ROPSHELL 
ropshell> use 455d0719dd8a8a1e09d70d5bb9013559 (download)
name         : binkw32.dll (i386/PE)
base address : 0x10001000
total gadgets: 277

ropshell> suggest
call
    > 0x1000105b : call eax
    > 0x10001319 : call ebx
    > 0x1000103e : call edx
    > 0x100013f6 : call edi
    > 0x100012ac : call [ecx - 0x77]
jmp
    > 0x10002575 : jmp eax
load mem
    > 0x10001058 : mov eax, [edx + 8]; call eax
    > 0x10001e86 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x10002011 : mov eax, [ebp + 8]; pop edi; pop esi; pop ebx; pop ebp; ret
    > 0x100010e8 : mov eax, [ebx]; adc [ecx - 0x3ca10bb0], cl; xor eax, eax; pop esi; ret
    > 0x10001055 : mov edx, [eax]; push eax; mov eax, [edx + 8]; call eax
load reg
    > 0x10001d3f : pop edx; ret 0x10
    > 0x100010ee : pop esi; ret
    > 0x10001053 : pop ebp; ret
    > 0x10001a2b : pop ebx; pop ebp; ret
    > 0x10001d79 : pop eax; int3 ; pop ebp; ret
pop pop ret
    > 0x10001053 : pop ebp; ret
    > 0x10001a2b : pop ebx; pop ebp; ret
    > 0x10002015 : pop esi; pop ebx; pop ebp; ret
    > 0x10002014 : pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x10001ed5 : add esp, 0x10; ret
    > 0x10001ed5 : add esp, 0x10; ret
stack pivoting
    > 0x10001051 : mov esp, ebp; pop ebp; ret
    > 0x10001e60 : xchg eax, esp; mov eax, [eax]; push eax; ret
    > 0x10001e84 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x10001d0c : lea esp, [esp]; mov eax, [esp + 4]; xor edx, edx; mov ebx, [esp]; dec eax; add esp, 0x10; ret 0x10
    > 0x100028d6 : leave ; ret 8
write mem
    > 0x10001bc4 : add [eax], edx; pop ebp; ret
    > 0x1000275f : adc [ebp + 0x5152bc55], ecx; call eax
    > 0x10001a19 : add [ebp + 4], esi; xor eax, eax; pop ebp; ret
    > 0x1000177d : add [esi + 0x75], edx; pop es; xor eax, eax; pop esi; mov esp, ebp; pop ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact