ROPSHELL 
ropshell> use 5d959bb15f320bad9400c3d4c4b40089 (download)
name         : libc-2.27.so (arm/ELF)
base address : 0x16d80
total gadgets: 5101

ropshell> suggest "load mem"
> 0x00049bbf : ldr r0, [r2]; pop {r4, r5, r6, pc}
> 0x000498a9 : ldr r0, [r3]; pop {r3, r4, r5, pc}
> 0x00069f8f : ldr.w fp, [lr, r3]; pop {r4, r5, pc}
> 0x0009789b : ldr r1, [r0, #0x58]; pop {r4, pc}
> 0x0002455d : ldrh r2, [r0, #0x18]; pop {r3, pc}
> 0x00030e25 : ldr r6, [r0, #0x58]; pop {r4, r5, r6, pc}
> 0x0006876f : ldr fp, [r0], #-0x48; pop {r3, r4, r5, r6, r7, pc}
> 0x0001fbf5 : ldr r0, [r1, r3]; bx lr
> 0x00022d43 : ldr r4, [r3]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x000a92fd : ldr r0, [r4, #0x3c]; pop {r3, r4, r5, r6, r7, pc}
> 0x000be409 : ldr r1, [r4, #0x58]; pop {r4, r5, r6, pc}
> 0x0009b549 : ldr r0, [r5, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x000908d9 : ldr r0, [r7, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0005fbe3 : ldrh.w fp, [r8, #3]; pop {r4, r5, pc}
> 0x000b8793 : ldr.w r4, [ip]; blx r4
> 0x000b22cf : ldr.w r6, [ip]; blx r6
> 0x000b8b1d : ldr.w r4, [lr]; blx r4
> 0x000440eb : ldr r5, [pc, #0x50]; pop {r4, r5, r6, r7, pc}
> 0x0003a1c3 : ldr.w sl, [r7, #0x34]; bx r1
> 0x00020253 : ldr r7, [pc, #0x3c0]; bx r3
> 0x00046675 : ldr r3, [r0, #0x10]; blx r3
> 0x0005859f : ldr r2, [r1]; eors r3, r2; blx r3
> 0x0009856d : ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x0004ac57 : ldr r6, [r5, #0x18]; blx r6
> 0x0004f495 : ldr r1, [r6, #0x24]; blx r1
> 0x0004a421 : ldr r4, [r6, #0xc]; blx r4
> 0x0004b419 : ldr r5, [r7, #0x18]; blx r5
> 0x000b48db : ldrsh.w r3, [r8]; it ne; movne r0, #1; pop {r3, pc}
> 0x0004aa43 : ldr.w r5, [r8, #0x18]; blx r5
> 0x0004e699 : ldr.w r1, [ip, #0x40]; blx r1
> 0x000b24e3 : ldr.w r5, [ip]; add r2, pc; blx r5
> 0x000b2665 : ldr.w r6, [lr]; add r2, pc; blx r6
> 0x0009818d : ldr r0, [pc, #0x10]; add r0, pc; pop {r3, r4, r5, pc}
> 0x00026ded : ldr r3, [r2]; ldr r0, [r3, #0x34]; pop {r3, r4, r5, pc}
> 0x000687eb : ldr r2, [r5, r2]; strd r3, r3, [r2]; pop {r3, r4, r5, r6, r7, pc}
> 0x00047965 : ldr.w ip, [r5]; eor.w r3, r3, ip; blx r3
> 0x0002ff61 : ldrh r0, [r6, #0x3e]; mov r0, r1; bx lr
> 0x0002d177 : ldr.w ip, [r6]; eor.w r3, r3, ip; blx r3
> 0x000b49df : ldrsh fp, [r6], #-8; movs r0, #0; pop {r3, r4, r5, pc}
> 0x00036c3f : ldr.w r6, [r7, r6, lsl #2]; blx r6
> 0x0004fb1f : ldr.w ip, [r7]; eor.w r3, r3, ip; blx r3
> 0x00032c9f : ldr.w r2, [ip, r2, lsl #2]; blx r2
> 0x00031b8f : ldr.w sl, [ip, r6, lsl #2]; blx sl
> 0x000944a1 : ldr.w r2, [fp, #0x300]; str r3, [r4]; pop {r4, pc}
> 0x0003a403 : ldr r1, [r7, #0x60]; mov r0, r8; blx r3
> 0x00020959 : ldr.w r2, [r8, #0xa4]; eors r2, r1; blx r2
> 0x000759dd : ldr.w r3, [sl, #0x10]; mov r0, r6; blx r3
> 0x00049ff3 : ldr.w r3, [fp, #0xa4]; mov r0, r6; blx r3
> 0x000b9191 : ldr r3, [pc, #0xc]; ldr r0, [r2, r3]; pop {r3, pc}
> 0x000c3a62 : ldr ip, [pc, #4]; add ip, pc, ip; bx ip
> 0x0009856b : ldr r2, [r4]; ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x000469b3 : ldr r3, [r4]; orr r3, r3, #0x20; str r3, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b9b5f : ldr r3, [r7]; mov r0, r6; str r3, [r4, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0004b15d : ldr.w r7, [fp, #4]; it ls; movls r4, sl; blx r7
> 0x0003472b : ldr.w r0, [ip, #0x14c]; add r0, lr; orr r0, r0, #1; bx r0
> 0x000b9017 : ldr.w r8, [ip]; add r2, pc; str.w lr, [sp, #0x38]; blx r8
> 0x0003a791 : ldr r1, [pc, #0x22c]; add r1, pc; orr r1, r1, #1; bx r1
> 0x000247c7 : ldr r4, [pc, #0]; vmov r3, s0; and r0, r3, #0x80000000; bx lr
> 0x00044a19 : ldr r2, [r3, #4]; adds r2, #1; str r2, [r3, #4]; pop {r3, r4, r5, pc}
> 0x000bb145 : ldrh r4, [r1, #0x38]; movs r3, r0; lsls r0, r1, #5; movs r0, r0; bx lr
> 0x0004ac23 : ldr r5, [r4, #0x58]; ldr r3, [r5, #0x10]; mov r0, r5; blx r3
> 0x0004b3f1 : ldr r7, [r4, #0x58]; ldr r3, [r7, #0x10]; mov r0, r7; blx r3
> 0x0004aa0f : ldr.w r8, [r4, #0x58]; ldr.w r3, [r8, #0x10]; mov r0, r8; blx r3
> 0x0002ef05 : ldr.w lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov.w r0, #0; bx lr
> 0x00021197 : ldr r2, [r6]; ldr r0, [pc, #0xfc]; eors r3, r2; add r0, pc; blx r3
> 0x000b9b8f : ldr r3, [r6, #0x2c]; movs r2, #0; mov.w r0, #-1; str r2, [r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000394e1 : ldr r4, [r7, #0x54]; ldr.w r0, [r7, #0x80]; mov r2, r4; blx r3
> 0x00030a47 : ldrh r4, [r0, r4]; it lo; addlo r4, #1; mov r0, r4; pop {r4, r5, r6, r7}; bx lr
> 0x000af1e5 : ldr r1, [r2, r3]; str r4, [r2, r3]; str r1, [r4, #0x10]; mov r0, r4; pop {r3, r4, r5, pc}
> 0x000687e7 : ldr r1, [r5, r1]; str r0, [r1]; ldr r2, [r5, r2]; strd r3, r3, [r2]; pop {r3, r4, r5, r6, r7, pc}
> 0x0008e771 : ldr r4, [r5, #0x24]; movs r2, #2; ldr r0, [r5, #0xc]; blx r4
> 0x000b7491 : ldr r2, [r7]; ldr r3, [r5, #8]; str.w r2, [sp, #0x41c]; blx r3
> 0x000955fb : ldr r2, [pc, #0x18]; adds r3, #4; add r2, pc; str r3, [r2, #0x14]; pop {r4, pc}
> 0x000a0f1b : ldr r6, [r4, #-0x8]; str.w r3, [r7, #0xcc]; str.w r6, [r7, #0xd8]; blx r5
> 0x000b1ff9 : ldr.w r0, [r8]; mov r1, r4; ldr r3, [r0, #0x20]; ldr r3, [r3, #4]; blx r3
> 0x00017001 : ldr r5, [r2, r3]; add r4, pc; ldr.w r3, [r4, #0xc4]; ldr r2, [r5]; eors r3, r2; blx r3
> 0x0004d291 : ldr r1, [r3]; ldr r2, [r3, #0xc]; str r1, [r3, #4]; str r2, [r3, #0x10]; pop {r4, pc}
> 0x000bf931 : ldr r6, [pc, #0x9c]; add r4, pc; add r6, pc; ldr r3, [r4]; ldr r3, [r3, #0x14]; blx r3
> 0x000b86c5 : ldr r6, [r3, #4]; mov r0, r3; add r2, sp, #0xc; movs r1, #0xd; ldr r3, [r6, #0x14]; blx r3
> 0x0007bfb3 : ldr r3, [r1, #4]; movs r0, #0; ldr r2, [r3, #0xc]; ldr r3, [r3, #0x1c]; str r2, [r1, #0xc]; str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}

© 2014 - 2019 - Powered by ROPEME | Contact