ROPSHELL 
ropshell> use ba9eca779d087e18484ad6598e7e328e (download)
name         : libc.so.6 (arm/ELF)
base address : 0x15f40
total gadgets: 5455

ropshell> suggest "load mem"
> 0x000480a7 : ldr r0, [r2]; pop {r4, r5, r6, pc}
> 0x00087033 : ldrh.w fp, [r0, r4]; pop {r4, r5, r6, pc}
> 0x000670e7 : ldr.w fp, [sl, r3]; pop {r4, r5, pc}
> 0x00042c83 : ldr r1, [r0, #0x58]; pop {r4, r5, r6, pc}
> 0x00090d6d : ldrh r2, [r0, #0x18]; pop {r4, r5, r6, r7, pc}
> 0x0002656f : ldr r0, [r3, #0x34]; pop {r3, r4, r5, pc}
> 0x00022811 : ldr r4, [r3]; mov r0, r4; pop {r3, r4, r5, r6, r7, pc}
> 0x000a2a5b : ldr r0, [r4, #0x3c]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b4e9d : ldr r1, [r4, #0x58]; pop {r4, r5, r6, pc}
> 0x000959f9 : ldr r0, [r5, #0x24]; pop {r3, r4, r5, r6, r7, pc}
> 0x0009c543 : ldr r6, [r5]; blx r8
> 0x00051595 : ldrh.w fp, [r5, #2]; pop {r4, r5, r6, pc}
> 0x0008b9d3 : ldr r0, [r6, #8]; pop {r3, r4, r5, r6, r7, pc}
> 0x000a9f81 : ldr r4, [r6]; blx r4
> 0x0008b9cf : ldr r0, [r7, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x0004f08f : ldr.w r3, [r8]; blx r3
> 0x0005d183 : ldrh.w fp, [r8, #3]; pop {r4, r5, pc}
> 0x000afba3 : ldr.w r4, [lr]; blx r4
> 0x000aecdb : ldr r5, [pc, #0x50]; pop {r4, r5, r6, r7, pc}
> 0x00052c33 : ldr r6, [pc, #0xa0]; bx r8
> 0x0001687b : ldr r1, [r2]; add r0, pc; blx r3
> 0x0008e04f : ldr r3, [r2, r1]; str r6, [r3]; pop {r4, r5, r6, pc}
> 0x0004848b : ldr r7, [r4, #0x18]; blx r3
> 0x00092cb5 : ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x00055cd7 : ldr r2, [r6]; eors r3, r2; blx r3
> 0x00049665 : ldr r5, [r6, #0x18]; blx r5
> 0x00017ea1 : ldr r1, [r7, #0x2c]; blx r1
> 0x0006ca41 : ldrh.w r2, [r7, r0]; add sp, #0x6c; pop {r4, r5, pc}
> 0x00048955 : ldr r5, [r7, #0xc]; blx r5
> 0x0001f6c1 : ldrh r6, [r7, #0xc]; movs r4, r1; pop {r1, r7, pc}
> 0x000b732f : ldr.w r0, [r8, #0x40]; blx r6
> 0x000b735d : ldr.w r5, [r8, #0x200]; blx r5
> 0x000b6d19 : ldr.w r3, [fp, #0x7f0]; blx r3
> 0x00049191 : ldr.w r5, [fp, #4]; blx r5
> 0x0004935b : ldr.w r7, [fp, #4]; blx r7
> 0x000aa1b9 : ldr.w r5, [lr]; add r2, pc; blx r5
> 0x00048a3d : ldr.w r6, [lr, #0xc]; blx r6
> 0x0002d89d : ldr r0, [pc, #0x18]; add r0, pc; pop {r4, pc}
> 0x00061a71 : ldr r2, [pc, #0x388]; movs r6, r0; pop {r3, pc}
> 0x00038e35 : ldr.w lr, [r3]; eor.w r3, ip, lr; blx r3
> 0x000a51b7 : ldr r2, [r5]; add r4, r2; str r4, [r5]; pop {r4, r5, r6, pc}
> 0x0003ae39 : ldr r1, [r6, r1]; eors r3, r5; blx r3
> 0x0009c53f : ldr.w r8, [r6]; ldr r6, [r5]; blx r8
> 0x000325b5 : ldr.w r1, [fp, r1]; eors r3, r5; blx r3
> 0x000311dd : ldr.w r3, [lr, r3, lsl #2]; blx r3
> 0x000539a5 : ldr r1, [pc, #0x288]; movs r1, r1; bx pc
> 0x0004e839 : ldr.w sl, [r4, #0x18]; mov r7, r2; blx r3
> 0x000aa539 : ldr r1, [r5, #0x10]; mov r0, r4; blx r3
> 0x0004f2fb : ldr r4, [r7, r3]; ldr r3, [r4]; blx r3
> 0x000b73a9 : ldr.w r6, [r8, #0x1fc]; add r3, pc; blx r6
> 0x000b03d5 : ldr r3, [pc, #0xc]; ldr r0, [r2, r3]; pop {r3, pc}
> 0x000b81ca : ldr ip, [pc, #4]; add ip, pc, ip; bx ip
> 0x00049a9f : ldr r4, [r0, #0x6c]; mov r0, r4; add sp, #8; pop {r4, r5, r6, pc}
> 0x000b054a : ldrhhi lr, [r0, #0x8d]!; eorvs r2, lr, r3, asr #7; pop {r0, r1, r3, r5, r7, pc}
> 0x00081a1b : ldr r2, [r1, #0x14]; mov r0, r2; add sp, #0x24; pop {r4, r5, r6, r7, pc}
> 0x00092cb3 : ldr r2, [r4]; ldr r3, [r5, r3]; str r2, [r3]; pop {r4, r5, r6, pc}
> 0x0004511f : ldr r3, [r4]; orr r3, r3, #0x20; str r3, [r4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000b0c7b : ldr r3, [r7]; mov r0, r6; str r3, [r4, #4]; pop {r3, r4, r5, r6, r7, pc}
> 0x000a9d11 : ldr.w r2, [sl]; ldr r3, [r3, #0xc]; blx r3
> 0x000262d9 : ldr.w r2, [r8, r2]; ldr r2, [r2]; eors r3, r2; blx r3
> 0x00072669 : ldr.w r3, [sl, #0x20]; ldr r0, [r2, r4]; blx r3
> 0x0008f231 : ldr r3, [r0]; orr r3, r3, #0x8000; str r3, [r0]; mov sp, r7; pop {r3, r4, r5, r6, r7, pc}
> 0x0009b249 : ldr r5, [r4, #-0x8]; str.w r5, [r7, #0xcc]; blx r3
> 0x000b027b : ldr.w r7, [lr]; add r2, pc; str.w ip, [sp, #0x34]; blx r7
> 0x000b529f : ldr r4, [pc, #0x10]; add r4, pc; ldr r3, [r4]; blx r3
> 0x00042bf3 : ldrsh.w fp, [r2, r2]; ldr lr, [sp], #4; add sp, #0xc; bx lr
> 0x00063bfd : ldr r2, [r3, #8]; adds r2, #1; str r2, [r3, #8]; pop {r3, r4, r5, pc}
> 0x000aa557 : ldr r4, [r1, #0x70]; mov r0, r4; ldr r3, [r3, #0x14]; blx r3
> 0x000495f1 : ldr r6, [r4, #0x58]; ldr r3, [r6, #0x10]; mov r0, r6; blx r3
> 0x00048e25 : ldr.w r8, [r4, #0x58]; ldr.w r3, [r8, #0x10]; mov r0, r8; blx r3
> 0x00048eb9 : ldr.w fp, [r4, #0x58]; ldr.w r3, [fp, #0x10]; mov r0, fp; blx r3
> 0x0002e065 : ldr.w lr, [r4, #0x58]; ldr r4, [r4, #0x30]; mov.w r0, #0; bx lr
> 0x000b0cad : ldr r3, [r6, #0x2c]; movs r2, #0; mov.w r0, #-1; str r2, [r3]; pop {r3, r4, r5, r6, r7, pc}
> 0x000491bb : ldr.w r6, [fp, #0x18]; stm.w r5, {r0, r1}; mov r1, r5; mov r0, fp; blx r6
> 0x000af59d : ldr.w r0, [fp]; ldr r3, [r0, #0x20]; ldr r3, [r3, #0xc]; blx r3
> 0x0008bb07 : ldr r7, [pc, #0]; ite eq; moveq r0, #8; movne r0, #3; add sp, #0x6c; pop {r4, r5, r6, r7, pc}
> 0x00016a83 : ldr r4, [r5, r4]; ldr r4, [r4]; eors r3, r4; add sp, #0x14; pop.w {r4, r5, lr}; bx r3
> 0x00030ea7 : ldr.w r5, [r3, r5, lsl #2]; ldr r3, [r7, #0x6c]; add r3, r2; add r2, r6; blx r5
> 0x000b4f89 : ldr.w r8, [pc, #0xd4]; add r8, pc; ldr.w r3, [r8]; ldr r3, [r3, #0x14]; blx r3
> 0x000168b5 : ldr r5, [r2, r3]; add r4, pc; ldr.w r3, [r4, #0xc8]; ldr r2, [r5]; eors r3, r2; blx r3
> 0x0004b287 : ldr r1, [r3]; ldr r2, [r3, #0xc]; str r1, [r3, #4]; str r2, [r3, #0x10]; pop {r4, pc}
> 0x0004bc6f : ldr.w r7, [r3, #0x98]; mov r1, r0; mov r2, r5; mov r0, r3; ldr r3, [r7, #0x1c]; blx r3
> 0x0008cfa1 : ldr r0, [r1, #0x30]; str r4, [r2, #0x54]; str r3, [r2, #0x5c]; str r0, [r2, #0x58]; mov r0, r7; add sp, #0xc; pop {r4, r5, r6, r7, pc}
> 0x000786c9 : ldr r3, [r1, #4]; movs r0, #0; ldr r2, [r3, #0xc]; ldr r3, [r3, #0x1c]; str r2, [r1, #0xc]; str r3, [r1, #0x1c]; pop {r3, r4, r5, pc}

© 2014 - 2019 - Powered by ROPEME | Contact