ROPSHELL 
ropshell> use 27ce6f833b2b51816654871de92b20e5 (download)
name         : loader (i386/ELF)
base address : 0x172c0
total gadgets: 5450

ropshell> suggest "load mem"
> 0x000bcbc0 : mov ecx, [edi]; ret
> 0x000ad450 : mov esi, [ebx]; ret
> 0x00023790 : mov eax, [edx + 0x30]; ret
> 0x000d9ba7 : mov eax, [ecx]; pop ebx; pop esi; ret
> 0x00026024 : mov edx, [eax + 0xc]; mov eax, [eax + 8]; ret
> 0x00023b55 : mov eax, [ebp]; add ebx, [ebx + eax*4 - 0x106420]; jmp ebx
> 0x0001e0eb : mov eax, [esi]; mov [esp], esi; call [eax + 0x14]
> 0x0001e1a7 : mov eax, [edi]; mov [esp], edi; call [eax + 0x14]
> 0x0001cafe : mov ecx, [eax]; mov [esp], eax; call [ecx + 0x10]
> 0x0009d778 : mov eax, [esi + 0x66e9fff1]; xor bh, bh; call [eax + 0x50]
> 0x0009d678 : mov ebx, [esi + 0x66e9fff1]; xor edi, edi; call [ebp + 0x55]
> 0x000d4e4f : movzx edx, [ecx + edi]; mov [eax + 6], dl; pop ebx; pop esi; pop edi; ret
> 0x000dab84 : mov edx, [eax]; add [eax], eax; add [ebx + 0x5e], bl; pop edi; pop ebp; ret
> 0x00052ed8 : mov eax, [ebp + 0x318]; mov [esp], esi; call [eax + 0x50]
> 0x0001749a : mov edx, [esi + 0x318]; mov [esp], eax; call [edx + 0x50]
> 0x00049da5 : mov edx, [edi + 0x318]; mov [esp], eax; call [edx + 0x50]
> 0x0004f7f4 : mov edx, [ebp + 0x318]; mov [esp], eax; call [edx + 0x50]
> 0x0001e26a : mov esi, [eax + 0x50]; mov [esp], edi; call [eax + 0x4c]
> 0x0001ea65 : mov esi, [edi + 0x48]; mov [esp], edi; call [eax + 0x4c]
> 0x0001eaa1 : mov ebp, [edi + 0x48]; mov [esp], edi; call [eax + 0x4c]
> 0x0001cd7d : mov edi, [eax]; mov eax, [esi]; mov [esp], esi; call [eax + 0x4c]
> 0x00049564 : mov ecx, [esi + 0x318]; add eax, 1; mov [esp], eax; call [ecx + 0x50]
> 0x0002032f : mov eax, [ecx + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x3c]
> 0x0001cd50 : mov eax, [edi + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x2c]
> 0x0001f078 : mov ecx, [eax + 0x48]; mov [esp + 0x3c], ecx; mov [esp], esi; call [eax + 0x44]
> 0x0001cd4e : mov esi, [edi]; mov eax, [edi + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x2c]
> 0x0001cb0a : mov esi, [ebp]; mov eax, [ebp + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x5c]
> 0x00020389 : mov ebp, [esi]; mov eax, [esi + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x2c]
> 0x0002054d : mov ebp, [eax]; mov [esp + 0x18], ebp; mov eax, [eax + 4]; mov ecx, [eax]; mov [esp], eax; call [ecx + 0x2c]
> 0x0001e16b : mov esi, [eax]; mov eax, [eax + 4]; mov [esp + 8], eax; mov [esp + 4], esi; mov [esp], ecx; call [edx + 0x60]
> 0x0001e169 : mov edx, [ecx]; mov esi, [eax]; mov eax, [eax + 4]; mov [esp + 8], eax; mov [esp + 4], esi; mov [esp], ecx; call [edx + 0x60]

© 2014 - 2019 - Powered by ROPEME | Contact