ROPSHELL 
ropshell> use 2d16e455648f41e816d1951ab7d09667 (download)
name         : ch72.exe (i386/PE)
base address : 0x401000
total gadgets: 1567

ropshell> suggest
call
    > 0x004025a4 : call eax
    > 0x00401461 : call ebx
    > 0x0040207e : call ecx
    > 0x00401294 : call esi
    > 0x0040189c : call edi
jmp
    > 0x00412d95 : jmp eax
    > 0x0040209c : jmp esi
    > 0x0040406c : jmp ebp
    > 0x00409634 : jmp [eax]
    > 0x00406d80 : jmp [ebx]
load mem
    > 0x004116f4 : mov eax, [edx + 4]; ret
    > 0x00402753 : mov eax, [ecx + 0x400]; shr eax, 1; ret
    > 0x00403976 : mov eax, [ebp + 0xc]; add [ecx], eax; pop ebp; ret 0x10
    > 0x0040a7a2 : movzx eax, [edx]; movzx ecx, [ecx]; sub eax, ecx; pop esi; pop ebp; ret
    > 0x004016a5 : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
load reg
    > 0x004018a7 : pop ebx; ret
    > 0x004011d6 : pop ecx; ret
    > 0x0041038e : pop edx; ret
    > 0x004013c4 : pop esi; ret
    > 0x00412bc5 : pop edi; ret
pop pop ret
    > 0x0040108f : pop ebp; ret
    > 0x004032ec : pop eax; pop ebp; ret
    > 0x0040df55 : pop ebx; pop edi; pop ebp; ret
    > 0x00409bce : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x0040a315 : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret
sp lifting
    > 0x0040597d : add esp, 0x10; ret
    > 0x0040597d : add esp, 0x10; ret
stack pivoting
    > 0x00411dfc : mov esp, ebx; pop ebx; ret
    > 0x0040108d : mov esp, ebp; pop ebp; ret
    > 0x00411539 : lea esp, [esp]; ret
    > 0x0040ce12 : lea esp, [eax + 0xbfffff8]; ret
    > 0x00404520 : xchg eax, esp; inc ebp; call ecx
write mem
    > 0x0040e4ea : add [ebx], eax; ret
    > 0x00403979 : add [ecx], eax; pop ebp; ret 0x10
    > 0x00402a65 : add [ebx + 0x5d5b5fc7], ecx; ret 4
    > 0x00403376 : add [esi + 0x5b], ebx; ret
    > 0x00403726 : add [edi + 0x5e], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact