ROPSHELL 
ropshell> use 5c5c3266cf1340ec7af63770be0e5398 (download)
name         : BoF.exe (i386/PE)
base address : 0x401000
total gadgets: 343

ropshell> suggest
call
    > 0x004029b2 : call ebx
    > 0x00403080 : call esi
    > 0x004023be : call edi
    > 0x004010eb : call [eax + 0x68]
    > 0x0040287b : call [ebx + 0x56]
jmp
    > 0x00403120 : jmp [esi + 0x39]
load mem
    > 0x00403d5d : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret
    > 0x004017f6 : mov ecx, [ebp + 0xc]; ror eax, cl; pop ebp; ret
    > 0x00402457 : mov ecx, [eax]; mov [ebp - 4], ecx; mov eax, [ebp - 4]; mov esp, ebp; pop ebp; ret
    > 0x00402081 : mov eax, [ecx + 4]; mov ecx, [ebp - 8]; mov [ecx], edx; mov [ecx + 4], eax; mov esp, ebp; pop ebp; ret
load reg
    > 0x004023cc : pop esi; ret
    > 0x00401058 : pop ebp; ret
    > 0x004023cb : pop edi; pop esi; ret
    > 0x00401055 : pop ebx; mov esp, ebp; pop ebp; ret
    > 0x004015ec : pop ecx; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret
pop pop ret
    > 0x00401058 : pop ebp; ret
    > 0x004023cb : pop edi; pop esi; ret
    > 0x00401053 : pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret
    > 0x004015ec : pop ecx; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret
sp lifting
    > 0x004012df : add esp, 0x14; ret
    > 0x004012df : add esp, 0x14; ret
stack pivoting
    > 0x00401056 : mov esp, ebp; pop ebp; ret
    > 0x00402381 : xchg eax, esp; pop ss; add [eax], al; xor eax, eax; mov esp, ebp; pop ebp; ret 4
write mem
    > 0x00401bc4 : add [eax + 0x5de58b01], esi; ret

© 2014 - 2019 - Powered by ROPEME | Contact