ROPSHELL 
ropshell> use 99438cae5eac2b3a75c86512778522e0 (download)
name         : libc-2.28.so (i386/ELF)
base address : 0x190e0
total gadgets: 17500

ropshell> suggest
call
    > 0x0001ab82 : call eax
    > 0x0001a27d : call ebx
    > 0x0005ae03 : call ecx
    > 0x0001abe7 : call edx
    > 0x0001bd6e : call esi
jmp
    > 0x00137dd6 : push esp; ret
    > 0x0001ae67 : jmp eax
    > 0x0001a85b : jmp ebx
    > 0x0004c672 : jmp ecx
    > 0x0001b603 : jmp edx
load mem
    > 0x0006a227 : mov eax, [edx]; ret
    > 0x00135e00 : mov eax, [edx + 4]; ret
    > 0x00076728 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x00076759 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0010afd2 : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x00026687 : pop eax; ret
    > 0x0001a8b5 : pop ebx; ret
    > 0x0002effc : pop edx; ret
    > 0x0001bf2c : pop esi; ret
    > 0x00019173 : pop edi; ret
pop pop ret
    > 0x00026687 : pop eax; ret
    > 0x0015750b : pop ebp; pop ebx; ret
    > 0x000ae987 : pop eax; pop edi; pop esi; ret
    > 0x00041dba : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001e3c3 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00136fc1 : add esp, 0x10; ret
    > 0x00136fc1 : add esp, 0x10; ret
    > 0x00165d72 : add esp, 0x20; ret
    > 0x000f35f0 : add esp, 0x3c; ret
    > 0x000ea6c5 : add esp, 0x4c; ret
stack pivoting
    > 0x0001b269 : xchg eax, esp; ret
    > 0x0002f12d : mov esp, ecx; jmp edx
    > 0x00042c68 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x00046de0 : xchg esp, eax; test edi, edx; call [eax - 0x73]
    > 0x0011bc8a : xchg esp, edx; mov bl, 0xfa; call [eax - 0x73]
syscall
    > 0x000c14f5 : call gs:[0x10]; ret
write mem
    > 0x00098fec : add [eax], edx; ret
    > 0x0009900c : add [eax], esi; ret
    > 0x00035dc5 : add [eax], edi; ret
    > 0x0005c9d1 : add [ecx], eax; ret
    > 0x00040a30 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact