ROPSHELL 
ropshell> use 5081e2ba40b2df97f193382b0212d17a (download)
name         : binkw32.dll (i386/PE)
base address : 0x10001000
total gadgets: 2597

ropshell> suggest
call
    > 0x10007adf : call eax
    > 0x100011da : call ebx
    > 0x1000a959 : call ecx
    > 0x1000575c : call esi
    > 0x10001235 : call edi
jmp
    > 0x1001d6f7 : jmp [eax]
    > 0x100051cf : jmp [ebx]
    > 0x10021731 : jmp [esi - 0x75]
    > 0x1001ede4 : push esp; and al, 6; fldcw [esp + 6]; ret
load mem
    > 0x1001ee44 : mov eax, [edx + 4]; ret
    > 0x1001ab46 : mov eax, [ecx + 0x28]; pop esi; ret 8
    > 0x1001ab15 : mov eax, [esi + 0x28]; pop esi; ret 8
    > 0x1001c8b1 : mov eax, [edi + 0x28]; pop edi; ret 8
    > 0x1001e059 : mov eax, [ebp + 0xc]; pop esi; pop ebx; pop ebp; ret
load reg
    > 0x10005f42 : pop eax; ret
    > 0x1000424b : pop ebx; ret
    > 0x100041cc : pop ecx; ret
    > 0x1001d117 : pop edx; ret
    > 0x10008767 : pop esi; ret
pop pop ret
    > 0x10005f42 : pop eax; ret
    > 0x1001e817 : pop eax; pop ebp; ret
    > 0x100041ca : pop ebp; pop ebx; pop ecx; ret
    > 0x1001f7e2 : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x100041c8 : pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
sp lifting
    > 0x10003caa : add esp, 0x10; ret
    > 0x10003caa : add esp, 0x10; ret
    > 0x10005103 : add esp, 0x20; ret
    > 0x1000411d : add esp, 0x30; ret
    > 0x10006eb9 : add esp, 0x428; ret
stack pivoting
    > 0x10005431 : mov esp, ebp; pop ebp; ret
    > 0x10011b97 : lea esp, [esp + 0xc]; pop edi; pop esi; pop ebp; pop ebx; ret 4
    > 0x1001d026 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x1001ca9a : leave ; ret
write mem
    > 0x1001a779 : add [eax], edx; ret 4
    > 0x100139d2 : add [ebx], ecx; ret
    > 0x10019e79 : add [ebx], edi; ret
    > 0x10021398 : add [eax + 0x5d], ebx; ret
    > 0x1001a943 : add [eax + 1], edi; ret 0xc

© 2014 - 2019 - Powered by ROPEME | Contact