ROPSHELL 
ropshell> use e3e2a5f3f9ff592c04fc7a79b7a414f2 (download)
name         : libpthread.so.0 (arm/ELF)
base address : 0x58b0
total gadgets: 511

ropshell> suggest
jmpcall
    > 0x000124f0 : bx r2
    > 0x00012590 : bx r3
    > 0x000159a8 : bx ip
    > 0x0001388d : bx sp
    > 0x00005984 : bx lr
load mem
    > 0x0000613e : ldrne r0, [r2, r3]; pop {r4, pc}
    > 0x00008a76 : ldr r0, [pc, r3]; bx lr
    > 0x00007432 : ldr r0, [r1, #0x230]; blx r3
    > 0x000145da : ldr r0, [r3]; cmp r0, #0; bxeq lr
    > 0x000126b2 : ldr r0, [r4, #4]; blx r3
pop pop ret
    > 0x00015c4b : pop {r1, pc}
    > 0x00013f8c : pop {r4, r7, pc}
    > 0x00009d5c : pop {r4, r5, r6, pc}
    > 0x00005ef8 : pop {r4, r5, r6, r7, pc}
syscall
    > 0x00006612 : svc #0; pop {r4, r5, r7, pc}
write mem
    > 0x000090a6 : str ip, [r4]; pop {r4, r5, r7, pc}
    > 0x0001484e : str r1, [r5]; pop {r4, r5, r6, pc}
    > 0x0001041e : str r3, [r5]; pop {r4, r5, r6, pc}
    > 0x000147c2 : str r4, [r5]; pop {r4, r5, r6, pc}
    > 0x00008e52 : str r3, [r1]; bx lr

© 2014 - 2019 - Powered by ROPEME | Contact