ROPSHELL 
ropshell> use e3e2a5f3f9ff592c04fc7a79b7a414f2 (download)
name         : libpthread.so.0 (arm/ELF)
base address : 0x58b0
total gadgets: 511

ropshell> suggest "load mem"
> 0x0000613e : ldrne r0, [r2, r3]; pop {r4, pc}
> 0x00008a76 : ldr r0, [pc, r3]; bx lr
> 0x00007432 : ldr r0, [r1, #0x230]; blx r3
> 0x000145da : ldr r0, [r3]; cmp r0, #0; bxeq lr
> 0x000126b2 : ldr r0, [r4, #4]; blx r3
> 0x00010139 : ldrh r4, [r5, r4]; movs r0, r0; blx lr
> 0x0001230a : ldr r3, [pc, r3]; str r1, [r2, r3]; pop {r7, pc}
> 0x00012422 : ldr r2, [r3, #-0x43c]; tst r2, #2; bxne lr
> 0x0001367d : ldr r1, [pc, #0x170]; movs r1, r0; blx lr
> 0x0000742e : ldr r3, [r1, #0x22c]; ldr r0, [r1, #0x230]; blx r3
> 0x0000beae : ldr r3, [r6, #-0x458]; str r3, [r4, #8]; mov r0, r5; pop {r4, r5, r6, pc}
> 0x00014012 : ldr r2, [r0, #4]; add r2, r2, #1; str r2, [r0, #4]; pop {r4, r5, r6, pc}
> 0x0000c15a : ldreq r3, [r0, #4]; addeq r3, r3, #1; streq r3, [r0, #4]; pop {r4, pc}
> 0x000126aa : ldr r8, [r4, #0xc]; ldr r3, [r4]; ldr r0, [r4, #4]; blx r3
> 0x00008a8a : ldr r2, [pc, #0x14]; mov r0, #0; add r2, pc, r2; str r3, [r2]; bx lr
> 0x000115ce : ldr r1, [r2]; ldr r0, [r3, #0x10]; cmp r0, r1; streq r3, [r2, #4]; bx lr
> 0x000104b6 : ldr r2, [r1, r2, lsl #3]; cmp r2, ip; movne r0, #0; strne r0, [r3, #4]; bx lr
> 0x0000742a : ldr r1, [fp, #-0x128]; ldr r3, [r1, #0x22c]; ldr r0, [r1, #0x230]; blx r3
> 0x000124b6 : ldr ip, [r3, #-0x444]; stm r0, {r1, r2}; str ip, [r0, #0xc]; str r0, [r3, #-0x444]; bx lr
> 0x00010e12 : ldrne r3, [r5, #4]; moveq r1, #0x26; ldreq r3, [pc, r3]; strne r3, [r4]; streq r1, [r2, r3]; pop {r4, r5, r6, pc}
> 0x00009d4a : ldr r3, [r4, #0x10]; str r2, [r4, #8]; add r3, r3, #1; str r3, [r4, #0x10]; mov r0, r5; pop {r4, r5, r6, pc}
> 0x0000c152 : ldr r3, [r2, #-0x458]; str r3, [r0, #8]; ldreq r3, [r0, #4]; addeq r3, r3, #1; streq r3, [r0, #4]; pop {r4, pc}
> 0x0001400a : ldr r0, [r5, #0x48]; str r4, [r0, #8]; ldr r2, [r0, #4]; add r2, r2, #1; str r2, [r0, #4]; pop {r4, r5, r6, pc}
> 0x0000911a : ldrhs ip, [r0, #8]; movhs r0, #0; strhs r1, [r3, #0x10]; movlo r0, #0x16; orrhs r2, ip, #8; strhs r2, [r3, #8]; bx lr
> 0x00012366 : ldr r1, [r3, #-0x440]; ldr r2, [r3, #-0x444]; str r1, [r0, #0x108]; str r2, [r0, #0x10c]; str r0, [r3, #-0x440]; bx lr
> 0x00009d46 : ldr r2, [r6, #-0x458]; ldr r3, [r4, #0x10]; str r2, [r4, #8]; add r3, r3, #1; str r3, [r4, #0x10]; mov r0, r5; pop {r4, r5, r6, pc}
> 0x0001240a : ldr r1, [r0, #0x110]; mrc p15, #0, r3, c13, c0, #3; ldr r2, [r0, #0x108]; cmp r1, #0; str r2, [r3, #-0x440]; bxeq lr

© 2014 - 2019 - Powered by ROPEME | Contact