ROPSHELL 
ropshell> use 653e7672de38fc29579a647562808a2a (download)
name         : libc-2.31-0ubuntu9.18.so.6 (i386/ELF)
base address : 0x191d0
total gadgets: 16157

ropshell> suggest "load mem"
> 0x0006efcb : mov eax, [edx]; ret
> 0x00125a3b : mov eax, [edx + eax]; ret
> 0x0014fe3b : mov edi, [esi]; jmp ebx
> 0x0007c440 : mov eax, [ecx]; mov [edx], eax; ret
> 0x00172779 : mov eax, [ebx + 0x5e5b4cc4]; pop edi; pop ebp; ret
> 0x0007c48d : mov eax, [ecx + 8]; sub eax, edx; ret
> 0x0015b072 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
> 0x00114727 : mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x0011f889 : mov ebx, [eax]; mov eax, 6; call gs:[0x10]; pop ebx; ret
> 0x000e2b38 : mov edx, [eax]; mov [eax], ecx; mov eax, edx; ret
> 0x000780f3 : mov eax, [esi + 0x10]; pop esi; pop edi; jmp eax
> 0x00070e11 : mov eax, [edi + 0x10]; pop esi; pop edi; jmp eax
> 0x0004408f : mov ecx, [eax + 0x3c]; mov eax, [eax + 0x40]; ret
> 0x00164539 : movzx ecx, [esi + ecx]; sub eax, ecx; pop esi; pop edi; ret
> 0x0010aebd : mov edx, [eax + esi]; pop esi; pop edi; mov eax, edx; ret
> 0x0015c206 : movzx eax, [esi]; mov [edi], al; pop esi; pop edi; pop ebx; ret
> 0x00104994 : mov edx, [esi]; mov [eax], edx; pop ebx; pop esi; pop edi; ret
> 0x00028f33 : mov ebx, [eax + ecx]; mov eax, ebx; pop ebx; pop esi; pop edi; ret
> 0x000c8f34 : mov edx, [ebx + 0xc]; mov [ebx + 0xc], edx; pop ebx; ret
> 0x00107bc0 : mov edx, [ecx + 0x23a8]; add [edx + eax*2], 1; ret
> 0x00133e2b : mov eax, [ebp + 0x3c]; push edi; call [eax + 0x10]
> 0x00134b07 : mov ecx, [edx + 4]; push edx; call [ecx + 0x10]
> 0x001206f3 : mov edx, [edi]; pop ebx; add esi, edx; mov [edi], esi; pop esi; pop edi; ret
> 0x00135904 : mov esi, [edi + 4]; push ecx; push edi; call [esi + 8]
> 0x00114724 : mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x000779c2 : mov edx, [esi + 0x58]; mov [edx + 0x88], ecx; add esp, 4; pop ebx; pop esi; ret
> 0x000311ab : mov ebp, [eax + 0xc]; nop ; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x00134916 : mov eax, [ebx]; mov edx, [eax + 4]; mov [esp], eax; call [edx + 0x10]
> 0x0009bd30 : mov ecx, [esi]; mov [eax + 4], dh; mov [eax], ecx; mov eax, [esp + 8]; pop esi; ret
> 0x00114721 : mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x0012a469 : mov eax, [ebp]; sub esp, 8; mov edx, [eax + 0x20]; push esi; push eax; call [edx + 4]
> 0x00079c75 : mov edx, [edi + 0x20]; sub esp, 4; sub edx, eax; push edx; push eax; push edi; call [ebx + 0x38]
> 0x000311a8 : mov edi, [eax + 8]; mov ebp, [eax + 0xc]; nop ; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x0011471f : mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x000d6253 : mov ebx, [edx + 0xc]; mov [ecx + 0x10], ebx; mov eax, [eax + 0x10]; mov [edx + 0x10], eax; xor eax, eax; pop ebx; ret
> 0x000311a5 : mov esi, [eax + 4]; mov edi, [eax + 8]; mov ebp, [eax + 0xc]; nop ; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x0013738a : mov ebp, [esi + 0x30]; mov eax, [ebp + 0xc]; lea edi, [ebp + 8]; mov [ebp + 8], 0; push 0; push edi; call [eax + 0x14]

© 2014 - 2019 - Powered by ROPEME | Contact