ROPSHELL 
ropshell> use 9a31da11f4ba31123a7487f3f2676af5 (download)
name         : libthread_db-1.0.so (arm/ELF)
base address : 0x1430
total gadgets: 211

ropshell> suggest
jmpcall
    > 0x00001477 : bx r3
    > 0x00001819 : bx r7
    > 0x00002abd : bx ip
    > 0x0000151c : bx lr
    > 0x00001e40 : blx r3
load mem
    > 0x000050c7 : ldr r0, [r3, r0]; bx lr
    > 0x000053c3 : ldr r3, [r5, #0x10]; blx r3
    > 0x000021d6 : ldr r3, [fp, #-0x38]; blx r3
    > 0x0000144a : ldr r2, [r3, r2]; cmp r2, #0; bxeq lr
    > 0x00004fa1 : ldr r0, [pc, #0x10]; add r0, pc; bx lr
pop pop ret
    > 0x000059cb : pop {pc}
    > 0x00004f13 : pop {r1, pc}
    > 0x000017bc : pop {r4, r5, pc}
    > 0x00001878 : pop {r4, r5, r6, pc}
    > 0x00001618 : pop {r4, r5, r6, r7, pc}
stack pivoting
    > 0x000059c9 : mov sp, ip; pop {pc}
write mem
    > 0x00001876 : str r3, [r5]; pop {r4, r5, r6, pc}
    > 0x00005b83 : str r2, [r3]; bx lr
    > 0x00004b8a : str r3, [r2]; add sp, sp, #8; pop {r4, pc}
    > 0x00004886 : strne r3, [r4]; add sp, sp, #0xc; pop {r4, r5, pc}
    > 0x000050f1 : str r7, [r4, #0x14]; blx r3

© 2014 - 2019 - Powered by ROPEME | Contact