ROPSHELL 
ropshell> use e745ab563c120e513cd39a44d9b1fcf9 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x1d0f0
total gadgets: 17559

ropshell> suggest
call
    > 0x0001ee8a : call eax
    > 0x000247ea : call ebx
    > 0x00057f7f : call ecx
    > 0x0001ef10 : call edx
    > 0x0001fc3e : call esi
jmp
    > 0x00141f86 : push esp; ret
    > 0x0001f197 : jmp eax
    > 0x00055d0d : jmp ebx
    > 0x00031efd : jmp ecx
    > 0x0001ec58 : jmp edx
load mem
    > 0x00071787 : mov eax, [edx]; ret
    > 0x0007e898 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x0007e8c9 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x000fa96c : mov eax, [edx + 8]; and eax, 0x100f; ret
    > 0x00113932 : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x0002c137 : pop eax; ret
    > 0x00021be2 : pop ebx; ret
    > 0x00034a3c : pop edx; ret
    > 0x0001e775 : pop esi; ret
    > 0x0001d183 : pop edi; ret
pop pop ret
    > 0x0002c137 : pop eax; ret
    > 0x00161c8b : pop ebp; pop ebx; ret
    > 0x000b73b7 : pop eax; pop edi; pop esi; ret
    > 0x000480ba : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x000389f0 : pop ebx; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00049352 : add esp, 0x14; ret
    > 0x00049352 : add esp, 0x14; ret
    > 0x00170a52 : add esp, 0x20; ret
    > 0x000fcfb0 : add esp, 0x3c; ret
    > 0x000f3fa5 : add esp, 0x4c; ret
stack pivoting
    > 0x00055e83 : xchg eax, esp; ret
    > 0x00034b6d : mov esp, ecx; jmp edx
    > 0x00048f58 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0002e86e : mov esp, esp; call [eax - 0x77]
    > 0x000edbb3 : xchg ebx, esp; mov bh, dl; call [eax - 0x18]
syscall
    > 0x00080205 : call gs:[0x10]; ret
write mem
    > 0x000a1d6c : add [eax], edx; ret
    > 0x000a1d8c : add [eax], esi; ret
    > 0x0005aee6 : add [ecx], eax; ret
    > 0x0003a8f2 : add [ecx], edi; ret
    > 0x00065a04 : adc [ecx], ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact