ROPSHELL 
ropshell> use 2a7be1139bd9d88b944d3d64cba3e334 (download)
name         : a.exe (i386/RAW)
base address : 0x0
total gadgets: 403

ropshell> suggest
call
    > 0x00000821 : call eax
    > 0x000013dd : call esi
    > 0x0000173f : call edi
    > 0x000007be : call ebp
    > 0x00001fcb : call [eax]
jmp
    > 0x00000ecf : jmp eax
    > 0x00001553 : jmp [eax]
    > 0x0000eba8 : jmp [ebx]
    > 0x00017485 : jmp [ecx]
    > 0x00001445 : jmp [esi + 0x2e]
load mem
    > 0x000022ad : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x00001738 : mov ecx, [ebx]; call ebp
    > 0x00001b40 : movzx ecx, [eax + 6]; mov eax, ecx; ret
    > 0x00001c90 : mov eax, [edx + 0x24]; not eax; shr eax, 0x1f; ret
    > 0x00001e09 : mov eax, [edx]; add [eax], al; dec eax; add esp, 0x48; ret
load reg
    > 0x0000152c : pop eax; ret
    > 0x00001636 : pop ebx; ret
    > 0x00001db0 : pop ecx; ret
    > 0x00000e2c : pop esi; ret
    > 0x000010fb : pop edi; ret
pop pop ret
    > 0x0000152c : pop eax; ret
    > 0x00001daf : pop eax; pop ecx; ret
    > 0x000010f9 : pop ebx; pop esi; pop edi; ret
    > 0x0000251e : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x0000251d : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x000006ab : add esp, 0x28; ret
    > 0x000006ab : add esp, 0x28; ret
    > 0x00000775 : add esp, 0x38; ret
    > 0x00001e0e : add esp, 0x48; ret
    > 0x0000152a : add esp, 0x58; ret
stack pivoting
    > 0x00017497 : xchg eax, esp; add [eax], ecx; lcall [edx]; or eax, [eax]; jmp [ecx]
    > 0x00000820 : leave ; call eax
write mem
    > 0x0000ed6a : add [eax], ecx; ret 0x18
    > 0x00017c2a : add [eax + 4], ebx; ret
    > 0x00017bab : add [ecx + 4], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact