ROPSHELL 
ropshell> use 1aff244ca134956c54474f4e2433e4ce (download)
name         : advapi32.dll (i386/PE)
base address : 0x77dd1000
total gadgets: 6815

ropshell> suggest
call
    > 0x77dd9601 : call eax
    > 0x77dd6a16 : call ebx
    > 0x77dda39f : call ecx
    > 0x77de7373 : call edx
    > 0x77dd6eda : call esi
jmp
    > 0x77deb1cd : push esp; ret
    > 0x77df32be : jmp eax
    > 0x77df1c3b : jmp ebx
    > 0x77de8c63 : jmp ecx
    > 0x77e07450 : jmp edx
load mem
    > 0x77e29b0a : mov ecx, [edx + 0x3000000]; ret
    > 0x77e2ac6f : mov eax, [ebp + 0xc]; pop ebp; ret 8
    > 0x77e1e7c8 : movzx esi, [eax + 2]; call ebx
    > 0x77dd90a3 : mov ecx, [ebp + 0x10]; mov [ecx], eax; pop ebp; ret 0xc
    > 0x77e3c901 : mov edx, [ebp + 0x14]; mov [ecx], edx; pop ebp; ret 0x14
load reg
    > 0x77e25887 : pop eax; ret
    > 0x77dd94a1 : pop ebx; ret
    > 0x77ddbf7c : pop ecx; ret
    > 0x77de9efe : pop esi; ret
    > 0x77e04d7d : pop edi; ret
pop pop ret
    > 0x77e25887 : pop eax; ret
    > 0x77df816c : pop edi; pop ebx; ret
    > 0x77dd9522 : pop edi; pop esi; pop ebx; ret
    > 0x77e2402f : pop eax; pop esi; pop edi; pop ebp; ret 8
    > 0x77df5730 : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x77de9e53 : xchg eax, esp; ret
    > 0x77dee303 : mov esp, ebp; pop ebp; ret
    > 0x77dd802d : lea esp, [ebp + 0x3b000246]; ret
    > 0x77dde2a9 : lea esp, [esi + edi*8 - 1]; jmp [esi - 0x77]
    > 0x77dde355 : lea esp, [edi + edi*8 - 1]; call [ecx - 0x73]
write mem
    > 0x77df7fb7 : adc [ebx], edi; ret
    > 0x77e12116 : add [eax + 0x3a424102], ecx; ret
    > 0x77de78d7 : adc [ebx + 0x33f703c7], ecx; ret
    > 0x77df8623 : adc [esi + 0x5d], ebx; ret 0xc
    > 0x77e3add7 : add [edi + 0x5d], ebx; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact