ROPSHELL 
ropshell> use 496b8f2985017169a4201a8d263aeac0 (download)
name         : msvcrt.dll (i386/PE)
base address : 0x10101000
total gadgets: 5057

ropshell> suggest
call
    > 0x1010c1b2 : call eax
    > 0x10113a05 : call ebx
    > 0x1013943b : call ecx
    > 0x101139f5 : call esi
    > 0x1010fdd5 : call edi
jmp
    > 0x10198928 : push esp; ret
    > 0x10110dad : jmp eax
    > 0x101131b8 : jmp ebx
    > 0x10197eeb : jmp ecx
    > 0x101139a5 : jmp edx
load mem
    > 0x10141ca0 : mov eax, [ecx + 0xc]; ret
    > 0x101a0264 : mov eax, [edx + 4]; ret
    > 0x101677dc : mov eax, [ebp + 0x10]; ret
    > 0x1013c0da : mov ebp, [ebx + 0x20]; jmp eax
    > 0x1013c997 : mov eax, [esi]; add eax, edx; pop esi; pop ebp; ret
load reg
    > 0x1013bbf2 : pop eax; ret
    > 0x1013d85e : pop ebx; ret
    > 0x1010c14d : pop ecx; ret
    > 0x101947c4 : pop edx; ret
    > 0x1013cfe7 : pop esi; ret
pop pop ret
    > 0x1013bbf2 : pop eax; ret
    > 0x101373c2 : pop eax; pop ebp; ret
    > 0x1014bfee : pop ebx; pop edi; pop ebp; ret
    > 0x1014610a : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x1018a543 : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x101672b8 : add esp, 0x10; ret
    > 0x101672b8 : add esp, 0x10; ret
    > 0x1019ce48 : add esp, 0x20; ret
stack pivoting
    > 0x1010fad5 : xchg eax, esp; ret
    > 0x1019c0e2 : mov esp, ebx; pop ebx; ret
    > 0x10130902 : mov esp, ebp; pop ebp; ret
    > 0x101a0089 : lea esp, [esp]; fstp st(0); fld1 ; ret
    > 0x101887f9 : leave ; ret
write mem
    > 0x10197b0d : adc [eax], edx; ret
    > 0x10116d9a : add [ebx], esi; ret
    > 0x10159c9a : add [ebx], edi; ret
    > 0x10146ba4 : add [ebx + 0x300f465], eax; ret
    > 0x10187d77 : add [esi + 0x5b], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact