ROPSHELL 
ropshell> use 7e8e9633541fc0f4be32db9586e8a64e (download)
name         : libc.so.6 (i386/RAW)
base address : 0x0
total gadgets: 28734

ropshell> suggest
call
    > 0x000232d3 : call eax
    > 0x00028f0b : call ebx
    > 0x000233be : call ecx
    > 0x00024b60 : call edx
    > 0x0000856c : call esi
jmp
    > 0x000309e7 : push esp; ret
    > 0x00008cbf : jmp eax
    > 0x0004ebf7 : jmp ebx
    > 0x0000a1f7 : jmp ecx
    > 0x0000a197 : jmp edx
load mem
    > 0x00075ff7 : mov eax, [edx]; ret
    > 0x001f0124 : mov ecx, [edx]; ret
    > 0x001ac906 : mov edi, [edx]; ret
    > 0x000701d5 : mov ecx, [edi]; inc esp; ret
    > 0x00082428 : mov eax, [ecx]; mov [edx], eax; ret
load reg
    > 0x00080c9e : pop eax; ret
    > 0x0002dc2b : pop ebx; ret
    > 0x00177093 : pop ecx; ret
    > 0x000076d2 : pop edx; ret
    > 0x00023235 : pop esi; ret
pop pop ret
    > 0x00080c9e : pop eax; ret
    > 0x0018a07b : pop ebp; pop ebx; ret
    > 0x000cb437 : pop eax; pop edi; pop esi; ret
    > 0x0004d2ba : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x00027f1e : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00145894 : add esp, 0x11c; ret
    > 0x00145894 : add esp, 0x11c; ret
    > 0x00199c11 : add esp, 0x20; ret
    > 0x00119b40 : add esp, 0x3c; ret
    > 0x0010d0b5 : add esp, 0x4c; ret
stack pivoting
    > 0x0002e2a0 : xchg eax, esp; ret
    > 0x00038f9d : mov esp, ecx; jmp edx
    > 0x00133142 : xchg esp, esi; jmp [esi - 0x70]
    > 0x001331a2 : mov esp, esi; jmp [esi - 0x70]
    > 0x0004e138 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
syscall
    > 0x00091465 : call gs:[0x10]; ret
write mem
    > 0x000b50ac : add [eax], edx; ret
    > 0x000b50cc : add [eax], esi; ret
    > 0x0009f94d : add [eax], edi; ret
    > 0x00065918 : add [ecx], eax; ret
    > 0x00033be0 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact