ROPSHELL 
ropshell> use 39ca78346ddfcfce20e4a5aa273e1812 (download)
name         : HuiMangDocs.exe (i386/PE)
base address : 0x401000
total gadgets: 329

ropshell> suggest
call
    > 0x0040370f : call ebx
    > 0x00401705 : call edx
    > 0x004032f4 : call esi
    > 0x00403b94 : call edi
    > 0x0040289b : call [eax]
jmp
    > 0x004039e9 : jmp [esi - 0x74]
load mem
    > 0x004021c7 : mov edx, [esi]; call edx
    > 0x004015af : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret
    > 0x00401702 : mov edx, [esi + 4]; call edx
    > 0x0040396b : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
    > 0x004021c2 : mov esi, [ecx]; mov ecx, [eax + edx*4]; mov edx, [esi]; call edx
load reg
    > 0x00403b9f : pop ebx; ret
    > 0x00403234 : pop ecx; ret
    > 0x00403669 : pop esi; ret
    > 0x004011d1 : pop ebp; ret
    > 0x00403b9d : pop edi; pop esi; pop ebx; ret
pop pop ret
    > 0x004011d1 : pop ebp; ret
    > 0x0040314b : pop ecx; pop ebp; ret
    > 0x00403b9d : pop edi; pop esi; pop ebx; ret
stack pivoting
    > 0x004011cf : mov esp, ebp; pop ebp; ret
    > 0x0040339a : leave ; ret
write mem
    > 0x0040298d : add [edi], ecx; test ebp, eax; add al, [eax]; add [ebx - 0x4bf43], al; call [eax]

© 2014 - 2019 - Powered by ROPEME | Contact