ROPSHELL 
ropshell> use d7cc1c564848c1006ac8597dc961cba6 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x1f000
total gadgets: 19274

ropshell> suggest
call
    > 0x00022674 : call eax
    > 0x00026826 : call ebx
    > 0x00040524 : call ecx
    > 0x000306c3 : call edx
    > 0x0002785b : call esi
jmp
    > 0x0002f96b : push esp; ret
    > 0x0002282c : jmp eax
    > 0x00060e08 : jmp ebx
    > 0x000402fe : jmp ecx
    > 0x00036458 : jmp edx
load mem
    > 0x0007e64b : mov eax, [edx]; ret
    > 0x00176fc0 : mov eax, [edx + 0x154]; ret
    > 0x0008c97b : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0003eed5 : mov ebx, [eax + 0x34]; xor eax, eax; ret
    > 0x00166de1 : mov eax, [ebx]; add esp, 4; pop ebx; pop esi; ret
load reg
    > 0x00133121 : pop eax; ret
    > 0x000238a3 : pop ebx; ret
    > 0x000390dd : pop edx; ret
    > 0x00022399 : pop esi; ret
    > 0x00024c24 : pop edi; ret
pop pop ret
    > 0x00133121 : pop eax; ret
    > 0x0019ef7b : pop ebp; pop ebx; ret
    > 0x000da1d7 : pop eax; pop edi; pop esi; ret
    > 0x0005206a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0002746d : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00148ec4 : add esp, 0x11c; ret
    > 0x00148ec4 : add esp, 0x11c; ret
    > 0x00031d5e : add esp, 0x2c; ret
    > 0x00086f4f : add esp, 0x3c; ret
    > 0x0011fde7 : add esp, 0x4c; ret
stack pivoting
    > 0x0002d2e0 : xchg eax, esp; ret
    > 0x00025ac2 : lea esp, [ecx - 4]; ret
    > 0x0003920f : mov esp, ecx; jmp edx
    > 0x00024c21 : lea esp, [edi - 8]; pop edi; ret
    > 0x00062551 : lea esp, [ebx + edi*8 - 0x49f00001]; ret
syscall
    > 0x0009bf89 : call gs:[0x10]; ret
    > 0x0009b679 : int 0x80; pop ebx; pop esi; pop edi; pop ebp; ret
write mem
    > 0x000c1c9c : add [eax], edx; ret
    > 0x000c1cbc : add [eax], esi; ret
    > 0x000abda5 : add [eax], edi; ret
    > 0x000706be : adc [ecx], eax; ret
    > 0x000243c3 : add [ecx], edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact