ROPSHELL 
ropshell> use 13f6e93ae581129e5dbc1d4126de3767 (download)
name         : libspp.dll (i386/PE)
base address : 0x10001000
total gadgets: 37331

ropshell> suggest
call
    > 0x10001067 : call eax
    > 0x10002134 : call ebx
    > 0x10142da7 : call ecx
    > 0x10076a1b : call edx
    > 0x10009ee4 : call esi
jmp
    > 0x10090ac2 : push esp; ret
    > 0x1000f5ff : jmp eax
    > 0x1013abc1 : jmp ecx
    > 0x100e2537 : jmp edx
    > 0x1007836d : jmp edi
load mem
    > 0x10007b50 : mov eax, [ecx + 0x100]; ret
    > 0x10045876 : mov edx, [ecx + 0x1044]; ret
    > 0x10154116 : mov eax, [esi + 8]; pop esi; ret
    > 0x100988b4 : mov eax, [ecx]; push 1; call [eax]; ret
    > 0x1012526e : mov eax, [ebx + 0xdc]; pop edi; pop ebx; ret
load reg
    > 0x100072a2 : pop eax; ret
    > 0x10006014 : pop ebx; ret
    > 0x1000875e : pop ecx; ret
    > 0x100010a6 : pop esi; ret
    > 0x1000fcc7 : pop edi; ret
pop pop ret
    > 0x100072a2 : pop eax; ret
    > 0x101582b0 : pop eax; pop ebx; ret
    > 0x10008787 : pop ebp; pop ebx; pop ecx; ret
    > 0x10135ccb : pop ebp; pop ebx; pop esi; pop ecx; ret
    > 0x10159db1 : pop ebp; pop edi; pop esi; pop ebx; pop ecx; ret
sp lifting
    > 0x1008baa0 : add esp, 0x1000; ret
    > 0x1008baa0 : add esp, 0x1000; ret
    > 0x10034ebf : add esp, 0x2000; ret
    > 0x10010208 : add esp, 0x30; ret
    > 0x1014d973 : add esp, 0x400; ret
stack pivoting
    > 0x101394a9 : xchg eax, esp; ret
    > 0x100e1d04 : push ecx; pop esp; ret
    > 0x1005e9f3 : mov esp, ebp; pop ebp; ret
    > 0x1009f7fe : push eax; pop esp; mov eax, 1; ret 8
    > 0x1010d3cf : lea esp, [ebp + 0x5e5f0004]; mov eax, 1; pop ebx; add esp, 0x2640; ret 8
write mem
    > 0x100110e6 : add [eax], edx; ret
    > 0x100ef1bd : adc [ebx], edi; ret
    > 0x1014c632 : add [eax + 1], edi; ret
    > 0x10063f62 : add [ebx + 0x3b102444], ecx; ret
    > 0x10004a9d : add [ecx + 0x3a], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact