ROPSHELL 
ropshell> use 52fbcb8af97fb6833dd31f885616dfa0 (download)
name         : libc.so (i386/ELF)
base address : 0x22250
total gadgets: 12486

ropshell> suggest
call
    > 0x00023d87 : call eax
    > 0x00029e7b : call ebx
    > 0x00023e72 : call ecx
    > 0x00025959 : call edx
    > 0x00023e1b : call esi
jmp
    > 0x0003212b : push esp; ret
    > 0x00024137 : jmp eax
    > 0x00060864 : jmp ebx
    > 0x00030845 : jmp ecx
    > 0x00035880 : jmp edx
load mem
    > 0x0007947b : mov eax, [edx]; ret
    > 0x00086d00 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00086d4d : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0010e040 : mov eax, [edx + 8]; and eax, 0x100f; ret
    > 0x00040c31 : mov ebx, [eax + 0x34]; xor eax, eax; ret
load reg
    > 0x00110ddc : pop eax; ret
    > 0x00023614 : pop ebx; ret
    > 0x0004335d : pop ecx; ret
    > 0x0003aca5 : pop edx; ret
    > 0x00023ce9 : pop esi; ret
pop pop ret
    > 0x00110ddc : pop eax; ret
    > 0x0003b4ee : pop ebx; pop edi; ret
    > 0x0010d276 : pop ebp; pop edi; pop ebx; ret
    > 0x0005073a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x00028e1f : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0013d4e4 : add esp, 0x11c; ret
    > 0x0013d4e4 : add esp, 0x11c; ret
    > 0x00176013 : add esp, 0x20; ret
    > 0x00117064 : add esp, 0x3c; ret
    > 0x0010a929 : add esp, 0x4c; ret
stack pivoting
    > 0x0002f2be : xchg eax, esp; ret
    > 0x000272ba : lea esp, [ecx - 4]; ret
    > 0x0003ae23 : mov esp, ecx; jmp edx
    > 0x00041360 : lea esp, [edi - 8]; pop edi; ret
    > 0x0013d0b8 : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
syscall
    > 0x00096609 : call gs:[0x10]; ret
write mem
    > 0x000a62d5 : add [eax], edi; ret
    > 0x00067309 : add [ecx], eax; ret
    > 0x0002b309 : add [ecx], edi; ret
    > 0x0011d90a : add [ecx], ebp; ret
    > 0x00136937 : add [eax + 2], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact