ROPSHELL 
ropshell> use 4ca0efa819646e63b1ed96fa41d42ad9 (download)
name         : rpcrt4.dll (i386/RAW)
base address : 0x0
total gadgets: 7062

ropshell> suggest
call
    > 0x000045a5 : call eax
    > 0x000057ca : call ebx
    > 0x0002d840 : call ecx
    > 0x00036d16 : call edx
    > 0x00004725 : call esi
jmp
    > 0x00019771 : jmp eax
    > 0x000be2ac : jmp ebx
    > 0x000bcdc6 : jmp ecx
    > 0x000a7d6b : jmp edx
    > 0x0003f1bf : jmp esi
load mem
    > 0x000baaf4 : mov esi, [eax]; ret
    > 0x0003e450 : mov eax, [ecx + 0x134]; ret
    > 0x000221e4 : mov eax, [esi + 0x14]; pop esi; ret
    > 0x0003e4c5 : mov eax, [ebp + 8]; pop ebp; ret 4
    > 0x00028416 : mov eax, [edi + 0x13c]; pop edi; pop esi; ret
load reg
    > 0x00010fb1 : pop eax; ret
    > 0x00013dba : pop ebx; ret
    > 0x00018c68 : pop ecx; ret
    > 0x000013c8 : pop edx; ret
    > 0x000080b1 : pop esi; ret
pop pop ret
    > 0x00010fb1 : pop eax; ret
    > 0x00079aa6 : pop eax; pop edi; ret
    > 0x0007df4f : pop eax; pop edi; pop esi; ret
    > 0x0003f1a2 : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x0003f3bc : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x0000721b : xchg eax, esp; ret
    > 0x000040f6 : mov esp, ebp; pop ebp; ret
    > 0x00076f35 : xchg esp, edi; dec [ebx - 0x743ca21b]; call [esi - 0x75]
    > 0x0004eaa9 : lea esp, [edi + edi*8 - 1]; call [ecx + 0x50]
    > 0x000bc5e7 : leave ; ret
write mem
    > 0x00031b2d : add [ebx], edi; ret
    > 0x0003d520 : add [ecx], eax; ret
    > 0x0008ef4f : add [ebx], eax; dec edi; ret
    > 0x000400ea : add [ebx + 0x3b6602c1], eax; ret
    > 0x00069d2d : adc [esi + 0x5d], ebx; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact