ROPSHELL 
ropshell> use 5e124c849547140f30263959295e972c (download)
name         : VulnerableApp.exe (i386/PE)
base address : 0x401000
total gadgets: 303

ropshell> suggest
call
    > 0x0040294b : call ebx
    > 0x00402667 : call esi
    > 0x00402d7f : call edi
    > 0x0040221f : call [eax + 4]
    > 0x00401aa1 : call [esi + 0x54]
jmp
    > 0x00402c10 : jmp [esi - 0x74]
load mem
    > 0x0040221d : mov eax, [ecx]; call [eax + 4]
    > 0x00401e3e : mov eax, [esi]; pop edi; mov [eax], 0; mov eax, esi; pop esi; pop ebp; ret 8
    > 0x00402b93 : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
load reg
    > 0x00402d8a : pop ebx; ret
    > 0x004025a9 : pop ecx; ret
    > 0x00401c69 : pop esi; ret
    > 0x004011ee : pop ebp; ret
    > 0x00401cf5 : pop edi; pop esi; pop ebp; ret 8
pop pop ret
    > 0x004011ee : pop ebp; ret
    > 0x004024b2 : pop ecx; pop ebp; ret
    > 0x00402d88 : pop edi; pop esi; pop ebx; ret
    > 0x00401dff : pop edi; pop esi; pop ebx; pop ebp; ret 0xc
stack pivoting
    > 0x004011ec : mov esp, ebp; pop ebp; ret
    > 0x0040214b : leave ; mov eax, ecx; pop ebp; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact