------------------------------------------ [*] findjmp3.c - t1g3r @t sapheads d.t org ------------------------------------------ [+] CPU: GenuineIntel (type:0xb) [+] Searching for chunks for ROP.. c3 c3 c3 ------------------------------------------ [+] LIBC lib @ 0xb7772000 [+] LIBC path: /lib/tls/i686/cmov/libc.so.6 [+] Segment: 0xb7772000 (0x13dc60) - [add [] eax] [ret] @ 0xb7772764 - [pop ecx] [ret] @ 0xb7773350 - [push esp] [ret] @ 0xb7773c54 - [pop edx] [ret] @ 0xb77757ec - [cmp **** al] [ret] @ 0xb777d4cc - [pop edi] [ret] @ 0xb777f4c2 - [pop edi] [pop edi] [ret] @ 0xb7780bd9 - [pop edi] [ret] @ 0xb77813e4 - [pop edi] [pop edi] [ret] @ 0xb7781838 - [push ****] [push ****] [ret] @ 0xb7781a05 - [pop edi] [pop edi] [ret] @ 0xb7781b8a - [pop edi] [pop edi] [ret] @ 0xb77837cf - [pop edi] [ret] @ 0xb7783d01 - [pop edi] [pop edi] [ret] @ 0xb7783e4a - [push ****] [ret] @ 0xb7783ec6 - [pop edi] [ret] @ 0xb77840a4 - [add [] ebx] [ret] @ 0xb7789461 - [add [] eax] [ret] @ 0xb7789741 - [pop esp] [ret] @ 0xb77897c7 - [push ebp] [ret] @ 0xb77899bc - [push esi] [ret] @ 0xb778a043 - [mov eax (esp)] [ret] @ 0xb778a269 - [push ebp] [ret] @ 0xb778a300 - [add [] eax] [ret] @ 0xb778a56b - [push ebp] [ret] @ 0xb778aefd - [sub * esp] [ret] @ 0xb778af61 - [sub * esp] [ret] @ 0xb778b0c5 - [add [] eax] [ret] @ 0xb778c502 - [mov eax edi] [ret] @ 0xb778d589 - [push ****] [ret] @ 0xb778eb98 - [push ebx] [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb778f7a0 - [mov eax (esp)] [ret] @ 0xb778fea4 - [add [] eax] [ret] @ 0xb77930a3 - [add [] eax] [ret] @ 0xb779517b - [push ebp] [ret] @ 0xb7795207 - [add [] eax] [ret] @ 0xb77952cc - [push ****] [ret] @ 0xb7799187 - [mov eax edi] [push ****] [ret] @ 0xb779c4ba - [pop ebx] [ret] @ 0xb779e784 - [mov eax (esp)] [ret] @ 0xb77a0954 - [push ebp] [ret] @ 0xb77a0d64 - [mov eax edi] [ret] @ 0xb77a1002 - [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77a1370 - [pop ebp] [ret] @ 0xb77a1b24 - [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77a1bf0 - [push ecx] [ret] @ 0xb77a1c5f - [add [] ebx] [ret] @ 0xb77a1d29 - [mov eax (esp)] [ret] @ 0xb77a1fe0 - [mov esp ebp] [push ebp] [ret] @ 0xb77a21d0 - [add [] ebx] [ret] @ 0xb77a2439 - [mov eax, 0x8(esp)] [ret] @ 0xb77a259a - [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77a2610 - [push ebp] [ret] @ 0xb77a28e6 - [xor eax eax] [ret] @ 0xb77a31bf - [pop ebx] [pop esp] [ret] @ 0xb77a3223 - [push esp] [ret] @ 0xb77a3618 - [push esp] [ret] @ 0xb77a39ef - [cmp * al] [ret] @ 0xb77a4a56 - [cmp eax ecx] [ret] @ 0xb77a6201 - [add [] eax] [ret] @ 0xb77a6b31 - [push esp] [ret] @ 0xb77a6c84 - [cmp * al] [ret] @ 0xb77a6ecb - [push esp] [ret] @ 0xb77a7413 - [sub * esp] [push ebx] [mov eax esi] [push esi] [ret] @ 0xb77a8666 - [push esp] [ret] @ 0xb77a92e1 - [cmp * al] [ret] @ 0xb77a9732 - [push esp] [ret] @ 0xb77acd25 - [mov esp ebp] [push ebp] [ret] @ 