ROPSHELL 
ropshell> use 29712211bd6d16cd475980d3847c82ab (download)
name         : 0x08000000-0x08099999.bin (i386/RAW)
base address : 0x0
total gadgets: 687

ropshell> suggest
call
    > 0x00013ba6 : call eax
    > 0x0001b73e : call ebx
    > 0x0001baee : call ecx
    > 0x0001bb21 : call edx
    > 0x0001b481 : call esi
jmp
    > 0x0000f012 : jmp eax
    > 0x0001b0b1 : jmp ebx
    > 0x0001bf6e : jmp ecx
    > 0x0001c70e : jmp edx
    > 0x0001c6e1 : jmp esi
load reg
    > 0x0003f912 : pop esi; ret
    > 0x00041db4 : pop edi; ret
    > 0x0001647f : popal ; ret
    > 0x00037439 : pop eax; jmp esi
    > 0x000377ab : pop ebx; jmp ebx
pop pop ret
    > 0x00041db4 : pop edi; ret
stack pivoting
    > 0x000377be : push ecx; add [ebx], dl; pop esp; jmp eax
    > 0x0003776a : push esi; add [eax], dl; pop esp; jmp edx
    > 0x00037782 : push ebp; add [ecx], dl; pop esp; jmp ecx
    > 0x000377bd : push edi; push ecx; add [ebx], dl; pop esp; jmp eax
    > 0x000377bb : push ebx; add [edi - 1], dl; int1 ; add [ebx], dl; pop esp; jmp eax
write mem
    > 0x000490bc : adc [edi], ebp; add eax, 0x52a06e9; ret
    > 0x0003cca7 : add [edi], ecx; xchg [edx + 0x6c], cl; ret
    > 0x0004a389 : add [esi], edx; call [edi]
    > 0x000490b6 : adc [edx], esi; or edi, [ebx + 0x2f113611]; add eax, 0x52a06e9; ret
    > 0x0003cd43 : add [edi + 0x1003d], esi; fs ; jmp [ebx + 1]

© 2014 - 2019 - Powered by ROPEME | Contact