ROPSHELL 
ropshell> use 3821bd26a6940981694e4a261e659323 (download)
name         : kernel32.dll (i386/PE)
base address : 0x6b810000
total gadgets: 3925

ropshell> suggest
call
    > 0x6b823704 : call eax
    > 0x6b81856c : call ebx
    > 0x6b813ab3 : call ecx
    > 0x6b822e3a : call edx
    > 0x6b81098b : call esi
jmp
    > 0x6b820265 : jmp eax
    > 0x6b82350f : jmp esi
    > 0x6b816ee0 : jmp edi
    > 0x6b810e77 : jmp [eax]
    > 0x6b810638 : jmp [ebx]
load mem
    > 0x6b822c20 : mov eax, [ecx + 0x10]; ret
    > 0x6b866362 : mov ebp, [ebx + 0x2b]; ret
    > 0x6b81d573 : mov ecx, [edx]; sub eax, ecx; ret
    > 0x6b822ad5 : mov eax, [ebp + 8]; pop ebp; ret 4
    > 0x6b824a58 : mov ecx, [esi]; sub cx, ax; mov ax, cx; pop esi; ret
load reg
    > 0x6b81ff52 : pop eax; ret
    > 0x6b8120b5 : pop ebx; ret
    > 0x6b822e27 : pop ecx; ret
    > 0x6b810aac : pop esi; ret
    > 0x6b8437f4 : pop edi; ret
pop pop ret
    > 0x6b81ff52 : pop eax; ret
    > 0x6b812a5c : pop eax; pop ebx; ret
    > 0x6b849f39 : pop eax; pop edi; pop esi; ret
    > 0x6b8234f2 : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x6b8236fc : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x6b819542 : xchg eax, esp; ret
    > 0x6b81f760 : mov esp, ebx; pop ebx; ret 4
    > 0x6b81003e : mov esp, ebp; pop ebp; ret
    > 0x6b856c06 : push edx; pop esp; sub edx, [ecx + 4]; mov eax, edx; ret
    > 0x6b83777b : lea esp, [ebp + edi*8 - 1]; jmp [esi - 0x77]
write mem
    > 0x6b8327c3 : add [ebx], eax; ret
    > 0x6b8215f8 : add [ebx], ecx; ret
    > 0x6b82a973 : add [ebx], edi; ret
    > 0x6b84568c : adc [eax + 0x5de58b6b], ecx; ret
    > 0x6b8119d8 : add [ebx + 0x3b6602c1], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact