ROPSHELL 
ropshell> use 7eef6f7895500f017d1f080e77b73233 (download)
name         : lib32-libc.so.6 (i386/ELF)
base address : 0x20290
total gadgets: 18126

ropshell> suggest "stack pivoting"
> 0x0002c513 : xchg eax, esp; ret
> 0x00037341 : mov esp, ecx; jmp edx
> 0x000d87e1 : xchg esp, esi; jmp [esi - 0x70]
> 0x000d85c1 : mov esp, esi; jmp [esi - 0x70]
> 0x00119aef : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x00152c00 : xchg ebx, esp; popal ; stc ; call [eax + 0x53]
> 0x000ffbf3 : xchg ecx, esp; dec ecx; stc ; call [eax - 0x18]
> 0x0002536e : xchg edx, esp; sub edi, ecx; call [eax - 0x18]
> 0x0003a2a7 : xchg esi, esp; das ; stc ; call [eax - 0x18]
> 0x0003ea94 : xchg edi, esp; xor cl, bh; call [eax - 0x73]
> 0x001676bc : xchg esp, eax; mov bl, 0xf9; call [eax - 0x73]
> 0x00176147 : xchg esp, ebx; sahf ; stc ; call [eax - 0x73]
> 0x0012a2a1 : xchg esp, edi; push esi; stc ; call [ebp - 1]
> 0x000df6e7 : lea esp, [esi + edi*8 - 1]; jmp [ebp - 0x5f]
> 0x0004a7a1 : mov esp, edx; mov esi, [edi + 0x3c]; mov edi, [edi + 0x38]; ret
> 0x0006b82b : lea esp, [eax]; idiv edi; dec [ebx - 0x8e77b]; call [ebx - 0x18]
> 0x0012cf83 : lea esp, [edi + edi*8 - 1]; dec [ebx - 0x9f6b]; call [edi + 0x50]
> 0x00130e6c : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x000b30b7 : leave ; add eax, ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact