ROPSHELL 
ropshell> use 7b93c623333f121dc9e689ccb1b7a733 (download)
name         : mfc71u.dll (i386/PE)
base address : 0x7c251000
total gadgets: 29480

ropshell> suggest
call
    > 0x7c256152 : call eax
    > 0x7c253668 : call ebx
    > 0x7c255d0c : call ecx
    > 0x7c2fb6f4 : call edx
    > 0x7c251d7f : call esi
jmp
    > 0x7c283769 : push esp; ret
    > 0x7c25690f : jmp eax
    > 0x7c2d4c0b : jmp ebx
    > 0x7c2d4e0b : jmp ecx
    > 0x7c2d6ba8 : jmp edx
load mem
    > 0x7c268f59 : mov eax, [ecx]; ret
    > 0x7c2534d7 : mov eax, [esi]; pop esi; ret
    > 0x7c2c8926 : mov eax, [ecx + 0x10]; ret
    > 0x7c2ee130 : mov eax, [edx + 0x1c]; ret 4
    > 0x7c2bf7a6 : mov eax, [esi + 0x28]; pop esi; ret
load reg
    > 0x7c25e8db : pop eax; ret
    > 0x7c255fb4 : pop ebx; ret
    > 0x7c254dc7 : pop ecx; ret
    > 0x7c25190b : pop esi; ret
    > 0x7c2838cc : pop edi; ret
pop pop ret
    > 0x7c25e8db : pop eax; ret
    > 0x7c25799b : pop eax; pop esi; ret
    > 0x7c2d63cf : pop eax; pop ecx; pop ecx; ret
    > 0x7c2cd169 : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x7c257bd0 : pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
sp lifting
    > 0x7c2f0d18 : add esp, 0x10; ret
    > 0x7c2f0d18 : add esp, 0x10; ret
    > 0x7c30c620 : add esp, 0x20; ret 4
stack pivoting
    > 0x7c28ab23 : xchg eax, esp; ret
    > 0x7c25d960 : push eax; pop esp; ret 0x10
    > 0x7c31dc31 : mov esp, eax; idiv edi; ret
    > 0x7c31487b : mov esp, edx; push esi; ret
    > 0x7c2d32a6 : mov esp, ebp; pop ebp; ret
write mem
    > 0x7c2b2e89 : adc [ebx], edi; ret
    > 0x7c26df95 : add [eax + eax], ecx; ret
    > 0x7c2d1dc5 : add [esi + 0x5d], ebx; ret 0x10
    > 0x7c2b0265 : add [edi + 0x5e], ebx; ret 4
    > 0x7c30c499 : add [ecx], eax; add al, 0; ret 8

© 2014 - 2019 - Powered by ROPEME | Contact