ROPSHELL 
ropshell> use ab8426d9d7c7d99d9cfb27087073ce9b (download)
name         : program (i386/ELF)
base address : 0x8049090
total gadgets: 7017

ropshell> suggest
call
    > 0x08049a40 : call eax
    > 0x080a0033 : call ebx
    > 0x080521ff : call ecx
    > 0x08049a8d : call edx
    > 0x0806eba0 : call esi
jmp
    > 0x080aa346 : push esp; ret
    > 0x08052747 : jmp eax
    > 0x08049979 : jmp ebx
    > 0x0805eaa6 : jmp ecx
    > 0x0804eda9 : jmp edx
load mem
    > 0x080aa2c0 : mov eax, [edx + 0x4c]; ret
    > 0x0809d325 : mov eax, [ebx]; pop ebx; pop esi; ret
    > 0x08090951 : mov eax, [edx]; pop esi; pop edi; ret
    > 0x08057cc8 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x08057cf9 : mov eax, [ecx + 8]; sub eax, edx; ret
load reg
    > 0x080aa336 : pop eax; ret
    > 0x0804d9fa : pop ebx; ret
    > 0x0806fd1b : pop edx; ret
    > 0x0804a978 : pop esi; ret
    > 0x0804a4fa : pop edi; ret
pop pop ret
    > 0x080aa336 : pop eax; ret
    > 0x0805c7ce : pop ebx; pop edi; ret
    > 0x080571a4 : pop eax; pop edx; pop ebx; ret
    > 0x080a067a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x08055737 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x08050125 : add esp, 0x1c; ret
    > 0x08050125 : add esp, 0x1c; ret
    > 0x080a8222 : add esp, 0x20; ret
stack pivoting
    > 0x0804a077 : xchg eax, esp; ret
    > 0x080aa579 : mov esp, ecx; ret
    > 0x080a14d8 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0807ad46 : lea esp, [edx - 3]; call [eax - 1]
    > 0x080839d3 : lea esp, [ebx + edi*8 - 1]; call [ecx + 0x6a]
syscall
    > 0x08070680 : int 0x80; ret
    > 0x08094505 : call gs:[0x10]; ret
write mem
    > 0x0809c910 : add [ecx], edi; ret
    > 0x08066e31 : add [eax + 0x5f028d02], ecx; ret
    > 0x0806e80e : adc [ebx + 0x5e5b04c4], eax; ret
    > 0x080aa4a3 : add [edx + 1], ebp; call eax
    > 0x0805f81b : adc [edx], eax; lea edx, [edx - 0x76790]; cmovne eax, edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact