ROPSHELL 
ropshell> use 7f2a49d0fdae805a08ee3b36ca235903 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x177f0
total gadgets: 18590

ropshell> suggest
call
    > 0x0001829d : call eax
    > 0x0001c02c : call ebx
    > 0x00017d01 : call ecx
    > 0x00021f65 : call edx
    > 0x000195de : call esi
jmp
    > 0x001206f6 : push esp; ret
    > 0x000185c3 : jmp eax
    > 0x0004a735 : jmp ebx
    > 0x00018e8c : jmp ecx
    > 0x00029aac : jmp edx
load mem
    > 0x000609d7 : mov eax, [edx]; ret
    > 0x0011e8d0 : mov eax, [edx + 4]; ret
    > 0x0006ca39 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x0006ca69 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x000f7dff : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x00023d97 : pop eax; ret
    > 0x00017fd5 : pop ebx; ret
    > 0x000b5e87 : pop ecx; ret
    > 0x0002bb3c : pop edx; ret
    > 0x00017b36 : pop esi; ret
pop pop ret
    > 0x00023d97 : pop eax; ret
    > 0x0013cdeb : pop ebp; pop ebx; ret
    > 0x000a0827 : pop eax; pop edi; pop esi; ret
    > 0x0003d6ca : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001cc17 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00077031 : add esp, 0x100; ret
    > 0x00077031 : add esp, 0x100; ret
    > 0x00018a85 : add esp, 0x24; ret
    > 0x000d610f : add esp, 0x3c; ret
    > 0x00113c20 : add esp, 0x4c; ret
stack pivoting
    > 0x00018af7 : xchg eax, esp; ret
    > 0x0002bc0d : mov esp, ecx; jmp edx
    > 0x0003e557 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x00041027 : xchg esp, ecx; fsqrt ; call [eax + 0x68]
    > 0x000ce654 : xchg esp, esi; idiv edx; call [eax - 0x18]
syscall
    > 0x000b1d45 : call gs:[0x10]; ret
write mem
    > 0x000902fc : add [eax], edx; ret
    > 0x0009031c : add [eax], esi; ret
    > 0x0007abf8 : add [eax], edi; ret
    > 0x0003b912 : add [ecx], eax; ret
    > 0x00094d85 : adc [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact