ROPSHELL 
ropshell> use 3bec4ff4a4e17444678adc017c3e6778 (download)
name         : libc-2.11.2.so (i386/RAW)
base address : 0x0
total gadgets: 12866

ropshell> suggest
call
    > 0x00016a73 : call eax
    > 0x0001c10f : call ebx
    > 0x0004abcc : call ecx
    > 0x00018e72 : call edx
    > 0x00016c12 : call esi
jmp
    > 0x001047b9 : push esp; ret
    > 0x00017901 : jmp eax
    > 0x0012c3cb : jmp ebx
    > 0x00054f29 : jmp ecx
    > 0x000284b1 : jmp edx
load mem
    > 0x00062d7e : mov eax, [ecx]; pop ebp; ret
    > 0x0002b39f : mov eax, [ecx + 0x34]; ret
    > 0x00069343 : mov eax, [ebp + 8]; pop ebp; ret
    > 0x00089767 : mov eax, [ebx + 0x3698]; pop ebx; pop ebp; ret
    > 0x000e018a : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x000206ac : pop eax; ret
    > 0x00074886 : pop ebx; ret
    > 0x0013519d : pop ecx; ret
    > 0x00001a9e : pop edx; ret
    > 0x00074b89 : pop esi; ret
pop pop ret
    > 0x000206ac : pop eax; ret
    > 0x00016dc3 : pop ebx; pop ebp; ret
    > 0x0002bce8 : pop ebp; pop esi; pop edi; ret
    > 0x0002c29a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001e36b : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x000b7d95 : add esp, 0x18; ret
    > 0x000b7d95 : add esp, 0x18; ret
    > 0x000b7b14 : add esp, 0x28; ret
stack pivoting
    > 0x000ee929 : xchg eax, esp; ret
    > 0x00016b4f : mov esp, ebp; pop ebp; ret
    > 0x00042588 : lea esp, [ecx - 4]; ret
    > 0x0002a3dd : mov esp, ecx; jmp edx
    > 0x000f8159 : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
syscall
    > 0x00097bf5 : int 0x80; ret
write mem
    > 0x00139a9f : add [ebx], eax; ret 2
    > 0x000c68ed : add [ebx + 0x5d5b08c4], eax; ret
    > 0x00062173 : add [esi + 0x5d], ebx; ret
    > 0x000f5c15 : add [eax + 1], edi; pop ebp; ret
    > 0x0004e40a : add [ebp + 2], esi; pop ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact