ROPSHELL 
ropshell> use 8594d72bd897b2285864b48f444678b8 (download)
name         : libc-2.24.so (arm/ELF)
base address : 0x16040
total gadgets: 5563

ropshell> suggest "write mem"
> 0x000b46c7 : str r4, [r0]; pop {r3, r4, r5, pc}
> 0x0004a3f5 : str r3, [r1]; pop {r4, pc}
> 0x000ad821 : str r3, [r2]; pop {r3, r4, r5, pc}
> 0x000472f5 : str r5, [r2]; pop {r3, r4, r5, pc}
> 0x000908bf : str r0, [r3]; pop {r3, pc}
> 0x00025f8f : str r1, [r3]; pop {r4, r5, r6, pc}
> 0x000569b1 : str r2, [r3]; pop {r3, pc}
> 0x00096173 : str r4, [r3]; pop {r4, pc}
> 0x0008f851 : str r6, [r3]; pop {r4, r5, r6, pc}
> 0x00078f83 : str r0, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00048541 : str r1, [r4]; pop {r3, r4, r5, pc}
> 0x00086049 : str r2, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000175b3 : str r3, [r4]; pop {r3, r4, r5, pc}
> 0x0008c791 : str r5, [r4]; pop {r3, r4, r5, pc}
> 0x00026bbd : str r3, [r5]; pop {r3, r4, r5, pc}
> 0x000888cf : str r4, [r5]; pop {r3, r4, r5, pc}
> 0x000269c3 : str r6, [r5]; pop {r3, r4, r5, r6, r7, pc}
> 0x00054eaf : str r3, [r6]; pop {r4, r5, r6, pc}
> 0x000593c7 : str r4, [r6]; pop {r4, r5, r6, pc}
> 0x000b270b : str r3, [r7]; pop {r3, r4, r5, r6, r7, pc}
> 0x0004a54d : str r2, [r0]; bx lr
> 0x00016ff5 : str r4, [r1, r2]; pop {r4, pc}
> 0x00023e33 : str r1, [r2, r3]; pop {r3, pc}
> 0x0003f423 : str r6, [r2, r5]; pop {r4, r5, r6, pc}
> 0x0008d1ff : str r6, [r4, r3]; pop {r4, r5, r6, pc}
> 0x00079855 : str r3, [r0, #0x20]; pop {r4, r5, r6, r7, pc}
> 0x00037519 : str r6, [r0]; mov r0, r3; pop {r4, r5, r6, r7, pc}
> 0x000581ff : str r7, [r0, #0x10]; pop {r4, r5, r6, r7, pc}
> 0x000374d7 : str.w lr, [r0]; mov r0, r3; pop {r4, r5, r6, r7, pc}
> 0x00026c8d : strh r7, [r1, #0xe]; pop {r4, r5, r6, r7, pc}
> 0x0002c56d : str.w fp, [r1, #3]; pop {r4, r5, pc}
> 0x000aff7b : str r2, [r5, #0x2c]; pop {r3, r4, r5, r6, r7, pc}
> 0x00055cab : str r7, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00054b1f : str r0, [r6]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0008d67b : str r0, [r7, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00065c09 : str.w r4, [r8]; blx r7
> 0x000964c3 : str.w r2, [r1, r3, lsl #2]; pop {r4, r5, r6, r7, pc}
> 0x0001608f : str r4, [r2]; str r0, [r3]; pop {r4, r5, r6, pc}
> 0x00078e0b : str.w r5, [r3, r1, lsl #2]; pop {r3, r4, r5, pc}
> 0x00064ccf : str r1, [r6]; add sp, #0x10; pop {r4, r5, r6, pc}
> 0x00032cd5 : str r1, [r7, #0x28]; bx r0
> 0x0002c055 : str r6, [r7]; add sp, #0x14; pop {r4, r5, r6, r7, pc}
> 0x000a55c7 : strh.w lr, [sl, #0x7d5]; bx lr
> 0x0002ed1d : str.w r5, [lr, r2, lsl #2]; pop {r4, r5, r6, r7, pc}
> 0x000a64f5 : str.w ip, [r2, r3]; add sp, #0x24; pop {r4, r5, r6, r7, pc}
> 0x0004b1fd : str r0, [r5, #0x14]; mov r0, r6; pop {r3, r4, r5, r6, r7, pc}
> 0x000a9669 : str r5, [r6, #0x2c]; mov r0, r4; pop {r4, r5, r6, pc}
> 0x0008c765 : str r7, [r6, #0x24]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x0007178b : str r4, [r7, r3]; add sp, #0x7c; pop {r4, r5, r6, r7, pc}
> 0x0005816d : str r5, [r0, #0x20]; pop {r4, r5}; bx lr
> 0x000889dd : strh fp, [r3], #-8; movs r0, #9; pop {r3, r4, r5, r6, r7, pc}
> 0x00055bf7 : str r7, [r4, #4]; add sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x00024807 : str r2, [r6, #8]; add sp, #0x11c; pop {r4, r5, r6, r7, pc}
> 0x000a00c5 : str r0, [r1]; movs r0, #0; add sp, #0x10; pop {r4, pc}
> 0x00088a0f : str r6, [r1, #8]; str r3, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0008ec97 : str r0, [r2, #0x58]; mov r0, r7; add sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x0008894d : str r5, [r7, #4]; str r3, [r4, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0002d793 : str r1, [r0, #4]; movs r0, #0; add sp, #0xc; pop {r4, r5, pc}
> 0x00048c6b : str r7, [r3, #4]; movs r3, #0; str.w r3, [r6, #0xa0]; pop {r3, r4, r5, r6, r7, pc}
> 0x00047edb : str.w fp, [sl, #3]; ldr lr, [sp], #4; add sp, #0x10; bx lr
> 0x000889ad : str r7, [r2, #0xc]; str r1, [r2, #0x10]; str r3, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x00018a5d : str r1, [r5, #0x28]; str r2, [r5, #0x2c]; str r3, [r5, #0x30]; pop {r3, r4, r5, r6, r7, pc}
> 0x00026c85 : strh.w lr, [r1, #0xc]; strd r2, r3, [r1, #0x10]; strh r7, [r1, #0xe]; pop {r4, r5, r6, r7, pc}
> 0x000b9043 : str.w r2, [r8, #8]; addw r0, fp, #0x4c4; ldr.w r3, [fp, #0x7f4]; blx r3
> 0x000b2509 : str.w r3, [sl]; ldr r3, [r5, #4]; mov r0, r5; ldr r3, [r3, #0x10]; blx r3
> 0x00038477 : strh r2, [r7, #0x24]; ldr r3, [r6, #0x1c]; mov r2, r4; mov r1, r8; mov r0, fp; blx r3
> 0x00088a09 : str.w lr, [r7, r2]; str r4, [r1, #4]; str r6, [r1, #8]; str r3, [r5, #4]; pop {r3, r4, r5, r6, r7, pc}

© 2014 - 2019 - Powered by ROPEME | Contact