ROPSHELL 
ropshell> use 5efa4121a76c377005e2f75c65ead6c4 (download)
name         : bf_libc.so (i386/ELF)
base address : 0x17750
total gadgets: 16814

ropshell> suggest
call
    > 0x000a5fc7 : call [edi - 0x77]; ret
    > 0x0001865e : call eax
    > 0x0001d5a1 : call ebx
    > 0x000181ad : call ecx
    > 0x00022354 : call edx
jmp
    > 0x000da118 : push esp; ret
    > 0x00029cf2 : jmp eax
    > 0x000559e1 : jmp ebx
    > 0x00019234 : jmp ecx
    > 0x00029f09 : jmp edx
load mem
    > 0x00060d27 : mov eax, [edx]; ret
    > 0x000fccb4 : mov ebx, [eax]; ret
    > 0x00105927 : mov eax, [edx + eax]; ret
    > 0x0006bf99 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x0006bfc9 : mov eax, [ecx + 8]; sub eax, edx; ret
load reg
    > 0x0002406e : pop eax; ret
    > 0x00018395 : pop ebx; ret
    > 0x000b5377 : pop ecx; ret
    > 0x0002bc6d : pop edx; ret
    > 0x00017828 : pop esi; ret
pop pop ret
    > 0x0002406e : pop eax; ret
    > 0x0013bb6b : pop ebp; pop ebx; ret
    > 0x000a0327 : pop eax; pop edi; pop esi; ret
    > 0x0003da0a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001cda7 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00076991 : add esp, 0x100; ret
    > 0x00076991 : add esp, 0x100; ret
    > 0x00018e35 : add esp, 0x24; ret
    > 0x000d502f : add esp, 0x3c; ret
    > 0x00112e70 : add esp, 0x4c; ret
stack pivoting
    > 0x00018ea7 : xchg eax, esp; ret
    > 0x0002bd3f : mov esp, ecx; jmp edx
    > 0x0003e7f7 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x00116d13 : xchg esp, esp; add al, 0xfb; call [eax - 0x18]
    > 0x00116d13 : xchg esp, esp; add al, 0xfb; call [eax - 0x18]
syscall
    > 0x000b1265 : call gs:[0x10]; ret
write mem
    > 0x000f7b3c : add [eax], ecx; ret
    > 0x0008fcfc : add [eax], edx; ret
    > 0x0008fd1c : add [eax], esi; ret
    > 0x0007a3a8 : add [eax], edi; ret
    > 0x00052aac : add [ecx], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact