ROPSHELL 
ropshell> use 5bd711a1cc8978ab341e69342d9a50da (download)
name         : hostap-targetd (arm/ELF)
base address : 0x1599c
total gadgets: 2157

ropshell> suggest "write mem"
> 0x0006a816 : strne r3, [r0]; pop {r3, pc}
> 0x00038bee : str r3, [r1]; pop {r4, pc}
> 0x0002c0f6 : str r3, [r2]; pop {r3, r4, r5, pc}
> 0x0004379e : str r2, [r3]; pop {r4, r5, r6, r7, pc}
> 0x0006db4e : str r7, [r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x00050952 : str r3, [r4]; pop {r4, pc}
> 0x00039cde : str r5, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0002755e : str r3, [r5]; pop {r3, r4, r5, pc}
> 0x00065ce2 : str r4, [r5]; pop {r4, r5, r6, pc}
> 0x00038c96 : str r0, [r6]; pop {r4, r5, r6, pc}
> 0x00038c6a : str r3, [r6]; pop {r4, r5, r6, pc}
> 0x00038b1a : str r0, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x00038ae6 : str r3, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x000444fe : str ip, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x0001d2ba : str r1, [r0, #0x574]; pop {r4, r5, r6, pc}
> 0x00032e72 : strne r4, [r0, #0x20c]; pop {r3, r4, r5, pc}
> 0x000234ae : str r5, [r2, #4]; pop {r4, r5, r6, pc}
> 0x00020226 : str r5, [r3, #0x2c]; pop {r4, r5, r6, pc}
> 0x0006af32 : str r0, [r4, #0x14]; pop {r4, pc}
> 0x00027f96 : str r2, [r4, #0x1c4]; pop {r3, r4, r5, pc}
> 0x0006b072 : strne r6, [r4, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x0006b08e : str r7, [r4, #0x28]; pop {r3, r4, r5, r6, r7, pc}
> 0x00038e0e : str r6, [r7]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x00036a52 : str r3, [lr, #0xc]; pop {r3, r4, r5, pc}
> 0x0002c0f2 : str r1, [r3]; str r3, [r2]; pop {r3, r4, r5, pc}
> 0x0003e5ea : streq r1, [r5]; add sp, sp, #0xf4; pop {r4, r5, pc}
> 0x00047f22 : strheq fp, [r8], -ip; cmp r0, #0; bxeq lr
> 0x00037892 : strheq pc, [sl], -r4; cmp r0, #0; bxlt lr
> 0x000236ea : str r0, [r2, #4]; mov r0, #1; bx lr
> 0x0003a396 : str r1, [r4, #0xc]; add sp, sp, #0xc; pop {r4, r5, pc}
> 0x0002406a : str r6, [r5, #0xa4]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x0006617a : str r5, [r6, #0x34]; add sp, sp, #8; pop {r4, r5, r6, pc}
> 0x00034596 : str r2, [r7, #0x4dc]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x00032e6e : strne r5, [r0, #0x208]; strne r4, [r0, #0x20c]; pop {r3, r4, r5, pc}
> 0x0003035a : str ip, [r2, #0x1c]; str r3, [r2, #0x20]; pop {r4, r5, r6, r7, pc}
> 0x00039c5a : strne r4, [r3], #0x10; strne r3, [r0, #8]; pop {r4, pc}
> 0x00066552 : str r0, [r5]; str r3, [r4, #0xe8]; mov r0, r2; pop {r3, r4, r5, r6, r7, pc}
> 0x00023716 : str r1, [ip, #4]; str r1, [r3, #0x584]; bx lr
> 0x000234aa : str r6, [ip, r3, lsl #3]; str r5, [r2, #4]; pop {r4, r5, r6, pc}
> 0x0003f652 : str r5, [r1]; str r3, [r4, #0x94]; add sp, sp, #0x14; pop {r4, r5, pc}
> 0x000405ca : str lr, [r4, #0x44]; ldr r1, [r4, #0x140]; blx r3
> 0x0003058e : str r4, [r6, #4]; mov r0, #0; add sp, sp, #0x18; pop {r4, r5, r6, pc}
> 0x0006da92 : strne r6, [r0]; strne r5, [r0, #4]; strne r4, [r0, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x00023692 : strheq r0, [r8], -r8; ldr r3, [r0, #0x578]; cmp r3, #0; bxeq lr
> 0x0003a392 : str ip, [r4, #8]; str r1, [r4, #0xc]; add sp, sp, #0xc; pop {r4, r5, pc}
> 0x0003d2ee : str r2, [r5, #8]; str r3, [r5, #0xc]; add sp, sp, #0x44; pop {r4, r5, r6, r7, pc}
> 0x0001d2b2 : str r2, [r0, #0x56c]; str r1, [r0, #0x570]; str r1, [r0, #0x574]; pop {r4, r5, r6, pc}
> 0x00050fd2 : str r2, [r1, #4]; str r2, [r3]; mov r0, #1; add sp, sp, #0x400; pop {r4, r5, r6, pc}
> 0x00030356 : str lr, [r2, #0x18]; str ip, [r2, #0x1c]; str r3, [r2, #0x20]; pop {r4, r5, r6, r7, pc}
> 0x00039a3a : strheq r7, [r8], -r0; ldr r3, [pc, #4]; str r0, [r3, #0x10]; bx lr
> 0x000333fd : str r0, [r1, #0x5c]; movs r0, r1; str r0, [r6, #0x5c]; movs r0, r1; blx lr
> 0x0003458e : str r4, [r1, #4]; str r4, [r3]; str r2, [r7, #0x4dc]; add sp, sp, #0x1c; pop {r4, r5, r6, r7, pc}
> 0x00039cce : str r4, [r7]; ldr r3, [r4, #4]; mov r0, #0; add r5, r5, r3; str r5, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0006da8e : strne r7, [r0, #0x38]; strne r6, [r0]; strne r5, [r0, #4]; strne r4, [r0, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x0004ebe6 : strne r0, [r3, #0x50]; strne r1, [r3, #0x58]; strne r2, [r3, #0x54]; mov r0, #0; pop {r4, pc}
> 0x0001d2ae : str ip, [r0, #0x524]; str r2, [r0, #0x56c]; str r1, [r0, #0x570]; str r1, [r0, #0x574]; pop {r4, r5, r6, pc}
> 0x00030352 : str r4, [r2, #0x14]; str lr, [r2, #0x18]; str ip, [r2, #0x1c]; str r3, [r2, #0x20]; pop {r4, r5, r6, r7, pc}
> 0x0001f2ba : str r1, [r7, #0x18]; mov r0, r4; str r4, [r2, r3, lsl #2]; ldr r3, [r7, #0x14]; blx r3
> 0x00069886 : str sl, [r4, #8]; ldr r3, [r3, #0x18]; mov r0, r7; ldr r1, [r4, #0x3c]; mov r2, r5; blx r3
> 0x00064f16 : str r0, [lr, #0x10]; add r1, sp, #0x38; ldr r2, [sp, #0x1c]; mov r3, r5; ldr ip, [r4, #0x24]; ldr r0, [r4, #0x28]; blx ip

© 2014 - 2019 - Powered by ROPEME | Contact