ROPSHELL 
ropshell> use 823e7e5f56178ced51be076768eca33f (download)
name         : libc.so (i386/ELF)
base address : 0x23150
total gadgets: 13399

ropshell> suggest
call
    > 0x00024cc1 : call eax
    > 0x0002ab5b : call ebx
    > 0x00024dae : call ecx
    > 0x00026779 : call edx
    > 0x00024d57 : call esi
jmp
    > 0x000325b7 : push esp; ret
    > 0x00024f63 : jmp eax
    > 0x000a8264 : jmp ebx
    > 0x00031a2c : jmp ecx
    > 0x000371a0 : jmp edx
load mem
    > 0x0007f217 : mov eax, [edx]; ret
    > 0x0008c847 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0010e2fc : mov eax, [edx + 8]; and eax, 0x100f; ret
    > 0x000411d5 : mov ebx, [eax + 0x34]; xor eax, eax; ret
    > 0x001254b3 : mov ebp, [ecx + 0xc]; nop ; jmp edx
load reg
    > 0x00088ade : pop eax; ret
    > 0x00024486 : pop ebx; ret
    > 0x000462fe : pop ecx; ret
    > 0x0003b85d : pop edx; ret
    > 0x00024b35 : pop esi; ret
pop pop ret
    > 0x00088ade : pop eax; ret
    > 0x0003c041 : pop ebx; pop edi; ret
    > 0x0010d5f2 : pop ebp; pop edi; pop ebx; ret
    > 0x00053d3a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x00029aed : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00133e84 : add esp, 0x11c; ret
    > 0x00133e84 : add esp, 0x11c; ret
    > 0x0017f023 : add esp, 0x20; ret
    > 0x001170f7 : add esp, 0x3c; ret
    > 0x0010ad13 : add esp, 0x4c; ret
stack pivoting
    > 0x00030030 : xchg eax, esp; ret
    > 0x0002808a : lea esp, [ecx - 4]; ret
    > 0x0003b98f : mov esp, ecx; jmp edx
    > 0x00055943 : lea esp, [edi - 8]; pop edi; ret
    > 0x00062d9f : lea esp, [eax]; idiv edi; inc [ecx]; ret
syscall
    > 0x0009bdb5 : call gs:[0x10]; ret
write mem
    > 0x000ab80d : add [eax], edi; ret
    > 0x0006b619 : add [ecx], eax; ret
    > 0x0003640a : add [ecx], edi; ret
    > 0x001028d7 : add [ecx], ebp; ret
    > 0x0012a983 : add [eax + 2], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact