ROPSHELL 
ropshell> use 3bec4ff4a4e17444678adc017c3e6778 (download)
name         : libc-2.11.2.so (i386/RAW)
base address : 0x0
total gadgets: 12866

ropshell> suggest "load mem"
> 0x00062d7e : mov eax, [ecx]; pop ebp; ret
> 0x0002b39f : mov eax, [ecx + 0x34]; ret
> 0x00069343 : mov eax, [ebp + 8]; pop ebp; ret
> 0x00089767 : mov eax, [ebx + 0x3698]; pop ebx; pop ebp; ret
> 0x000e018a : mov ebp, [ecx + 0xc]; jmp edx
> 0x00069170 : mov eax, [edx]; mov [ecx], eax; pop ebp; ret
> 0x000234b3 : mov eax, [edx + eax]; mov esp, ebp; pop ebp; ret
> 0x000691c0 : mov eax, [esi + 8]; sub eax, ecx; pop esi; pop ebp; ret
> 0x00039aa2 : mov ecx, [eax + 0x3c]; mov eax, [eax + 0x40]; ret
> 0x0010474c : mov edx, [ebp + 0x10]; mov [eax], edx; pop ebp; ret
> 0x000c8888 : mov eax, [esi]; mov [esp], eax; call edi
> 0x0001f39f : mov edx, [esi]; mov [esp], edx; call eax
> 0x000ec8f5 : mov ecx, [ebp + 0x1c]; mov [ecx], edx; pop esi; pop edi; pop ebp; ret
> 0x0007c2a9 : mov edx, [ecx + 8]; mov [esp], edx; call eax
> 0x000d6fc0 : mov edx, [esi + 0x30]; mov [esp], edx; call eax
> 0x000e0187 : mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x00072428 : mov edi, [ebp + 0xc]; mov [esp + 4], edi; call eax
> 0x0005939f : mov ebp, [eax + 0x1ffffff]; ror [ecx - 0x1077b], 1; jmp [ebp - 0x75]
> 0x0007c462 : mov edx, [ecx]; mov [esp], edx; mov eax, [ebp - 0x48]; call eax
> 0x0001a3e2 : mov eax, [edi + 0xc]; mov [esp], eax; call [edi + 4]
> 0x000f78c3 : mov edx, [eax + 0x20]; mov [esp], eax; call [edx + 0x10]
> 0x000c86b3 : mov esi, [ebp + 8]; mov [esi], eax; add esp, 4; pop esi; pop edi; pop ebp; ret
> 0x000b6f96 : movzx edx, [eax]; mov eax, [ebp + 0xc]; mov [eax], dx; xor eax, eax; pop ebp; ret
> 0x000db9a6 : mov esi, [eax]; sub eax, [eax]; add [edx], al; add esp, 8; pop ebx; pop ebp; ret
> 0x001099d6 : mov edx, [ebx + 0x37d0]; mov eax, esi; ror edx, 9; xor edx, gs:[0x18]; call edx
> 0x000e0184 : mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x000f0b10 : mov ecx, [eax]; mov eax, [ecx + 0x20]; mov [esp], ecx; call [eax + 0xc]
> 0x0007a03b : mov ecx, [edi]; mov [edx], cx; mov esi, [ebp - 8]; mov edi, [ebp - 4]; mov esp, ebp; pop ebp; ret
> 0x00039a9c : mov ebx, [eax + 0x34]; mov edx, [eax + 0x38]; mov ecx, [eax + 0x3c]; mov eax, [eax + 0x40]; ret
> 0x00070188 : mov ecx, [ebx + 0x7c890455]; and al, 4; mov [esp], esi; mov [esp + 8], edx; call eax
> 0x000691ba : mov ecx, [edx + 4]; sub ecx, [edx + 0xc]; mov eax, [esi + 8]; sub eax, ecx; pop esi; pop ebp; ret
> 0x0002a3d3 : mov edi, [eax + 8]; mov ebp, [eax + 0xc]; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x000e0182 : mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x00069636 : movzx ecx, [esi]; mov [esp], edx; mov [ebp - 0x1c], edx; mov [esp + 4], ecx; call [eax + 0xc]
> 0x0002a3d0 : mov esi, [eax + 4]; mov edi, [eax + 8]; mov ebp, [eax + 0xc]; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x0001f078 : mov eax, [edi]; mov [esp + 4], edx; mov [esp + 8], eax; mov eax, [esi + 0xc]; mov [esp], eax; call [esi + 4]
> 0x0002a3ce : mov ebx, [eax]; mov esi, [eax + 4]; mov edi, [eax + 8]; mov ebp, [eax + 0xc]; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x00041d79 : movsx ecx, [esi + 0x46]; mov [ebp - 0x20d0], edx; mov ecx, [esi + ecx + 0x94]; mov [esp + 8], edx; mov [esp + 4], eax; mov [esp], esi; call [ecx + 0x1c]

© 2014 - 2019 - Powered by ROPEME | Contact