0xb77ad360 - [push ebp] [ret] @ 0xb77adfa7 - [cmp * al] [ret] @ 0xb77b0824 - [push eax] [ret] @ 0xb77b4733 - [cmp * al] [ret] @ 0xb77b5795 - [push ebp] [ret] @ 0xb77b5cc6 - [cmp **** al] [pop esp] [ret] @ 0xb77b6b1a - [push ecx] [ret] @ 0xb77b7a0b - [push ****] [ret] @ 0xb77bb2bc - [add [] eax] [ret] @ 0xb77bb862 - [push ebp] [ret] @ 0xb77bc893 - [mov eax (esp)] [ret] @ 0xb77bc9a3 - [add [] eax] [ret] @ 0xb77bcc01 - [push esp] [ret] @ 0xb77bcc60 - [pop eax] [ret] @ 0xb77bcce4 - [mov (eax) eax] [ret] @ 0xb77bd334 - [mov [ ] edi] [ret] @ 0xb77bda27 - [mov esp ebp] [push ebp] [ret] @ 0xb77c0b60 - [pop edx] [ret] @ 0xb77c3a98 - [push ebp] [ret] @ 0xb77c3b8f - [push esp] [ret] @ 0xb77c4e8c - [push esp] [ret] @ 0xb77ccbe7 - [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77cd9b0 - [cmp * al] [ret] @ 0xb77ce35b - [mov esp ebp] [push ebp] [ret] @ 0xb77cfcd0 - [pop ebp] [ret] @ 0xb77cfcdd - [add [] ebx] [ret] @ 0xb77d06e9 - [cmp * al] [push esi] [ret] @ 0xb77d07aa - [mov eax, 0x8(esp)] [ret] @ 0xb77d1240 - [pop ebp] [ret] @ 0xb77d1617 - [sub * esp] [mov esp ebp] [push ebp] [ret] @ 0xb77d1750 - [push esi] [ret] @ 0xb77d22fe - [mov eax esi] [ret] @ 0xb77d2d0d - [pop esi] [ret] @ 0xb77d43b9 - [mov esp ebp] [push ebp] [ret] @ 0xb77d4bd0 - [push eax] [ret] @ 0xb77d4cc8 - [pop esi] [ret] @ 0xb77d50e6 - [add [] ebx] [ret] @ 0xb77d521e - [mov edx (esp)] [ret] @ 0xb77d5b29 - [push esp] [ret] @ 0xb77d5d2c - [push edx] [ret] @ 0xb77d5ddc - [sub * esp] [mov esp ebp] [push ebp] [ret] @ 0xb77d6b80 - [mov edx eax] [ret] @ 0xb77d7383 - [pop ebp] [ret] @ 0xb77d7427 - [push ebp] [ret] @ 0xb77d7611 - [push ebp] [ret] @ 0xb77d761c - [push ebp] [ret] @ 0xb77d7ad0 - [push ebp] [ret] @ 0xb77d7b10 - [mov esp ebp] [push ebp] [ret] @ 0xb77d7b90 - [mov eax edx] [ret] @ 0xb77d7e61 - [mov edx (esp)] [ret] @ 0xb77d8435 - [xor eax eax] [push ebp] [ret] @ 0xb77d8c30 - [pop edx] [ret] @ 0xb77d8c55 - [mov esp ebp] [push ebp] [ret] @ 0xb77d8d50 - [push esi] [ret] @ 0xb77d8dd2 - [push esi] [ret] @ 0xb77d910a - [push esi] [ret] @ 0xb77d935d - [push ebp] [ret] @ 0xb77d9930 - [cmp **** al] [ret] @ 0xb77d9998 - [mov [] *[]] [ret] @ 0xb77d9b49 - [add [] eax] [ret] @ 0xb77d9bf8 - [pop eax] [ret] @ 0xb77d9f94 - [push eax] [ret] @ 0xb77da17f - [mov [ ] ebx] [ret] @ 0xb77da201 - [mov [ ] eax] [ret] @ 0xb77da269 - [add [] ebx] [ret] @ 0xb77da407 - [xor eax eax] [ret] @ 0xb77da491 - [pop ebp] [ret] @ 0xb77da6cd - [xor eax eax] [ret] @ 0xb77daedf - [mov esp ebp] [push ebp] [ret] @ 0xb77db400 - [mov eax (esp)] [ret] @ 0xb77db737 - [add [] eax] [ret] @ 0xb77dc4e4 - [mov edx eax] [ret] @ 0xb77debfb - [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77decd0 - [cmp **** al] [ret] @ 0xb77ded10 - [mov edx (esp)] [ret] @ 0xb77df092 - [push ebp] [ret] @ 0xb77df159 - [sub * esp] [mov esp ebp] [push ebp] [ret] @ 0xb77e05b0 - [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e1520 - [mov eax esi] [ret] @ 0xb77e18c4 - [add [] ebx] [ret] @ 0xb77e1b0a - [cmp * al] [push eax] [ret] @ 0xb77e2182 - [push ecx] [ret] @ 0xb77e2196 - [push edx] [ret] @ 0xb77e25cc - [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e2750 - [add [] ebx] [ret] @ 0xb77e31e9 - [mov eax (esp)] [ret] @ 0xb77e323e - [push ebp] [ret] @ 0xb77e4a20 - [mov esp ebp] [ret] @ 0xb77e50f3 - [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e51e0 - [push ecx] [push ecx] [push ecx] [ret] @ 0xb77e548a - [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [push ecx] [ret] @ 0xb77e548a - [push ebp] [ret] @ 0xb77e5b58 - [sub * esp] [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e6f00 - [push ebp] [ret] @ 0xb77e8b37 - [add [] eax] [ret] @ 0xb77e8b92 - [push ebp] [ret] @ 0xb77e9b70 - [sub * esp] [push ebx] [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e9b70 - [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77e9c20 - [pop ebp] [ret] @ 0xb77e9f10 - [mov eax edx] [ret] @ 0xb77e9fd1 - [add [] eax] [ret] @ 0xb77ebd6b - [push ebp] [ret] @ 0xb77ec054 - [mov eax edi] [ret] @ 0xb77ecc98 - [mov eax (esp)] [ret] @ 0xb77ece87 - [push esi] [ret] @ 0xb77ecf96 - [push esp] [ret] @ 0xb77ed280 - [push ebp] [ret] @ 0xb77ed35a - [pop ebp] [pop edi] [pop esi] [ret] @ 0xb77ed4b7 - [push esi] [ret] @ 0xb77ed80a - [pop esi] [ret] @ 0xb77ed93e - [pop ebp] [ret] @ 0xb77eda14 - [push ebp] [ret] @ 0xb77edb6e - [pop edi] [pop esi] [pop ebx] [mov edx eax] [ret] @ 0xb77ee2df - [push ebp] [ret] @ 0xb77ee444 - [mov eax (esp)] [ret] @ 0xb77ee88b - [pop ebx] [ret] @ 0xb77ef1d2 - [push ebp] [ret] @ 0xb77ef734 - [push ebp] [ret] @ 0xb77ef73f - [sub * esp] [push ebx] [mov esp ebp] [push ebp] [ret] @ 0xb77ef8a0 - [push ebp] [ret] @ 0xb77efc88 - [pop eax] [ret] @ 0xb77f1023 - [mov [ ] edi] [ret] @ 0xb77f14a8 - [push esp] [ret] @ 0xb77f1fda - [push eax] [ret] @ 0xb77f26cd - [push esp] [ret] @ 0xb77f3504 - [push esp] [ret] @ 0xb77f4e6e - [push ebp] [ret] @ 0xb77f6bbe - [pop esp] [ret] @ 0xb77f6d78 - [push esi] [push edi] [mov esp ebp] [push ebp] [ret] @ 0xb77f7020 - [push ebp] [ret] @ 0xb77f7208 - [xor eax eax] [ret] @ 0xb77f77ca - [push ebp] [ret] @ 0xb77f7e33 - [mov [ ] ebx] [ret] @ 0xb780a96b - [mov eax (esp)] [ret] @ 0xb780ae07 - [add [] eax] [ret] @ 0xb780c2f6 - [push esp] [ret] @ 0xb780cae1 - [push edx] [ret] @ 0xb7810992 [+] Segment: 0xb78b01d8 (0x5790) - [add [] eax] [ret] @ 0xb7772764 - [pop ecx] [ret] @ 0xb7773350 - [push esp] [ret] @ 0xb7773c54 - [pop edx] [ret] @ 0xb77757ec [+] Segment: 0xb7899fc4 (0x31bc) - [add [] eax] [ret] @ 0xb7772764 - [pop ecx] [ret] @ 0xb7773350 - [push esp] [ret] @ 0xb7773c54 [+] Segment: 0xb78b01d8 (0x1e28) - [add [] eax] [ret] @ 0xb7772764 - [pop ecx] [ret] @ 0xb7773350 - [push esp] [ret] @ 0xb7773c54 ------------------------------------------ [v] Thank you, come again! uh-heung! r0ar!