; ret
    > 0x000a1c35 : add [eax], edi; ret
    > 0x0005fe3f : add [ecx], eax; ret
    > 0x0003d482 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact