ROPSHELL 
ropshell> use d371da546786965fe0ee40147ffef716 (download)
name         : libc-2.31-ubuntu-20.04.so (i386/RAW)
base address : 0x0
total gadgets: 15793

ropshell> suggest
call
    > 0x000270b1 : call eax
    > 0x0002703e : call ebx
    > 0x000a162e : call ecx
    > 0x00033ea3 : call edx
    > 0x00028c1e : call esi
jmp
    > 0x0004543d : push esp; ret
    > 0x00026e91 : jmp eax
    > 0x0003dc4d : jmp ebx
    > 0x00084006 : jmp ecx
    > 0x00005153 : jmp edx
load mem
    > 0x00088710 : mov eax, [edx]; ret
    > 0x000e1464 : mov eax, [edi]; ret
    > 0x001ae286 : mov edi, [edx]; ret
    > 0x00105bc1 : mov eax, [edx + 8]; ret
    > 0x000e1415 : mov eax, [edi + 0x20]; ret
load reg
    > 0x0004a550 : pop eax; ret
    > 0x000331ff : pop ebx; ret
    > 0x0009f822 : pop ecx; ret
    > 0x00005182 : pop edx; ret
    > 0x00027529 : pop esi; ret
pop pop ret
    > 0x0004a550 : pop eax; ret
    > 0x000491f7 : pop ebp; pop ebp; ret
    > 0x000256be : pop eax; pop ebx; pop ebp; ret
sp lifting
    > 0x000461a2 : add esp, 0x118; ret
    > 0x000461a2 : add esp, 0x118; ret
    > 0x0004a5c6 : add esp, 0x28; ret
    > 0x0005e9f8 : add esp, 0x38; ret
    > 0x00125a0c : add esp, 0x40; ret
stack pivoting
    > 0x000334ea : xchg eax, esp; ret
    > 0x0005e651 : mov esp, edx; ret
    > 0x001c1a91 : xchg esi, esp; call esp
    > 0x00151841 : push eax; pop ebx; pop ebp; inc ecx; pop esp; ret
    > 0x001dd031 : mov esp, esi; jmp [eax]
write mem
    > 0x000bef4c : adc [ebx], eax; ret
    > 0x0007e4a5 : add [ecx], eax; ret
    > 0x000f3c8b : add [ecx], edi; ret
    > 0x0015377c : adc [edx], ebx; ret
    > 0x00150004 : adc [edx], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact