ROPSHELL 
ropshell> use 45cf4db331c99919d766df2fbf699a56 (download)
name         : libc_32.so (i386/ELF)
base address : 0x17500
total gadgets: 16371

ropshell> suggest
call
    > 0x000187d1 : call eax
    > 0x0001db5a : call ebx
    > 0x0001839a : call ecx
    > 0x000227b4 : call edx
    > 0x0001c28a : call esi
jmp
    > 0x00122d66 : push esp; ret
    > 0x00018cc3 : jmp eax
    > 0x00079044 : jmp ebx
    > 0x000602a6 : jmp ecx
    > 0x0002a473 : jmp edx
load mem
    > 0x00063be7 : mov eax, [edx]; ret
    > 0x0002153b : mov eax, [ecx + 0x1160]; ret
    > 0x00109478 : mov eax, [edx + eax]; ret
    > 0x0006ea30 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00136142 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x0002452f : pop eax; ret
    > 0x0001850e : pop ebx; ret
    > 0x000b8887 : pop ecx; ret
    > 0x0002bf5d : pop edx; ret
    > 0x00018228 : pop esi; ret
pop pop ret
    > 0x0002452f : pop eax; ret
    > 0x0013ef8b : pop ebp; pop ebx; ret
    > 0x000a35b7 : pop eax; pop edi; pop esi; ret
    > 0x0003e12a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001d234 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00078d61 : add esp, 0x100; ret
    > 0x00078d61 : add esp, 0x100; ret
    > 0x00019365 : add esp, 0x24; ret
    > 0x000d8d6f : add esp, 0x3c; ret
    > 0x00116210 : add esp, 0x4c; ret
stack pivoting
    > 0x00113359 : xchg eax, esp; ret
    > 0x0002c02f : mov esp, ecx; jmp edx
    > 0x0003ef37 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x000fa281 : mov esp, edi; int1 ; jmp [esi - 0x70]
    > 0x00052e13 : lea esp, [esi + edi*8 - 1]; jmp [esi - 0x77]
syscall
    > 0x000b46d5 : call gs:[0x10]; ret
    > 0x000ea3b1 : int 0x80; pop ebp; pop edi; pop esi; pop ebx; ret
write mem
    > 0x00092edc : add [eax], edx; ret
    > 0x00092efc : add [eax], esi; ret
    > 0x000870d1 : add [eax + 0x5f028d02], ecx; ret
    > 0x00088be5 : add [ebx + 0x5b5fffd8], eax; ret
    > 0x00105af4 : adc [esi + 0x5f], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact