ROPSHELL 
ropshell> use 837b1e310f2aa8b20f07a9b1ce90ac4f (download)
name         : msvcr71.dll (i386/PE)
base address : 0x7c361000
total gadgets: 2987

ropshell> suggest
call
    > 0x7c361037 : call eax
    > 0x7c361c41 : call ebx
    > 0x7c3615e7 : call ecx
    > 0x7c362520 : call esi
    > 0x7c365f43 : call edi
jmp
    > 0x7c3936e5 : push esp; ret
    > 0x7c3610da : jmp eax
    > 0x7c376188 : jmp ebx
    > 0x7c39478b : jmp ecx
    > 0x7c375f1a : jmp edi
load mem
    > 0x7c37640a : mov eax, [ecx + 0xc]; ret
    > 0x7c393334 : mov eax, [edx + 4]; ret
    > 0x7c37094d : mov eax, [esi + 0x28]; pop esi; ret
    > 0x7c36d546 : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x7c380d90 : movzx eax, [ecx]; add eax, esi; pop esi; ret
load reg
    > 0x7c365b99 : pop eax; ret
    > 0x7c361c79 : pop ebx; ret
    > 0x7c361594 : pop ecx; ret
    > 0x7c386c47 : pop edx; ret
    > 0x7c3615b7 : pop esi; ret
pop pop ret
    > 0x7c365b99 : pop eax; ret
    > 0x7c371cbd : pop eax; pop ebp; ret
    > 0x7c38d56e : pop ebp; pop ebx; pop ecx; ret
    > 0x7c36615b : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x7c396472 : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x7c3828cc : add esp, 0x100; ret
    > 0x7c3828cc : add esp, 0x100; ret
    > 0x7c3755f3 : add esp, 0x20; ret
    > 0x7c364e2c : add esp, 0x48; ret
stack pivoting
    > 0x7c361350 : xchg eax, esp; ret
    > 0x7c396f34 : mov esp, ebx; pop ebx; ret
    > 0x7c365dc6 : mov esp, ebp; pop ebp; ret
    > 0x7c361af3 : lea esp, [ebp - 8]; pop edi; pop esi; pop ebp; ret 0xc
    > 0x7c361554 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
write mem
    > 0x7c362a08 : add [ebx], eax; ret
    > 0x7c380b49 : add [eax + 0x3a414606], ecx; ret
    > 0x7c36fd25 : add [ebx + 0x5d5e5fc6], ecx; ret
    > 0x7c38b4b7 : add [esi + 0x5b], ebx; ret
    > 0x7c36bd34 : add [edi + 0x5e], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact