ROPSHELL 
ropshell> use 147134e164e0d8e0d405a4bc5f1fa8af (download)
name         : SERVER.exe (i386/PE)
base address : 0x10471000
total gadgets: 4587

ropshell> suggest
call
    > 0x1048192b : call eax
    > 0x104802b1 : call ebx
    > 0x10479140 : call ecx
    > 0x10477465 : call esi
    > 0x10477e57 : call edi
jmp
    > 0x104820dd : jmp eax
    > 0x1047915f : jmp esi
    > 0x10476d73 : jmp esp
    > 0x104aa3f3 : jmp [eax]
    > 0x104a6c9c : jmp [ebx]
load mem
    > 0x10478ae4 : mov eax, [ecx]; ret
    > 0x104a9f80 : mov eax, [ecx + 0x10]; ret
    > 0x104bf6b4 : mov eax, [edx + 4]; ret
    > 0x104bda0d : mov eax, [ebp + 0x14]; pop ebp; ret
    > 0x1047a497 : mov edx, [ebp + 0xc]; pop ebp; ret
load reg
    > 0x10479b01 : pop eax; ret
    > 0x10477e62 : pop ebx; ret
    > 0x10477395 : pop ecx; ret
    > 0x104bcc0e : pop edx; ret
    > 0x104775c0 : pop esi; ret
pop pop ret
    > 0x10479b01 : pop eax; ret
    > 0x10484be4 : pop eax; pop ebp; ret
    > 0x104b8629 : pop ebx; pop edi; pop ebp; ret
    > 0x104aab67 : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x104ac38f : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret
sp lifting
    > 0x104819df : add esp, 0x10; ret
    > 0x104819df : add esp, 0x10; ret
stack pivoting
    > 0x1049b470 : xchg eax, esp; ret
    > 0x104c1fb9 : mov esp, ecx; ret
    > 0x104bffd3 : mov esp, ebx; pop ebx; ret
    > 0x10476d0a : mov esp, ebp; pop ebp; ret
    > 0x104bf449 : lea esp, [esp]; ret
write mem
    > 0x1049a079 : add [ecx], eax; pop ebp; ret 0x10
    > 0x104bbf5d : adc [edx], ebp; pop ebp; ret
    > 0x1049ba74 : add [ebx + 0x3b6602c1], eax; ret
    > 0x1048b02a : add [ebx + 0x5d5b5fc7], ecx; ret 4
    > 0x104a16bc : adc [edx + 0x11894202], ecx; ret

© 2014 - 2019 - Powered by ROPEME | Contact