ROPSHELL 
ropshell> use 2f06a96d2c7ca2c542c790fcd84d167a (download)
name         : regedit.exe (i386/PE)
base address : 0x401000
total gadgets: 1904

ropshell> suggest
call
    > 0x004053bf : call ebx
    > 0x00406fcf : call ecx
    > 0x00402d04 : call esi
    > 0x00405623 : call edi
    > 0x0040a9fa : call [eax]
jmp
    > 0x0041e455 : jmp eax
    > 0x004071b5 : jmp esp
    > 0x0040d182 : jmp [eax]
    > 0x00403aff : jmp [ebx]
    > 0x00403aed : jmp [ecx]
load mem
    > 0x0040efd7 : mov eax, [ecx + 0x50]; ret
    > 0x004050e5 : mov eax, [ecx]; add cl, cl; ret
    > 0x0041e0db : mov eax, [ebp + 8]; pop ebp; ret
    > 0x00413a26 : mov ecx, [ebp + 0x1c]; mov [ecx], eax; xor eax, eax; pop ebp; ret 0x18
    > 0x004107ee : mov eax, [esi + 0x1c]; mov [edi + 0xc], eax; xor eax, eax; pop esi; pop edi; pop ebp; ret 8
load reg
    > 0x004058e3 : pop eax; ret
    > 0x00403fea : pop ebx; ret
    > 0x00402a4a : pop ecx; ret
    > 0x00402cb7 : pop esi; ret
    > 0x0040b926 : pop edi; ret
pop pop ret
    > 0x004058e3 : pop eax; ret
    > 0x0041e152 : pop ebx; pop ebp; ret
    > 0x0041dbb2 : pop edi; pop esi; pop ebp; ret
    > 0x0041e150 : pop edi; pop esi; pop ebx; pop ebp; ret
    > 0x00404d95 : pop edi; pop esi; pop ebx; pop ecx; pop ebp; ret 0x10
sp lifting
    > 0x0040eff4 : add esp, 0x14; ret
    > 0x0040eff4 : add esp, 0x14; ret
stack pivoting
    > 0x00404bd7 : xchg eax, esp; ret
    > 0x0040693e : mov esp, ebp; pop ebp; ret
    > 0x00408429 : xchg esp, ebx; adc [eax], al; add [ebp - 0x281b7b], cl; call [eax - 1]
    > 0x0040303f : leave ; ret
write mem
    > 0x00406fbf : add [ebx + 0x3b6602c1], eax; ret
    > 0x00415670 : add [edi], ecx; xchg eax, ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact