ROPSHELL 
ropshell> use 8072c981b4b780c764d2ebb63ef84c02 (download)
name         : BlizzardError.exe (i386/PE)
base address : 0x401000
total gadgets: 11968

ropshell> suggest "load mem"
> 0x00406260 : mov eax, [ecx]; ret
> 0x00402f80 : mov eax, [ecx + 0x10]; ret
> 0x00479232 : mov eax, [esi + 0x44]; pop esi; ret
> 0x0045b626 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x00461374 : mov eax, [edx]; call eax
> 0x00452b6b : mov eax, [esi]; call eax
> 0x004834cb : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x00467d63 : mov edx, [ecx]; call edx
> 0x0047255b : mov ebp, [ebx + 0x20]; jmp eax
> 0x004314fc : mov eax, [edi]; pop edi; pop esi; pop ebx; pop ebp; ret
> 0x00452ba6 : mov ecx, [esi]; push eax; call ecx
> 0x0044f1bd : mov ecx, [edi]; push eax; call ecx
> 0x0043d7f7 : mov edx, [esi]; mov [edx + 0x8f14], eax; ret
> 0x00453b99 : mov eax, [edx + 0x10]; call eax
> 0x004504bb : mov ecx, [eax + 0x10]; call ecx
> 0x004545f2 : mov edx, [eax + 0x10]; call edx
> 0x00468dcd : mov edx, [ecx + 0x1c]; mov esp, ebp; pop ebp; ret
> 0x0046aabe : mov edx, [eax]; push 1; mov ecx, eax; call [edx]; ret
> 0x0041706f : mov eax, [ebx + 0x28]; push eax; call ecx
> 0x0043c9f7 : mov eax, [edi + 0x138]; push eax; call esi
> 0x0044c495 : mov ecx, [esi + 0x10]; push ecx; call eax
> 0x00444749 : mov ecx, [edi + 0x2fc]; push ecx; call eax
> 0x00420db2 : mov ecx, [ebp + 0xc]; mov [ecx], 1; pop ebp; ret
> 0x00415700 : mov edx, [esi + 0x1c]; push edx; call eax
> 0x00416749 : mov edx, [edi + 0x1c]; push edx; call eax
> 0x00401128 : mov edx, [ebp + 8]; mov [edx], cl; pop ebp; ret
> 0x004082a9 : mov edi, [ebp + 8]; push edi; call esi
> 0x0041dfe0 : mov ecx, [eax]; mov [esi], ecx; mov eax, edi; pop edi; ret
> 0x00426eb9 : mov edx, [edi]; push 4; push eax; push edx; call ecx
> 0x00407b28 : mov ebx, [ebp + 0x14]; push esi; push edi; call ebx
> 0x00452c7b : mov ecx, [ebx + 8]; push eax; push esi; call ecx
> 0x0042c6e3 : mov edx, [ebx + 0x1f4]; push esi; push 0; push edx; call eax
> 0x0043159d : mov ebx, [esi + 8]; push edx; push eax; call [ebp + 0x10]
> 0x0046c829 : mov esi, [ebp + 8]; mov ecx, esi; call [ebp + 0x14]
> 0x00474bd2 : mov esi, [edx + esi]; mov ecx, [esi + ecx]; add ecx, edx; add eax, ecx; pop esi; pop ebp; ret
> 0x0044f455 : mov ebx, [esi]; mov edx, [edx + 0x8f60]; mov ecx, [ecx + 0x490]; push ebx; push edx; push ecx; call eax
> 0x004224e1 : mov esi, [ebx]; mov edx, [ebp + 0xc]; mov ecx, [esi + 0x29c]; mov eax, [ecx + 8]; push edx; push esi; call eax
> 0x00452b7d : mov ebx, [edi + 8]; mov ecx, [edi + 4]; add ebx, [esi + 0xc]; mov edx, [esi + 8]; push ecx; push ebx; call edx
> 0x00452c72 : mov esi, [ebx + 0xc]; add esi, [edi + 8]; mov eax, [edi + 4]; mov ecx, [ebx + 8]; push eax; push esi; call ecx
> 0x00472311 : mov eax, [ebx]; mov fs:[0], eax; mov eax, [ebp + 8]; mov ebx, [ebp + 0xc]; mov ebp, [ebp - 4]; mov esp, [ebx - 4]; jmp eax

© 2014 - 2019 - Powered by ROPEME | Contact