ROPSHELL 
ropshell> use 7eef6f7895500f017d1f080e77b73233 (download)
name         : lib32-libc.so.6 (i386/ELF)
base address : 0x20290
total gadgets: 18126

ropshell> suggest
call
    > 0x00021517 : call eax
    > 0x00027283 : call ebx
    > 0x00022916 : call ecx
    > 0x0002cbef : call edx
    > 0x00022566 : call esi
jmp
    > 0x0016e03a : push esp; ret
    > 0x000218c7 : jmp eax
    > 0x0005924e : jmp ebx
    > 0x0003466e : jmp ecx
    > 0x00034402 : jmp edx
load mem
    > 0x000739db : mov eax, [edx]; ret
    > 0x00179b8b : mov edi, [esi]; jmp ebx
    > 0x0007ffd0 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x0008001d : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x00080dd8 : mov eax, [edx + 0x18]; jmp eax
load reg
    > 0x0002ec6b : pop eax; ret
    > 0x0002bf5f : pop ebx; ret
    > 0x000371c4 : pop edx; ret
    > 0x00021479 : pop esi; ret
    > 0x00021e58 : pop edi; ret
pop pop ret
    > 0x0002ec6b : pop eax; ret
    > 0x0018dc0b : pop ebp; pop ebx; ret
    > 0x000c88b7 : pop eax; pop edi; pop esi; ret
    > 0x0004b1aa : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0003b108 : pop ebx; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00143f54 : add esp, 0x11c; ret
    > 0x00143f54 : add esp, 0x11c; ret
    > 0x0019ca65 : add esp, 0x20; ret
    > 0x00117094 : add esp, 0x3c; ret
    > 0x000484de : add esp, 0x42c; ret
stack pivoting
    > 0x0002c513 : xchg eax, esp; ret
    > 0x00037341 : mov esp, ecx; jmp edx
    > 0x000d87e1 : xchg esp, esi; jmp [esi - 0x70]
    > 0x000d85c1 : mov esp, esi; jmp [esi - 0x70]
    > 0x00119aef : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
syscall
    > 0x0008f139 : call gs:[0x10]; ret
write mem
    > 0x000b2e8c : add [eax], edx; ret
    > 0x000b2eac : add [eax], esi; ret
    > 0x000a0af5 : add [eax], edi; ret
    > 0x0005eb25 : add [ecx], eax; ret
    > 0x0003d122 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact