ROPSHELL 
ropshell> use 8594d72bd897b2285864b48f444678b8 (download)
name         : libc-2.24.so (arm/ELF)
base address : 0x16040
total gadgets: 5563

ropshell> suggest "load mem"
> 0x000486f3 : ldr r0, [r2]; pop {r4, r5, r6, pc}
> 0x000483cd : ldr r0, [r3]; pop {r3, r4, r5, pc}
> 0x0006833f : ldr.w fp, [r8, r3]; pop {r4, r5, pc}
> 0x0004300f : ldr r1, [r0, #0x58]; pop {r4, r5, r6, pc}
> 0x00023e0d : ldrh r2, [r0, #0x18]; pop {r3, pc}
> 0x000b3791 : ldrsh.w r4, [r1, #0x638]; pop {r3, r4, r5, r6, r7, pc}
> 0x00022685 : ldr r4, [r3]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x000a486f : ldr r0, [r4, #0x3c]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b70e9 : ldr r1, [r4, #0x58]; pop {r4, r5, r6, pc}
> 0x00097179 : ldr r0, [r5, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x0008d6c3 : ldr r0, [r6, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x000ac0a5 : ldr r4, [r6]; blx r4
> 0x0008d6bf : ldr r0, [r7, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000ad227 : ldrh.w r4, [r8, #0x620]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b20d9 : ldr.w r4, [ip]; blx r4
> 0x000b1e17 : ldr.w r4, [lr]; blx r4
> 0x000b0f4f : ldr r5, [pc, #0x50]; pop {r4, r5, r6, r7, pc}
> 0x00053ddb : ldr r6, [pc, #0xa0]; bx r8
> 0x000164b7 : ldr r1, [r2]; add r0, pc; blx r3
> 0x0008f84f : ldr r3, [r2, r1]; str r6, [r3]; pop {r4, r5, r6, pc}
> 0x00048b27 : ldr r7, [r4, #0x18]; blx r3
> 0x0004eb85 : ldr r1, [r5, #0x24]; blx r1
> 0x000944a9 : ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x0004dd25 : ldr r1, [r6, #0x24]; blx r1
> 0x00020c93 : ldr r2, [r6]; eors r3, r2; blx r3
> 0x00049e93 : ldr r5, [r6, #0x18]; blx r5
> 0x0008536f : ldr r1, [r7, #0x2c]; blx r5
> 0x0004901f : ldr r5, [r7, #0xc]; blx r5
> 0x000b9591 : ldr.w r0, [r8, #0x40]; blx r6
> 0x000b95c1 : ldr.w r5, [r8, #0x200]; blx r5
> 0x000b8f51 : ldr.w r3, [fp, #0x7f0]; blx r3
> 0x0004995b : ldr.w r5, [fp, #4]; blx r5
> 0x00049b81 : ldr.w r7, [fp, #4]; blx r7
> 0x000ac2df : ldr.w r5, [lr]; add r2, pc; blx r5
> 0x000ac423 : ldr.w r6, [lr]; add r2, pc; blx r6
> 0x0002d725 : ldr r0, [pc, #0x18]; add r0, pc; pop {r4, pc}
> 0x000a7061 : ldr r2, [r5]; add r4, r2; str r4, [r5]; pop {r4, r5, r6, pc}
> 0x00035ddf : ldr.w r6, [r7, r6, lsl #2]; blx r6
> 0x000324b5 : ldr.w r1, [r8, r1]; eors r3, r5; blx r3
> 0x00031b33 : ldr.w r2, [lr, r2, lsl #2]; blx r2
> 0x000732f9 : ldr.w r3, [sl, #0x10]; mov r0, r8; blx r3
> 0x00057c8a : ldrne r1, [pc, #4]; add r0, r1, pc; bx lr
> 0x000b2651 : ldr r3, [pc, #0xc]; ldr r0, [r2, r3]; pop {r3, pc}
> 0x000ba41a : ldr ip, [pc, #4]; add ip, pc, ip; bx ip
> 0x000b27c6 : ldrhhi lr, [r0, #0x8d]!; eorvs r2, lr, r3, asr #7; pop {r0, r1, r3, r5, r7, pc}
> 0x0008372b : ldr r2, [r1, #0x14]; mov r0, r2; add sp, #0x24; pop {r4, r5, r6, r7, pc}
> 0x0007028d : ldr.w r1, [r3, #0x7c0]; adds r7, #0x20; mov sp, r7; pop {r4, r5, r7, pc}
> 0x000944a7 : ldr r2, [r4]; ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x000454cf : ldr r3, [r4]; orr r3, r3, #0x20; str r3, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00030c7d : ldr.w r6, [r5, r6, lsl #2]; add r2, r8; blx r6
> 0x000b2ee3 : ldr r3, [r7]; mov r0, r6; str r3, [r4, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000abe37 : ldr.w r2, [sl]; ldr r3, [r3, #0xc]; blx r3
> 0x0004f773 : ldr.w sl, [r0, #0x18]; mov r0, fp; mov r7, r2; blx r3
> 0x000ab95f : ldrsh fp, [r6], #-0x10; movs r0, #0; add sp, #0xc; pop {r4, r5, pc}
> 0x000261c9 : ldr.w r2, [r8, r2]; ldr r2, [r2]; eors r3, r2; blx r3
> 0x00090a21 : ldr r3, [r0]; orr r3, r3, #0x8000; str r3, [r0]; mov sp, r7; pop {r3, r4, r5, r6, r7, pc}
> 0x0009cb31 : ldr r6, [r4, #-0x8]; str.w r6, [r7, #0xd4]; blx r3
> 0x000851b3 : ldr r4, [r7, #0x18]; ldr r0, [r7, #0x34]; blx r4
> 0x0009cbf3 : ldr.w r4, [sl, #0xc]; str.w r4, [r7, #0xc8]; blx r3
> 0x00032c3d : ldr.w r1, [lr, #0x14c]; add r0, r1; orr r0, r0, #1; bx r0
> 0x000b24f3 : ldr.w r7, [lr]; add r2, pc; str.w ip, [sp, #0x34]; blx r7
> 0x000b74eb : ldr r4, [pc, #0x10]; add r4, pc; ldr r3, [r4]; blx r3
> 0x00064ead : ldr r2, [r3, #8]; adds r2, #1; str r2, [r3, #8]; pop {r4, r5, r6, pc}
> 0x000b95bb : ldr.w r8, [r5, lr]; add r3, pc; ldr.w r5, [r8, #0x200]; blx r5
> 0x00049591 : ldr r5, [r4, #0x58]; ldr r3, [r5, #0x10]; mov r0, r5; blx r3
> 0x00049657 : ldr.w fp, [r4, #0x58]; ldr.w r3, [fp, #0x10]; mov r0, fp; blx r3
> 0x0002dec5 : ldr.w lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov.w r0, #0; bx lr
> 0x000b2f15 : ldr r3, [r6, #0x2c]; movs r2, #0; mov.w r0, #-1; str r2, [r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000498f9 : ldr.w r6, [fp, #0x18]; stm.w r5, {r0, r1}; mov r1, r5; mov r0, fp; blx r6
> 0x000572cf : ldr r2, [pc, #0x24]; add r2, pc; str r4, [r2]; mov r4, r3; mov r0, r4; pop {r3, r4, r5, pc}
> 0x0002fb27 : ldrh r4, [r0, r4]; it lo; addlo r4, #1; mov r0, r4; pop {r4, r5, r6, r7}; bx lr
> 0x000af923 : ldr.w r0, [fp]; ldr r3, [r0, #0x20]; ldr r3, [r3, #0xc]; blx r3
> 0x0008d7f7 : ldr r7, [pc, #0]; ite eq; moveq r0, #8; movne r0, #3; add sp, #0x6c; pop {r4, r5, r6, r7, pc}
> 0x000166c3 : ldr r4, [r5, r4]; ldr r4, [r4]; eors r3, r4; add sp, #0x14; pop.w {r4, r5, lr}; bx r3
> 0x00034293 : ldr.w r3, [r8, #0x530]; str.w r0, [r4, r6, lsl #2]; mov r0, r5; add sp, #8; pop {r4, r5, r6, pc}
> 0x000b71d5 : ldr.w r8, [pc, #0xd4]; add r8, pc; ldr.w r3, [r8]; ldr r3, [r3, #0x14]; blx r3
> 0x000164f1 : ldr r5, [r2, r3]; add r4, pc; ldr.w r3, [r4, #0xc8]; ldr r2, [r5]; eors r3, r2; blx r3
> 0x00087663 : ldr r2, [r7, r2]; add r3, pc; ldr.w r3, [r3, #0x90]; ldr r2, [r2]; eors r3, r2; blx r3
> 0x000b1d57 : ldr r5, [r3, #4]; mov r0, r3; add r2, sp, #0xc; movs r1, #0xd; ldr r3, [r5, #0x14]; blx r3
> 0x00025f25 : ldr r7, [r3, #0xc]; ldr r2, [r4, r2]; ldr r0, [r3, #0x10]; ldr r3, [r2]; eors r3, r7; blx r3
> 0x0008ec91 : ldr r0, [r1, #0x30]; str r4, [r2, #0x54]; str r3, [r2, #0x5c]; str r0, [r2, #0x58]; mov r0, r7; add sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x00079f4d : ldr r3, [r1, #4]; movs r0, #0; ldr r2, [r3, #0xc]; ldr r3, [r3, #0x1c]; str r2, [r1, #0xc]; str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}

© 2014 - 2019 - Powered by ROPEME | Contact