ROPSHELL 
ropshell> use 1a40c3f362d7f068d2a744b541e6c887 (download)
name         : winbox.exe (i386/PE)
base address : 0x401000
total gadgets: 35665

ropshell> suggest
call
    > 0x00401227 : call eax
    > 0x00414235 : call ebx
    > 0x00437ba0 : call ecx
    > 0x0040b2e1 : call edx
    > 0x004011b7 : call esi
jmp
    > 0x0050ccbe : push esp; ret
    > 0x004018de : jmp eax
    > 0x0047c1ed : jmp ecx
    > 0x00405ba1 : jmp edx
    > 0x004a648f : jmp ebp
load mem
    > 0x0049f2fa : mov eax, [ecx]; ret
    > 0x00507cbe : mov eax, [edx]; ret
    > 0x00475b62 : mov eax, [ecx + 0x10]; ret
    > 0x0047b07b : mov eax, [edx + eax]; ret 4
    > 0x004c72ba : movzx edx, [eax]; mov eax, edx; ret
load reg
    > 0x0040a2b9 : pop eax; ret
    > 0x004b98bb : pop ebx; ret
    > 0x004c94c8 : pop ecx; ret
    > 0x004b108f : pop edx; ret
    > 0x0046126a : pop esi; ret
pop pop ret
    > 0x0040a2b9 : pop eax; ret
    > 0x004c94c7 : pop eax; pop ecx; ret
    > 0x0040ca45 : pop eax; pop ebx; pop ebp; ret
    > 0x0040209a : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x004a8181 : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00401097 : add esp, 0x1c; ret
    > 0x00401097 : add esp, 0x1c; ret
    > 0x0040115a : add esp, 0x2c; ret
    > 0x004c87ee : add esp, 0x3c; ret
    > 0x004c847b : sub esp, 0xc; nop ; call eax
stack pivoting
    > 0x0040211f : xchg eax, esp; ret
    > 0x004013af : lea esp, [ecx - 4]; ret
    > 0x004b2d07 : xchg esp, edi; call [edx - 0x77]; ret
    > 0x0041b869 : push edx; pop esp; jmp edx
    > 0x004b801e : lea esp, [esi + edi*8 - 0x1f170001]; ret
write mem
    > 0x005059fc : adc [ecx], eax; ret
    > 0x00519cae : add [ecx], edi; ret
    > 0x00421c06 : add [ecx], ebp; ret
    > 0x00448031 : add [edi], ecx; inc ebp; ret 0x8b
    > 0x0042b508 : add [eax + 0xc], edx; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact