ropshell> use 13031e736ee4698b8c4813a8f2ae1848 (download)
name         : PassFreely_Implant.dll (i386/PE)
base address : 0x68001000
total gadgets: 890

ropshell> suggest
call
    > 0x680092f8 : call eax
    > 0x68009160 : call ebx
    > 0x68008c90 : call esi
    > 0x68003c99 : call edi
    > 0x68003b05 : call ebp
jmp
    > 0x68006f85 : jmp ebp
    > 0x68001078 : jmp [esi - 0x39]
load mem
    > 0x68005139 : mov eax, [edx]; mov [ebp - 0x24], eax; mov eax, 1; ret
    > 0x68005234 : mov ecx, [eax]; mov [ebp - 0x48], ecx; mov eax, 1; ret
    > 0x68009056 : mov eax, [esi + 4]; and [eax], 0; pop esi; ret
    > 0x680087f9 : mov edx, [eax]; add edx, eax; mov al, 1; mov [ecx], edx; ret
    > 0x68005137 : mov edx, [ecx]; mov eax, [edx]; mov [ebp - 0x24], eax; mov eax, 1; ret
load reg
    > 0x68009476 : pop eax; ret
    > 0x68004880 : pop ebx; ret
    > 0x68004d8f : pop ecx; ret
    > 0x680089a8 : pop esi; ret
    > 0x680038ba : pop ebp; ret
pop pop ret
    > 0x68009476 : pop eax; ret
    > 0x680048c1 : pop ebp; pop ebx; ret
    > 0x68009227 : pop ebx; pop ecx; pop ecx; ret
    > 0x68009226 : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x68009225 : pop esi; pop ebp; pop ebx; pop ecx; pop ecx; ret
sp lifting
    > 0x68001949 : add esp, 0x10; ret
    > 0x68001949 : add esp, 0x10; ret
    > 0x68004433 : add esp, 0x364; ret
    > 0x68003f95 : add esp, 0x4b4; ret
stack pivoting
    > 0x680038b8 : mov esp, ebp; pop ebp; ret
    > 0x68009506 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x680076ec : lea esp, [ebx + edi*8 - 1]; call [ecx - 1]
    > 0x68005d87 : lea esp, [edi + edi*8 - 1]; inc [ebx - 0x9b43]; call [edi + ecx]
    > 0x680012aa : leave ; ret
write mem
    > 0x680090f9 : add [eax + 0x5e], ebp; ret
    > 0x680092b7 : add [edi + 0x5e], ebx; ret 8
    > 0x680092b3 : add [esi + 8], edi; mov al, 1; pop edi; pop esi; ret 8
    > 0x680059dc : add [ebx + 0x28b0855], ecx; push eax; call [ebp - 0x30]
    > 0x68008d13 : add [ebp + 0x5651fc4d], ecx; push eax; push [ebp + 8]; call edi