ROPSHELL 
ropshell> use 4c62d0bf24a7665ea98fba97c6ff8155 (download)
name         : NetAnts.exe (i386/PE)
base address : 0x401000
total gadgets: 10889

ropshell> suggest "load mem"
> 0x0044ca62 : mov eax, [esi]; pop esi; ret 4
> 0x0044bf4f : mov eax, [ecx + 0x31c]; ret
> 0x0045b1e4 : mov eax, [edx + 4]; ret
> 0x0044d068 : mov eax, [esi + 0x24]; pop esi; ret
> 0x0043aaa5 : mov eax, [ebp + 8]; pop ebp; ret 0x20
> 0x00448dfd : mov eax, [ecx]; push ecx; call [eax + 0x38]; ret
> 0x0044d044 : mov ecx, [eax]; call [ecx + 0x14]
> 0x0042623b : mov ebx, [ebp + 8]; push ebx; call esi
> 0x0042059c : mov esi, [ebp + 0x70]; push esi; call edi
> 0x00450ab9 : mov ebp, [ebx + 0x20]; jmp [ebx + 0x18]
> 0x004287ff : mov eax, [ebx]; push ebx; call [eax + 8]
> 0x00449072 : mov eax, [edi]; push edi; call [eax + 8]
> 0x00450b9f : mov ecx, [esi + 4]; mov [eax + 0x84], ecx; pop esi; ret
> 0x004435b3 : mov ecx, [ebp + 0x7c]; mov [eax + 0x74], ecx; pop ebp; ret 0x78
> 0x00443ac1 : mov edx, [ebp + 8]; setne cl; mov [edx], cl; pop ebp; ret 0xc
> 0x00455139 : mov ecx, [edx]; movzx eax, [ecx]; inc ecx; mov [edx], ecx; ret
> 0x0043e8c1 : mov edx, [eax]; mov ecx, eax; call [edx + 8]
> 0x0042f1cb : mov eax, [edi + 0x28]; push eax; call [edi + 0x20]
> 0x0042f5e0 : mov ecx, [eax + 0x28]; push ecx; call [eax + 0x20]
> 0x00431097 : mov ecx, [ebx + 0x3c]; push ebp; push edi; push ecx; call eax
> 0x00404e95 : mov edx, [ecx]; push eax; push [esp + 8]; push eax; call [edx + 8]; ret
> 0x00430fb3 : mov ecx, [edi + 0x28]; push ebx; push ecx; call [edi + 0x24]
> 0x004309b0 : mov edx, [edi + 0x28]; push ebx; push edx; call [edi + 0x24]
> 0x00459025 : mov esi, [edx + esi]; mov ecx, [esi + ecx]; add ecx, edx; add eax, ecx; pop esi; ret
> 0x00439ef6 : mov ecx, [edi]; lea eax, [esi + esi*2]; mov eax, [ecx + eax*4]; pop edi; pop esi; ret 4
> 0x0042fce9 : mov edx, [ebx + 0xc]; push edx; mov ecx, [eax + 0x28]; push ecx; call [eax + 0x24]
> 0x0042f163 : mov edx, [esi + 0xc]; mov eax, [edi + 0x28]; push edx; push eax; call [edi + 0x24]
> 0x0042f8ee : mov eax, [ebx + 0xc]; push eax; mov eax, [esp + 0x4c]; mov ecx, [eax + 0x28]; push ecx; call [eax + 0x24]
> 0x0042b92f : mov edx, [eax + 4]; mov ecx, [esp + 8]; mov [ecx], edx; mov eax, [eax + 8]; mov [ecx + 4], eax; xor eax, eax; ret 8

© 2014 - 2019 - Powered by ROPEME | Contact