ROPSHELL 
ropshell> use 5efa4121a76c377005e2f75c65ead6c4 (download)
name         : bf_libc.so (i386/ELF)
base address : 0x17750
total gadgets: 16814

ropshell> suggest "stack pivoting"
> 0x00018ea7 : xchg eax, esp; ret
> 0x0002bd3f : mov esp, ecx; jmp edx
> 0x0003e7f7 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x00116d13 : xchg esp, esp; add al, 0xfb; call [eax - 0x18]
> 0x00116d13 : xchg esp, esp; add al, 0xfb; call [eax - 0x18]
> 0x000aa4fd : lea esp, [edi + edi*8 - 1]; dec [ecx - 0xa77b]; dec [edi]; xchg eax, esp; ret
> 0x0004fc87 : xchg esp, eax; inc ecx; add [eax], al; mov eax, [ebp - 0x55c]; movzx ebx, bl; add eax, [eax + ebx*4 - 0x5c2a8]; jmp eax
> 0x000f75c6 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x000402ea : mov esp, ebp; push cs; add [eax], al; push edi; push eax; call [ecx + edx*4]
> 0x0002bd87 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact