ROPSHELL 
ropshell> use 3cd632d4245d08e76014e7240e5f5f82 (download)
name         : dbman.exe (i386/PE)
base address : 0x401000
total gadgets: 11623

ropshell> suggest "load mem"
> 0x00438b27 : mov eax, [ebx]; ret
> 0x00490560 : mov eax, [ecx]; ret
> 0x004974eb : mov eax, [esi]; pop esi; ret
> 0x00490b20 : mov eax, [ecx + 0x18]; ret
> 0x00497514 : mov eax, [esi + 4]; pop esi; ret
> 0x0041e838 : mov eax, [ebp + 8]; pop ebp; ret
> 0x00449726 : mov eax, [edx]; call eax
> 0x00405fb5 : mov edx, [eax]; call edx
> 0x00495cfc : mov edx, [ecx]; mov [eax], edx; ret
> 0x00497e58 : mov edx, [ecx + 4]; push eax; call edx; ret
> 0x00405544 : mov eax, [edx + 0x10]; call eax
> 0x0046b653 : mov edx, [eax + 0x10]; call edx
> 0x00499471 : mov eax, [edi + 0x50]; push esi; call eax
> 0x00497836 : mov ecx, [eax + 0x3c]; push edi; call ecx
> 0x00497e56 : mov ecx, [eax]; mov edx, [ecx + 4]; push eax; call edx; ret
> 0x0049b38c : mov ecx, [ebp + 8]; call [ebp + 0x14]
> 0x00491adf : mov ecx, [edi]; pop edi; mov [esi], ecx; mov eax, esi; pop esi; ret 8
> 0x0049a581 : mov edx, [ebx + 4]; push eax; mov ecx, edi; call edx
> 0x00497834 : mov eax, [edi]; mov ecx, [eax + 0x3c]; push edi; call ecx
> 0x00499b8e : mov edx, [esi]; mov eax, [edx + 0x6c]; push edi; call eax
> 0x0045492a : mov edx, [ebp + 0xc]; mov [edx + 7], cl; mov esp, ebp; pop ebp; ret
> 0x0049b3e6 : mov esi, [ebp + 8]; mov ecx, esi; call [ebp + 0x14]
> 0x0049a718 : mov eax, [ebp]; mov edx, [eax + 0x70]; mov ecx, ebp; call edx
> 0x00496d06 : mov ecx, [esi]; mov [eax + 4], edi; pop edi; mov [eax], ecx; pop esi; ret 0xc
> 0x0049835b : mov edx, [edi]; mov edx, [edx + 0x90]; push ecx; push eax; mov ecx, edi; call edx
> 0x0042645c : mov ebp, [eax + 0x30]; inc eax; dec ebx; add [ebx - 0x37f36b], cl; call [edx - 0x73]
> 0x00499958 : mov ecx, [edx + 0x68]; lea eax, [ebp]; push eax; push esi; mov [ebp], ebx; call ecx
> 0x0049cb30 : mov edx, [esi + 0x10]; mov ecx, [eax]; push edx; push eax; mov eax, [ecx + 0x1c]; call eax
> 0x004987ea : mov ebx, [ecx + 8]; mov ecx, [ecx + 0xc]; mov [eax + 8], ebx; push esi; mov [esp + 0x20], 0; mov [eax + 0xc], ecx; call edx

© 2014 - 2019 - Powered by ROPEME | Contact