ROPSHELL 
ropshell> use 30730a50b95125d8b809d9116dd12973 (download)
name         : steamclient_short.dll (i386/PE)
base address : 0x38001000
total gadgets: 66153

ropshell> suggest
call
    > 0x38002554 : call eax
    > 0x38003cd4 : call ebx
    > 0x3800a9ac : call ecx
    > 0x38002514 : call edx
    > 0x3804722e : call esi
jmp
    > 0x38099b9a : push esp; ret
    > 0x38088912 : jmp eax
    > 0x380ae01d : jmp ebx
    > 0x380e24d5 : jmp ecx
    > 0x3813545d : jmp edx
load mem
    > 0x380979f6 : mov eax, [ecx]; ret
    > 0x38091bf2 : mov eax, [ebx]; pop ebx; ret
    > 0x3809e2e7 : mov eax, [esi]; pop esi; ret
    > 0x3821b640 : mov eax, [ecx + 0x114]; ret
    > 0x38379268 : mov ebx, [esi + 0x5d]; ret
load reg
    > 0x380a20f5 : pop eax; ret
    > 0x380038f0 : pop ebx; ret
    > 0x38001734 : pop ecx; ret
    > 0x38067bd3 : pop edx; ret
    > 0x38001081 : pop esi; ret
pop pop ret
    > 0x380a20f5 : pop eax; ret
    > 0x3813e256 : pop eax; pop esi; ret
    > 0x38003f5b : pop ebp; pop ebx; pop ecx; ret
    > 0x38062d6e : pop ebp; pop ebx; pop edi; pop esi; ret
    > 0x3805e862 : pop eax; pop ebx; pop ebp; pop edi; pop esi; ret
sp lifting
    > 0x3800c95b : add esp, 0x100; ret
    > 0x3800c95b : add esp, 0x100; ret
    > 0x38010d81 : add esp, 0x20; ret
    > 0x3804f3be : add esp, 0x34; ret
    > 0x3800dcd6 : add esp, 0x448; ret
stack pivoting
    > 0x380568ff : xchg eax, esp; ret
    > 0x3822a151 : mov esp, ebx; pop ebx; ret
    > 0x3800e0da : mov esp, ebp; pop ebp; ret
    > 0x382a6e9e : push eax; pop esp; pop ebp; ret 4
    > 0x382a6ec7 : push edx; pop esp; pop ebp; ret 4
write mem
    > 0x3806487a : adc [eax], edx; ret
    > 0x3829e02c : add [ebx], eax; ret
    > 0x3805a2d4 : add [ebx], ecx; ret
    > 0x38009d2b : add [ebx], edi; ret
    > 0x383b6fdc : add [ecx], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact