ROPSHELL 
ropshell> use 64e25cb30d4e42aff1eb9337d2dd0b13 (download)
name         : ntdll.dll (i386/PE)
base address : 0x4b281000
total gadgets: 12609

ropshell> suggest
call
    > 0x4b29fbb6 : call eax
    > 0x4b2a62e0 : call ebx
    > 0x4b2d2e33 : call ecx
    > 0x4b2a130e : call edx
    > 0x4b2a65b2 : call esi
jmp
    > 0x4b29b368 : push esp; ret
    > 0x4b2a218d : jmp eax
    > 0x4b297ccc : jmp ebx
    > 0x4b2f55a5 : jmp ecx
    > 0x4b2f782f : jmp esi
load mem
    > 0x4b29ede5 : mov edx, [ebx]; ret
    > 0x4b29b770 : mov ebp, [eax]; ret
    > 0x4b2fb844 : mov eax, [edx + 4]; ret
    > 0x4b367069 : mov eax, [esi + 0x20]; pop esi; ret
    > 0x4b2f739d : mov eax, [ebp + 0x10]; pop ebp; ret
load reg
    > 0x4b2bd1d7 : pop eax; ret
    > 0x4b2a7df8 : pop ebx; ret
    > 0x4b29d331 : pop ecx; ret
    > 0x4b29dcd9 : pop edx; ret
    > 0x4b2a824d : pop esi; ret
pop pop ret
    > 0x4b2bd1d7 : pop eax; ret
    > 0x4b2f8472 : pop eax; pop ebp; ret
    > 0x4b300302 : pop eax; pop esi; pop ebp; ret
    > 0x4b2f840c : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x4b300a5f : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x4b2f6507 : add esp, 0x14; ret
    > 0x4b2f6507 : add esp, 0x14; ret
stack pivoting
    > 0x4b306ac7 : xchg eax, esp; ret
    > 0x4b2ac72c : mov esp, ebx; pop ebx; ret
    > 0x4b2a65f1 : mov esp, ebp; pop ebp; ret
    > 0x4b2bef27 : lea esp, [eax - 0x74000003]; ret
    > 0x4b309088 : lea esp, [esp + 0x80]; pop ecx; ret
write mem
    > 0x4b2a86bd : add [ebx], eax; ret
    > 0x4b319b58 : add [ebx], esi; ret
    > 0x4b2c326c : adc [ebx], edi; ret
    > 0x4b2d9854 : add [ecx], eax; pop edi; ret
    > 0x4b29e1e5 : adc [edx], ebp; lahf ; ret

© 2014 - 2019 - Powered by ROPEME | Contact