ROPSHELL 
ropshell> use c32d033baa841c18c1b5f5f656ddcdc5 (download)
name         : libnsl.so.1 (arm/ELF)
base address : 0x3aa8
total gadgets: 384

ropshell> suggest
jmpcall
    > 0x00007e24 : bx r3
    > 0x00004710 : bx lr
    > 0x0000dbdc : blx r2
    > 0x000040d0 : blx r3
    > 0x00008494 : blx r4
load mem
    > 0x0000eabf : ldr r0, [r3, r0]; bx lr
    > 0x000059ca : ldr r7, [ip]; blx r7
    > 0x00008492 : ldr r4, [lr]; blx r4
    > 0x0000487e : ldr r8, [lr]; blx r8
    > 0x0000e05a : ldr sl, [lr]; blx sl
pop pop ret
    > 0x0000f3c3 : pop {pc}
    > 0x00003b63 : pop {r3, pc}
    > 0x00004190 : pop {r4, r5, pc}
    > 0x00003c10 : pop {r4, r5, r6, pc}
    > 0x00008419 : pop {r2, r3, r4, r7, pc}
stack pivoting
    > 0x0000f3c1 : mov sp, ip; pop {pc}
write mem
    > 0x00005bfa : str r1, [r2, r3]; pop {r4, pc}
    > 0x0000eced : str r3, [r2]; bx lr
    > 0x0000f57b : str r2, [r3]; bx lr
    > 0x00008602 : str r3, [ip, #0x10]; pop {r4, pc}
    > 0x00008415 : strh r4, [r2, #0x28]; movs r0, r0; pop {r2, r3, r4, r7, pc}

© 2014 - 2019 - Powered by ROPEME | Contact