ROPSHELL 
ropshell> use 86f1895ae8c5e8b17d99ece768a70732 (download)
name         : msvcr71.dll (i386/PE)
base address : 0x7c341000
total gadgets: 3036

ropshell> suggest
call
    > 0x7c3418d9 : call eax
    > 0x7c34908a : call ebx
    > 0x7c341dd1 : call ecx
    > 0x7c3410e6 : call esi
    > 0x7c34102e : call edi
jmp
    > 0x7c345c30 : push esp; ret
    > 0x7c34888f : jmp eax
    > 0x7c35a78d : jmp ebx
    > 0x7c346b0e : jmp ecx
    > 0x7c35a51f : jmp edi
load mem
    > 0x7c35aa0f : mov eax, [ecx + 0xc]; ret
    > 0x7c345897 : mov eax, [edx + 4]; ret
    > 0x7c36c93b : mov edi, [ebx + 0x5959fffd]; ret
    > 0x7c354f9d : mov eax, [esi + 0x28]; pop esi; ret
    > 0x7c351d60 : mov eax, [ebp + 0x10]; pop ebp; ret
load reg
    > 0x7c344cc1 : pop eax; ret
    > 0x7c341748 : pop ebx; ret
    > 0x7c3410c3 : pop ecx; ret
    > 0x7c3439fa : pop edx; ret
    > 0x7c341920 : pop esi; ret
pop pop ret
    > 0x7c344cc1 : pop eax; ret
    > 0x7c35630d : pop eax; pop ebp; ret
    > 0x7c37151f : pop ebp; pop ebx; pop ecx; ret
    > 0x7c3410c0 : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x7c37653d : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x7c366bd5 : add esp, 0x100; ret
    > 0x7c366bd5 : add esp, 0x100; ret
    > 0x7c359bfe : add esp, 0x20; ret
    > 0x7c341ae4 : add esp, 0x48; ret
stack pivoting
    > 0x7c348b05 : xchg eax, esp; ret
    > 0x7c376ffc : mov esp, ebx; pop ebx; ret
    > 0x7c3424ef : mov esp, ebp; pop ebp; ret
    > 0x7c3422fe : lea esp, [ebp - 8]; pop edi; pop esi; pop ebp; ret 0xc
    > 0x7c341f0a : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
write mem
    > 0x7c349adc : add [ebx], eax; ret
    > 0x7c365051 : add [eax + 0x3a414606], ecx; ret
    > 0x7c354378 : add [ebx + 0x5d5e5fc6], ecx; ret
    > 0x7c343738 : add [esi + 0x5b], ebx; ret
    > 0x7c3432e8 : add [edi + 0x5e], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact