ROPSHELL 
ropshell> use 3ac8886dfa5ab641417df4d3b7f5512e (download)
name         : kernel32.dll (i386/PE)
base address : 0x7c801000
total gadgets: 7863

ropshell> suggest
call
    > 0x7c81950b : call eax
    > 0x7c810395 : call ebx
    > 0x7c80eb6c : call ecx
    > 0x7c87b432 : call edx
    > 0x7c801a7f : call esi
jmp
    > 0x7c80bf0b : jmp eax
    > 0x7c810788 : jmp ecx
    > 0x7c809a03 : jmp edx
    > 0x7c82d92c : jmp esi
    > 0x7c80b0e0 : jmp edi
load mem
    > 0x7c835403 : mov eax, [ebp + 0x10]; pop ebp; ret 0xc
    > 0x7c82cc23 : mov eax, [ebx]; push eax; call edi
    > 0x7c80b3ac : mov eax, [esi]; push eax; call edi
    > 0x7c86b5fd : movsx eax, [edi]; push eax; call esi
    > 0x7c86b668 : movsx eax, [edi + 1]; push eax; call esi
load reg
    > 0x7c80997d : pop eax; ret
    > 0x7c80dfdd : pop ebx; ret
    > 0x7c80a3e7 : pop esi; ret
    > 0x7c810afe : pop edi; ret
    > 0x7c80df32 : pop ebp; ret
pop pop ret
    > 0x7c80997d : pop eax; ret
    > 0x7c87f30e : pop eax; pop ebp; ret
    > 0x7c80dfdb : pop edi; pop esi; pop ebx; ret
    > 0x7c8107e4 : pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c80e021 : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x7c830e49 : xchg eax, esp; ret
    > 0x7c80df30 : mov esp, ebp; pop ebp; ret
    > 0x7c863401 : lea esp, [ebx - 6]; dec ecx; ret 0xc
    > 0x7c8107e2 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c83fef1 : lea esp, [esp + edi*8 - 1]; call [ecx + 0x50]
write mem
    > 0x7c83c872 : add [ebx], edi; ret
    > 0x7c80aae7 : add [ebx], ebp; ret
    > 0x7c85601c : add [eax], ecx; pop ebp; ret 0xc
    > 0x7c81eee6 : add [eax + 0x5d5e5f01], esi; ret 0x10
    > 0x7c81eee8 : add [edi + 0x5e], ebx; pop ebp; ret 0x10

© 2014 - 2019 - Powered by ROPEME | Contact