ROPSHELL 
ropshell> use 836bfe499e852361e13aa20d06ccd506 (download)
name         : libc.my.so (i386/ELF)
base address : 0x190d0
total gadgets: 16787

ropshell> suggest
call
    > 0x000199c1 : call eax
    > 0x0001ef9f : call ebx
    > 0x0001b534 : call ecx
    > 0x00019a41 : call edx
    > 0x0001ac0e : call esi
jmp
    > 0x00079566 : push esp; ret
    > 0x00019cd3 : jmp eax
    > 0x000575ea : jmp ebx
    > 0x0001a4b0 : jmp ecx
    > 0x0002b44f : jmp edx
load mem
    > 0x00068fd7 : mov eax, [edx]; ret
    > 0x00133878 : mov eax, [edx + 4]; ret
    > 0x00075633 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x000e6001 : mov edi, [edx]; inc [ebx + 0x5e5b04c4]; ret
    > 0x00075669 : mov eax, [ecx + 8]; sub eax, edx; ret
load reg
    > 0x000255c7 : pop eax; ret
    > 0x00019705 : pop ebx; ret
    > 0x0002de3c : pop edx; ret
    > 0x00019226 : pop esi; ret
    > 0x0001915b : pop edi; ret
pop pop ret
    > 0x000255c7 : pop eax; ret
    > 0x00154eab : pop ebp; pop ebx; ret
    > 0x000ad1b7 : pop eax; pop edi; pop esi; ret
    > 0x00040aaa : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001d233 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00134a11 : add esp, 0x10; ret
    > 0x00134a11 : add esp, 0x10; ret
    > 0x00163ae2 : add esp, 0x20; ret
    > 0x000f0f60 : add esp, 0x3c; ret
    > 0x000e8365 : add esp, 0x4c; ret
stack pivoting
    > 0x0001a0e2 : xchg eax, esp; ret
    > 0x000dcdff : xchg esp, esp; ret
    > 0x000dcdff : xchg esp, esp; ret
    > 0x0002df0d : mov esp, ecx; jmp edx
    > 0x001395c5 : xchg esp, edi; cmc ; inc [ecx]; ret
syscall
    > 0x000bf9e5 : call gs:[0x10]; ret
write mem
    > 0x00097c2c : add [eax], edx; ret
    > 0x00097c4c : add [eax], esi; ret
    > 0x00082750 : add [eax], edi; ret
    > 0x0005b3b5 : add [ecx], eax; ret
    > 0x0003f612 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact