ROPSHELL 
ropshell> use 0f4c6ea7b2c6e8f34cc3fda602a8dc87 (download)
name         : m2.exe (i386/PE)
base address : 0x401000
total gadgets: 318

ropshell> suggest
call
    > 0x00401024 : call eax
    > 0x004060dc : call ecx
jmp
    > 0x004012c5 : jmp eax
    > 0x00403ddc : jmp [eax]
    > 0x004025aa : jmp [ecx]
    > 0x004057d3 : jmp [esi - 0x39]
    > 0x00401800 : push esp; mov ebp, [esp + 0x58]; add esp, 0x5c; ret
load mem
    > 0x00401b6c : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x00401af1 : pop ebx; ret
    > 0x00406bc8 : pop ecx; ret
    > 0x00401b8e : pop esi; ret
    > 0x0040208b : pop edi; ret
    > 0x0040132f : pop ebp; ret
pop pop ret
    > 0x0040132f : pop ebp; ret
    > 0x00406bc7 : pop eax; pop ecx; ret
    > 0x00402089 : pop ebx; pop esi; pop edi; ret
    > 0x00401559 : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00405b95 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00401bb0 : add esp, 0x1c; ret
    > 0x00401bb0 : add esp, 0x1c; ret
    > 0x0040652d : add esp, 0x24; ret
    > 0x004056b4 : add esp, 0x3c; ret
    > 0x00405235 : add esp, 0x4c; ret
stack pivoting
    > 0x00405d93 : xchg eax, esp; lea eax, [0]; ret
    > 0x00401556 : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00401321 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact