ROPSHELL 
ropshell> use 5c42d7edad34b9a6fbc573699657f674 (download)
name         : iw4x.exe (i386/PE)
base address : 0x401000
total gadgets: 50584

ropshell> suggest "stack pivoting"
> 0x0043153a : xchg eax, esp; ret
> 0x004032f1 : mov esp, ebp; pop ebp; ret
> 0x00439d40 : xchg esp, edi; inc [ebx - 0x3fcdf33c]; pop esi; ret
> 0x005b8ee6 : mov esp, esp; inc [ebx + 0x5e5f0cc4]; ret
> 0x0063dda3 : xchg esp, esp; inc [ebx - 0x3fccfb3c]; add esp, 0x410; ret
> 0x0063dda3 : xchg esp, esp; inc [ebx - 0x3fccfb3c]; add esp, 0x410; ret
> 0x005e0bd3 : mov esp, ebx; add eax, [eax]; pop ecx; ret
> 0x004b9db3 : xchg esp, esi; inc [ebx + 0x5e5d08c4]; add esp, 0x530; ret
> 0x0054c3a0 : push edx; pop esp; push ecx; push eax; call edx
> 0x0052edc4 : xchg esp, ebx; or al, [eax]; add [ebx], dh; ret
> 0x0069574c : xchg esp, ecx; add [eax], al; add [ebx], bh; ret
> 0x00593ea1 : mov esp, ecx; rep ; call [eax - 0x18]
> 0x0044cc5f : lea esp, [esi]; sbb eax, [eax]; pop edi; pop esi; ret
> 0x004df8e9 : lea esp, [esp]; push ebp; push ebx; call esi
> 0x00613164 : mov esp, eax; xor ah, [ecx]; jmp [0]
> 0x004960b0 : mov esp, edi; inc [ebx + 0x5e5f1cc4]; pop ebp; pop ebx; add esp, 0x14; ret
> 0x00499cf7 : lea esp, [ebp - 0x808]; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret
> 0x0069d7b0 : xchg esp, edx; add [eax], al; add [ecx + 0x1b03877], cl; pop esi; ret
> 0x00698028 : lea esp, [eax]; add [eax], eax; add [ebp + 0x5b], bl; add esp, 0xc; ret
> 0x006b436f : lea esp, [edi + edi*8 + 0x4c483ff]; pop edi; mov eax, esi; pop esi; add esp, 0x10; ret
> 0x0052579e : push ecx; pop esp; xor ecx, ecx; cmp [edx + eax + 0x3a], 1; setne cl; mov eax, ecx; ret
> 0x0063e59e : push esi; pop esp; fst [esi + 0x58]; fst [esi + 0x54]; fstp [esi + 0x50]; pop esi; ret
> 0x00458df5 : xchg ecx, esp; pop es; add [ebx + 0x46c60cc4], al; cmp al, 0; pop esi; ret
> 0x00451f43 : mov esp, esi; push es; add [ebx - 0x397ceb3c], al; or [ebx - 0x418afe11], al; pop edi; pop esi; ret
> 0x0059f163 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact