ROPSHELL 
ropshell> use 7433d9a8a217c89f0100d7400595b5c4 (download)
name         : PlugY.dll (i386/PE)
base address : 0x10001000
total gadgets: 2588

ropshell> suggest
call
    > 0x1000a517 : call eax
    > 0x10001746 : call ebx
    > 0x1000a263 : call esi
    > 0x10001971 : call edi
    > 0x1000a5c6 : call ebp
jmp
    > 0x100010f3 : jmp eax
    > 0x100026e9 : jmp ecx
    > 0x1000b638 : jmp edx
    > 0x10014972 : jmp esi
    > 0x10016e85 : jmp edi
load mem
    > 0x10023a36 : mov eax, [ecx + 0x170]; ret
    > 0x10022b09 : mov eax, [esi + 0x150]; ret
    > 0x10022ade : mov ecx, [esi + 0x17c]; ret
    > 0x10022c2c : mov edx, [ecx + 4]; ret
    > 0x10022c29 : mov eax, [ecx]; mov edx, ds:[ecx + 4]; ret
load reg
    > 0x1000cdb8 : pop eax; ret
    > 0x10001241 : pop ebx; ret
    > 0x100012fa : pop ecx; ret
    > 0x10002509 : pop esi; ret
    > 0x1000137f : pop edi; ret
pop pop ret
    > 0x1000cdb8 : pop eax; ret
    > 0x1000cdb7 : pop eax; pop eax; ret
    > 0x1000da7d : pop ebp; pop ebx; pop ecx; ret
    > 0x1000e201 : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x1000ea2d : pop edi; pop ebp; pop esi; pop ebx; pop ecx; ret 8
sp lifting
    > 0x10011ada : add esp, 0x104; ret
    > 0x10011ada : add esp, 0x104; ret
    > 0x100258b5 : add esp, 0x20; ret
    > 0x10018c97 : add esp, 0x34; ret
    > 0x1001fe38 : add esp, 0x40c; ret
stack pivoting
    > 0x1000ba1d : xchg eax, esp; ret
    > 0x1000fc4b : mov esp, ebp; pop ebp; ret
    > 0x10022adb : leave ; ret
write mem
    > 0x100158ea : add [esi], eax; pop ebp; ret
    > 0x1000b354 : add [edi + 0x5d], ebx; pop ecx; ret
    > 0x1000d8ce : add [ebx + 0x5d5e5fc7], ecx; add esp, 8; ret
    > 0x1000dd72 : add [ebx + 0xf], edx; xchg eax, esp; ret
    > 0x10022c2a : add [esi], edi; mov edx, [ecx + 4]; ret

© 2014 - 2019 - Powered by ROPEME | Contact