ROPSHELL 
ropshell> use 3899f258e06eda564292b936b806261f (download)
name         : RM2MP3Converter.exe (i386/PE)
base address : 0x401000
total gadgets: 6308

ropshell> suggest "load mem"
> 0x0042c210 : mov eax, [ecx]; ret
> 0x004255c0 : mov eax, [ecx + 0x134]; ret
> 0x00437034 : mov eax, [esi + 0x18]; pop esi; add esp, 0x100; ret
> 0x004201a1 : mov ecx, [ebx + 0x5e5fffff]; pop ebp; add esp, 0x4510; ret 8
> 0x00434b83 : mov edx, [eax + 0xc]; push edx; push eax; call ecx; ret
> 0x0040fa47 : mov eax, [ebx]; push edi; push eax; call ebp
> 0x00424744 : mov eax, [esi]; call [eax + 0x14]
> 0x0042600b : mov eax, [ebp]; push eax; push ecx; call ebx
> 0x00410f49 : mov ecx, [eax]; call [ecx + 8]
> 0x00410f3f : mov edx, [eax]; call [edx + 0x14]
> 0x0040c99e : mov edx, [ecx]; call [edx + 0x30]
> 0x0040890a : mov edx, [esi]; call [edx + 0x30]
> 0x00412d00 : mov edx, [edi]; call [edx + 0x30]
> 0x0041645e : mov eax, [ebx + 0x20]; push eax; call edi
> 0x0040c5d6 : mov eax, [ebp + 4]; push eax; call ebx
> 0x00419c44 : mov ecx, [esi + 0x20]; push ecx; call edi
> 0x004163e8 : mov edx, [ebx + 0x2194e]; push edx; call edi
> 0x0040baf5 : mov edx, [esi + 0x20]; push edx; call edi
> 0x0042bebf : mov esi, [eax + 4]; push eax; call edi
> 0x00417b39 : mov esi, [edi + 0x230c]; push edi; call ebx
> 0x00417b1d : mov esi, [ebp + 0x338a]; push ebp; call ebx
> 0x0040fd97 : mov ecx, [edx]; pop esi; pop ebp; mov [eax], ecx; pop ebx; ret 0xc
> 0x0040c1d9 : mov eax, [edx + 4]; push 0; push eax; call ebx
> 0x0040db27 : mov edx, [edi + 4]; push eax; push edx; call ebx
> 0x004081f3 : mov eax, [edi]; mov ecx, edi; call [eax + 0x24]
> 0x004246ed : mov ebx, [esi + 0x90]; push edi; call [eax + 0x24]
> 0x00406fc4 : mov edx, [ebp + 4]; push eax; push ecx; push edx; call esi
> 0x004246bd : mov edi, [esi + 0x90]; push ebx; call [eax + 0x24]
> 0x004078ad : mov edx, [ebp]; push eax; mov ecx, ebp; call [edx + 0x30]
> 0x004119ac : mov ecx, [ebp + 8]; push eax; push ecx; mov ecx, edi; call [edx + 0x10]
> 0x0041a4f0 : mov edx, [ecx + 0x2b37d]; xor eax, eax; test edx, edx; sete al; mov [ecx + 0x2b37d], eax; ret
> 0x00407311 : mov ecx, [edi + 4]; push edx; push eax; mov eax, [esp + 0xb4]; push eax; push ecx; call esi
> 0x00423ef6 : mov edx, [ebx]; lea eax, [esp + 0x24]; push edi; push eax; mov ecx, ebx; call [edx + 0x28]
> 0x00423ed4 : mov esi, [edi]; and eax, 4; mov [esp + 0x40], eax; mov eax, [ebx]; push edi; call [eax + 0x2c]
> 0x00423232 : mov ecx, [eax + 8]; mov [eax + 8], ebx; mov eax, [esp + 0xc]; pop ebp; mov [esp + 0xc], ecx; pop ebx; ret 8

© 2014 - 2019 - Powered by ROPEME | Contact