ROPSHELL 
ropshell> use 4813ac1e979171c5d472e9c4cead3af1 (download)
name         : SmackW32.dll (i386/PE)
base address : 0x10001000
total gadgets: 1828

ropshell> suggest
call
    > 0x10003dd0 : call eax
    > 0x10004cf4 : call ebx
    > 0x10001a89 : call ecx
    > 0x10001d90 : call esi
    > 0x1000136b : call edi
jmp
    > 0x1000d4d0 : jmp eax
    > 0x100070a6 : jmp [esi + 0x3d]
    > 0x1000cab2 : push esp; add [eax], edx; mov [ecx + 4], eax; mov [ecx + 8], eax; ret
load mem
    > 0x1000a970 : mov edx, [ecx]; sub eax, edx; ret
    > 0x1000892b : mov eax, [ebx]; push eax; call edi
    > 0x10007133 : mov eax, [ebx + 4]; pop edi; pop esi; pop ebx; ret 0xc
    > 0x1000946b : mov eax, [ecx]; call [eax + 0x30]
    > 0x10009448 : mov eax, [edx]; call [eax + 0xc]
load reg
    > 0x10004cae : pop ebx; ret
    > 0x10001da5 : pop esi; ret
    > 0x1000d2d8 : pop edi; ret
    > 0x10009d36 : pop ebp; ret
    > 0x10001f59 : pop eax; add [eax], edx; ret
pop pop ret
    > 0x10009d36 : pop ebp; ret
    > 0x10009d35 : pop edi; pop ebp; ret
    > 0x1000d2d6 : pop ebx; pop esi; pop edi; ret
    > 0x10005637 : pop ebp; pop edi; pop esi; pop ebx; ret
    > 0x10009d32 : pop ecx; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x10004dcd : add esp, 0x10; ret
    > 0x10004dcd : add esp, 0x10; ret
    > 0x100088d7 : add esp, 0x20; ret
    > 0x10005419 : add esp, 0x304; ret
    > 0x1000334c : add esp, 0x404; ret
stack pivoting
    > 0x10003448 : xchg eax, esp; rol [ebx - 0x3fe4fe07], 0x40; ret 4
    > 0x1000ba0a : leave ; ret
write mem
    > 0x10001f5a : add [eax], edx; ret
    > 0x10004746 : add [ebx], eax; ret
    > 0x10006196 : add [esi + 0x5b], ebx; ret
    > 0x1000d3a3 : add [edx], ebp; call esi
    > 0x10007c1b : add [edi + 0x5e], ebx; pop ebx; add esp, 0x40; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact