ROPSHELL 
ropshell> use 41743143fd01af24080919431b6ae73c (download)
name         : out.bin (i386/RAW)
base address : 0x0
total gadgets: 920

ropshell> suggest
call
    > 0x000021b2 : call edx
    > 0x00001897 : call ebp
    > 0x00001c3a : call [eax]
    > 0x00003e0d : call [ebx - 0x3e]
    > 0x000078e1 : call [edx]
jmp
    > 0x00003287 : push esp; ret
    > 0x0000107e : jmp ebx
    > 0x0000773f : jmp edx
    > 0x00002ab3 : jmp esp
    > 0x00002dfe : jmp [eax]
load mem
    > 0x0000500e : mov ecx, [ebx]; ret
    > 0x00000b50 : mov ecx, [edx]; ret
    > 0x000059bb : mov edx, [ecx + 0x44]; ret
    > 0x00003fc4 : mov ecx, [ebx + 0x26160813]; dec edx; arpl [edx], ax; cmpsd [esi], es:[edi]; pushal ; rol [eax], 1; ret
load reg
    > 0x00000593 : pop eax; ret
    > 0x000000fb : pop ebx; ret
    > 0x0000078b : pop ecx; ret
    > 0x000047b1 : pop edx; ret
    > 0x00002441 : pop esi; ret
pop pop ret
    > 0x00000593 : pop eax; ret
    > 0x00004e94 : pop esi; pop esi; ret
stack pivoting
    > 0x00000419 : xchg eax, esp; ret
    > 0x000021a0 : xchg esp, ebx; ret
    > 0x00008e74 : lea esp, [ebx + 0x26d987]; ret
    > 0x00006cc0 : xchg esp, ebp; scasd eax, es:[edi]; sbb dh, [ebx + 0x7a]; ret
    > 0x00001013 : leave ; ret
write mem
    > 0x00005b36 : adc [ebx], eax; ret
    > 0x0000367e : adc [esi], edx; ret
    > 0x00003c57 : add [ebx], ebp; sub bh, [ecx + 0x3bd1ad9e]; push cs; ret

© 2014 - 2019 - Powered by ROPEME | Contact