ROPSHELL 
ropshell> use 7ee679cd486c43d6038df705f5ab2636 (download)
name         : rop4 (i386/ELF)
base address : 0x8048300
total gadgets: 7219

ropshell> suggest
call
    > 0x08048ecc : call eax
    > 0x0807faca : call ebx
    > 0x08059da9 : call ecx
    > 0x0804acfb : call edx
    > 0x0807f87e : call esi
jmp
    > 0x08058381 : push esp; ret
    > 0x0805d403 : jmp eax
    > 0x080501f4 : jmp ebx
    > 0x0806e0df : jmp ecx
    > 0x0809ab1f : jmp edx
load mem
    > 0x0806d6b0 : movzx eax, [edx]; pop ebx; ret
    > 0x080c2840 : mov eax, [edx + 0x4c]; ret
    > 0x0808ecf0 : mov eax, [ecx]; pop ebx; pop esi; ret
    > 0x0806d1d8 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x080c0574 : mov ecx, [ebp + 0x5e5bf465]; pop edi; pop ebp; ret
load reg
    > 0x080c28c6 : pop eax; ret
    > 0x0804ccc1 : pop ebx; ret
    > 0x080551ca : pop edx; ret
    > 0x08049f87 : pop esi; ret
    > 0x08049611 : pop edi; ret
pop pop ret
    > 0x080c28c6 : pop eax; ret
    > 0x08048e87 : pop ebx; pop ebp; ret
    > 0x0809b675 : pop ebp; pop esi; pop edi; ret
    > 0x0809b27a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0804b2f4 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x080ab66e : add esp, 0x10; ret
    > 0x080ab66e : add esp, 0x10; ret
    > 0x0809c398 : add esp, 0x20; ret
    > 0x0804a36c : add esp, 0x3c; ret
    > 0x08054b40 : add esp, 0x4c; ret
stack pivoting
    > 0x08049fbc : xchg eax, esp; ret
    > 0x080c2b32 : mov esp, ecx; ret
    > 0x080555cd : mov esp, ebp; pop ebp; ret
    > 0x08048837 : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x0808818d : lea esp, [edi + edi*8 - 1]; jmp [ebx]
syscall
    > 0x08055970 : int 0x80; ret
write mem
    > 0x080896b2 : add [ecx], eax; ret
    > 0x0804b545 : add [ecx], edi; ret
    > 0x080783c1 : add [eax + 0x5f028d02], ecx; ret
    > 0x0807c457 : add [eax + 0x39f47503], ebp; ret
    > 0x080bca02 : add [ebx + 0x4c8b01ef], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact