ROPSHELL 
ropshell> use 4e44765502a8aafba57c8661983c23ad (download)
name         : vuln10.exe (i386/PE)
base address : 0x401000
total gadgets: 423

ropshell> suggest
call
    > 0x004010aa : call eax
    > 0x00407c78 : call ecx
    > 0x00401346 : call edx
    > 0x00402da8 : call edi
jmp
    > 0x004012e5 : jmp eax
    > 0x00405ecf : jmp [eax]
    > 0x004040e7 : jmp [ecx]
    > 0x004010ed : jmp [esi - 0x70]
load mem
    > 0x004077e1 : mov ecx, [eax + eax]; add [ebx - 0x137c03a3], cl; add al, 0xc9; ret
    > 0x00401d4d : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x00401be1 : pop ebx; ret
    > 0x00402298 : pop ecx; ret
    > 0x004028e8 : pop esi; ret
    > 0x004021a4 : pop edi; ret
    > 0x0040158b : pop ebp; ret
pop pop ret
    > 0x0040158b : pop ebp; ret
    > 0x00402297 : pop eax; pop ecx; ret
    > 0x00401589 : pop ebx; pop edi; pop ebp; ret
    > 0x004018e1 : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00404fd8 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00403877 : add esp, 0x1c; ret
    > 0x00403877 : add esp, 0x1c; ret
    > 0x0040129b : add esp, 0x3c; ret
    > 0x00401b8b : sub esp, 0xc; nop ; call eax
stack pivoting
    > 0x00401586 : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
    > 0x0040138b : leave ; ret
write mem
    > 0x004024a9 : add [esi + 0x5f], ebx; pop ebp; ret
    > 0x004022e8 : add [ebp + 0x31d375c9], eax; dec [ecx + 0x5f5e5bf8]; ret

© 2014 - 2019 - Powered by ROPEME | Contact