ropshell> use 5e124c849547140f30263959295e972c (download) name : VulnerableApp.exe (i386/PE) base address : 0x401000 total gadgets: 303
ropshell> suggest call > 0x0040294b : call ebx > 0x00402667 : call esi > 0x00402d7f : call edi > 0x0040221f : call [eax + 4] > 0x00401aa1 : call [esi + 0x54] jmp > 0x00402c10 : jmp [esi - 0x74] load mem > 0x0040221d : mov eax, [ecx]; call [eax + 4] > 0x00401e3e : mov eax, [esi]; pop edi; mov [eax], 0; mov eax, esi; pop esi; pop ebp; ret 8 > 0x00402b93 : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret load reg > 0x00402d8a : pop ebx; ret > 0x004025a9 : pop ecx; ret > 0x00401c69 : pop esi; ret > 0x004011ee : pop ebp; ret > 0x00401cf5 : pop edi; pop esi; pop ebp; ret 8 pop pop ret > 0x004011ee : pop ebp; ret > 0x004024b2 : pop ecx; pop ebp; ret > 0x00402d88 : pop edi; pop esi; pop ebx; ret > 0x00401dff : pop edi; pop esi; pop ebx; pop ebp; ret 0xc stack pivoting > 0x004011ec : mov esp, ebp; pop ebp; ret > 0x0040214b : leave ; mov eax, ecx; pop ebp; ret 4