ROPSHELL 
ropshell> use 8072c981b4b780c764d2ebb63ef84c02 (download)
name         : BlizzardError.exe (i386/PE)
base address : 0x401000
total gadgets: 11968

ropshell> suggest
call
    > 0x0040430a : call eax
    > 0x00407b2d : call ebx
    > 0x00413ea1 : call ecx
    > 0x0040f959 : call edx
    > 0x00402463 : call esi
jmp
    > 0x0046decf : jmp eax
    > 0x0047a420 : jmp esi
    > 0x0042c45f : jmp [eax]
    > 0x0041b31c : jmp [ebx]
    > 0x0043dc1d : jmp [ecx]
load mem
    > 0x00406260 : mov eax, [ecx]; ret
    > 0x00402f80 : mov eax, [ecx + 0x10]; ret
    > 0x00479232 : mov eax, [esi + 0x44]; pop esi; ret
    > 0x0045b626 : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x00461374 : mov eax, [edx]; call eax
load reg
    > 0x0047ab7a : pop eax; ret
    > 0x00401a1d : pop ebx; ret
    > 0x004098a5 : pop ecx; ret
    > 0x00423ed2 : pop edx; ret
    > 0x004010ca : pop esi; ret
pop pop ret
    > 0x0047ab7a : pop eax; ret
    > 0x00427089 : pop eax; pop ebp; ret
    > 0x00476822 : pop eax; pop esi; pop ebp; ret
    > 0x004759b0 : pop eax; pop esi; pop edi; pop ebp; ret
    > 0x00477218 : pop ecx; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x0041fee6 : add esp, 0x10; ret
    > 0x0041fee6 : add esp, 0x10; ret
stack pivoting
    > 0x0040b92b : xchg eax, esp; ret
    > 0x004018b2 : mov esp, ebp; pop ebp; ret
    > 0x00437d44 : xchg esp, ebx; add al, 0; add [esi - 0x75], bl; ret
    > 0x00432582 : xchg esp, eax; add al, [eax]; add [ebx], bh; ret
    > 0x00421058 : xchg esp, ecx; add eax, [eax]; add [ebx], bh; ret
write mem
    > 0x0041b8f4 : add [ebx], ecx; ret
    > 0x0042f6c9 : add [ebx], edi; ret
    > 0x00410492 : adc [eax + 8], ebp; ret 0x49
    > 0x0046ab0b : add [ebx + 0x5d12ffc8], ecx; ret
    > 0x00437df6 : add [esi + 0x3a], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact