ROPSHELL 
ropshell> use 4b2daf6d918d815e4a6f9441f25b1787 (download)
name         : fact (arm/ELF)
base address : 0x10170
total gadgets: 1855

ropshell> suggest "write mem"
> 0x0005a8fe : strne r3, [r0]; pop {r4, pc}
> 0x0004eed6 : str ip, [r1]; pop {r7, pc}
> 0x00028882 : str r0, [r2]; pop {r4, pc}
> 0x00057fc6 : str r3, [r2]; pop {r4, pc}
> 0x0002ae2a : str r0, [r3]; pop {r4, pc}
> 0x0004944e : str r1, [r3]; pop {r4, pc}
> 0x00063826 : str r2, [r3]; pop {r4, pc}
> 0x000114da : str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x0004996e : str r1, [r4]; pop {r4, pc}
> 0x0001cf16 : str r3, [r4]; pop {r4, pc}
> 0x000575fe : str r0, [lr]; pop {r4, r5, r6, pc}
> 0x00035d8e : str r2, [r0, r3]; pop {r4, pc}
> 0x0005b51a : str lr, [r7, r2]; pop {r4, r5, r6, r7, pc}
> 0x000105e2 : str r1, [r0]; mov r0, r2; pop {r4, pc}
> 0x000541c6 : str ip, [r0, #0x184]; pop {r4, pc}
> 0x000288da : strge lr, [r1, #4]; pop {r4, pc}
> 0x0004948a : str ip, [r3, #0x20]; pop {r4, pc}
> 0x0006eabe : str r0, [r4, #0x10]; pop {r4, pc}
> 0x0001d882 : str r5, [r4, #0x30]; pop {r4, r5, r6, pc}
> 0x00024c96 : str r0, [r5]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0001ce02 : str r3, [r5, #0x60]; pop {r4, r5, r6, pc}
> 0x000415d2 : str r2, [lr]; blx r3
> 0x00022a0a : str r0, [r1]; str r2, [r3]; pop {r4, r5, pc}
> 0x0005c352 : str r1, [r2]; mov r0, #2; pop {r4, r5, pc}
> 0x0005c38e : str r4, [r2]; mov r0, #2; pop {r4, r5, pc}
> 0x0005b4be : str lr, [r4, r2, lsl #2]; pop {r4, r5, r6, pc}
> 0x000114d6 : str r0, [ip]; str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x0006ec12 : strhlo r2, [r1, r3]; pop {r4, r5}; bx lr
> 0x00018e3a : str r2, [r4]; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x00033752 : str r2, [r5]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x00019ac2 : str ip, [r5]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x00026b92 : str r1, [r6]; add sp, sp, #0x10; pop {r4, r5, r6, pc}
> 0x0003838a : str r2, [fp, #-0x480]; blx r3
> 0x000379ce : str r4, [fp, #-0x464]; blx r3
> 0x0002887e : str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x00021d01 : strh r4, [r7, #0x1a]; movs r7, r0; blx lr
> 0x00064506 : str r4, [r8]; mov r1, r7; mov r0, r8; blx r6
> 0x00022a06 : str lr, [ip]; str r0, [r1]; str r2, [r3]; pop {r4, r5, pc}
> 0x000575ca : strne r4, [r0], #8; strne r0, [r5]; mov r0, r5; pop {r4, r5, r6, pc}
> 0x00016092 : str r2, [r6]; str r3, [r5]; add sp, sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x0005612a : str r1, [fp, #-0x64]; ldr r0, [r3]; blx r7
> 0x0002887a : str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}
> 0x000295be : streq r5, [r3]; strne r0, [r3]; ldr r2, [r4]; str r2, [r3, #4]; pop {r4, r5, r6, pc}
> 0x00057c52 : str r6, [r4, #0xc]; add r3, r3, #1; str r3, [r4, #8]; pop {r4, r5, r6, pc}
> 0x000585d5 : str r4, [r1, r0]; movs r0, r1; ldr r7, [pc, #0x270]; movs r0, r1; blx lr
> 0x0005c2aa : str r5, [r0], #4; addlo r4, r4, #1; mov r0, r4; pop {r4, r5, r6, r7}; bx lr
> 0x0001af16 : strge ip, [r4, #0xc]; str r3, [r4]; mov r0, r6; mov r1, r7; add sp, sp, #8; pop {r4, r6, r7, pc}
> 0x000114c6 : str r7, [r1]; str r1, [r6]; str r2, [r5]; str r2, [r4]; str r0, [ip]; str lr, [r3]; pop {r4, r5, r6, r7, pc}
> 0x0001dbd2 : str r6, [r5, #0xc]; ldr r3, [r5, #8]; add r3, r3, #1; str r3, [r5, #8]; pop {r4, r5, r6, pc}
> 0x00017ad2 : str r3, [r6, #4]; ldr r3, [r5, #0x98]; mov r0, r5; ldr r3, [r3, #0x30]; blx r3
> 0x0002026e : strheq r2, [r7], -r4; ldrdeq r3, r4, [r7], -r0; ldrdeq r0, r1, [r0], -sp; andeq r3, r7, r8, lsl r4; cmp r0, #0; bxeq lr
> 0x0004947a : str r4, [r3, #0x28]; str r1, [r3, #4]; str r1, [r3]; str lr, [r3, #8]; str ip, [r3, #0x20]; pop {r4, pc}
> 0x0002886e : str r3, [r1, #8]; ldr r3, [r0, #8]; str r1, [r0, #4]; str r3, [lr, #4]; str lr, [r0, #8]; str r0, [r2]; pop {r4, pc}

© 2014 - 2019 - Powered by ROPEME | Contact