ROPSHELL 
ropshell> use 1a40c3f362d7f068d2a744b541e6c887 (download)
name         : winbox.exe (i386/PE)
base address : 0x401000
total gadgets: 35665

ropshell> suggest "stack pivoting"
> 0x0040211f : xchg eax, esp; ret
> 0x004013af : lea esp, [ecx - 4]; ret
> 0x004b2d07 : xchg esp, edi; call [edx - 0x77]; ret
> 0x0041b869 : push edx; pop esp; jmp edx
> 0x004b801e : lea esp, [esi + edi*8 - 0x1f170001]; ret
> 0x0040421b : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
> 0x004dc71c : mov esp, edi; call [edx - 0x15]
> 0x0047f58d : push ecx; pop esp; mov [eax + 4], edx; pop ebp; ret 4
> 0x004b868a : lea esp, [edi + edi*8 - 1]; call [eax + 0x50]
> 0x0040e82b : push ebx; pop esp; mov [esp], edx; call [eax + 0x20]
> 0x004e9f6d : xchg esp, ebp; dec [ecx - 0x4017ad27]; sub al, 0; add [ebp + 0x5e5bf465], cl; pop edi; pop ebp; ret 4
> 0x0044dc52 : push eax; pop esp; lea ecx, [ebx + 4]; push edx; mov [esp], eax; call edi
> 0x0050feb0 : push ebp; or [ecx - 0x76ff743f], cl; pop esp; and al, 4; mov [esp], edx; call [eax + 0x10]
> 0x0041e6cb : xchg esp, ecx; add [eax], al; mov [esp], ebx; mov [esp + 8], edi; mov [esp + 4], eax; call [eax + 0xc]
> 0x00401565 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact