ROPSHELL 
ropshell> use 4e38150e304446a25fa46443144af0dc (download)
name         : ch73.exe (i386/PE)
base address : 0x401000
total gadgets: 228

ropshell> suggest
call
    > 0x00401274 : call eax
    > 0x00401549 : call edx
    > 0x004020a6 : call esi
    > 0x00401204 : call edi
    > 0x00402365 : call ebp
jmp
    > 0x0040220a : jmp eax
    > 0x00402a73 : jmp [eax + 0x2a]
    > 0x0040112d : jmp [esi - 0x70]
load mem
    > 0x00402743 : movzx edx, [eax + 0x400006]; mov eax, edx; ret
    > 0x00402360 : mov eax, [ebx]; mov [esp], eax; call ebp
    > 0x00402376 : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x0040194d : pop ebx; ret
    > 0x00402948 : pop ecx; ret
    > 0x004023b6 : pop esi; ret
    > 0x00401eb1 : pop edi; ret
    > 0x00401410 : pop ebp; ret
pop pop ret
    > 0x00401410 : pop ebp; ret
    > 0x00402947 : pop eax; pop ecx; ret
    > 0x00401eaf : pop ebx; pop esi; pop edi; ret
    > 0x0040140d : pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00401095 : add esp, 0x1c; ret
    > 0x00401095 : add esp, 0x1c; ret
    > 0x0040116a : add esp, 0x2c; ret
    > 0x00401cb7 : add esp, 0x3c; ret
    > 0x0040199b : sub esp, 0xc; nop ; call eax
stack pivoting
    > 0x0040140a : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00401944 : xchg eax, esp; adc [eax], al; add [ebx - 0x2776d73c], al; pop ebx; ret
    > 0x00401557 : leave ; ret
write mem
    > 0x00401eab : add [ebx + 0x5e5b30c4], eax; pop edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact