ROPSHELL 
ropshell> use 40860aa4eab257bd5c35e2dfac4cca07 (download)
name         : libc-2.27.so (i386/ELF)
base address : 0x18610
total gadgets: 16552

ropshell> suggest
call
    > 0x00018f41 : call eax
    > 0x0001e59f : call ebx
    > 0x0001ab24 : call ecx
    > 0x00018fc1 : call edx
    > 0x0001a1fe : call esi
jmp
    > 0x0007963e : push esp; ret
    > 0x000191c2 : jmp eax
    > 0x0007fca5 : jmp ebx
    > 0x00019a40 : jmp ecx
    > 0x0002abff : jmp edx
load mem
    > 0x00068e57 : mov eax, [edx]; ret
    > 0x00134f98 : mov eax, [edx + 4]; ret
    > 0x00075653 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00075689 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0014d8d2 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x00024c1e : pop eax; ret
    > 0x00018c85 : pop ebx; ret
    > 0x0002d62d : pop edx; ret
    > 0x00018787 : pop esi; ret
    > 0x0001869b : pop edi; ret
pop pop ret
    > 0x00024c1e : pop eax; ret
    > 0x0015671b : pop ebp; pop ebx; ret
    > 0x000ad347 : pop eax; pop edi; pop esi; ret
    > 0x0004055a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001c833 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00136131 : add esp, 0x10; ret
    > 0x00136131 : add esp, 0x10; ret
    > 0x00165372 : add esp, 0x20; ret
    > 0x000f1950 : add esp, 0x3c; ret
    > 0x000e8d05 : add esp, 0x4c; ret
stack pivoting
    > 0x00019672 : xchg eax, esp; ret
    > 0x0002d6ff : mov esp, ecx; jmp edx
    > 0x00041328 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0011e477 : lea esp, [ecx - 0x3b7c0011]; adc [ebx + 0x5e5b04c4], al; ret
    > 0x0009ae4b : xchg esp, esp; mov bl, 0xfa; call [eax - 0x18]
syscall
    > 0x000bfe85 : call gs:[0x10]; ret
write mem
    > 0x00097b7c : add [eax], edx; ret
    > 0x00097b9c : add [eax], esi; ret
    > 0x000826a0 : add [eax], edi; ret
    > 0x0005b158 : add [ecx], eax; ret
    > 0x0003f0c2 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact