ROPSHELL 
ropshell> use 911ddf2e16761643a47225f654d811e5 (download)
name         : ntdll.dll (i386/PE)
base address : 0x7c901000
total gadgets: 6968

ropshell> suggest
call
    > 0x7c90e455 : call eax
    > 0x7c9404d9 : call ebx
    > 0x7c9032a6 : call ecx
    > 0x7c926a41 : call edx
    > 0x7c927ac0 : call esi
jmp
    > 0x7c956d70 : jmp eax
    > 0x7c934edb : jmp ebx
    > 0x7c913854 : jmp ecx
    > 0x7c91eae7 : jmp esi
    > 0x7c91022b : jmp edi
load mem
    > 0x7c90e2b5 : mov eax, [edx + 4]; ret
    > 0x7c913a5e : mov edi, [ebp + 0xffffffdc]; ret
    > 0x7c971773 : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x7c91e45b : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
    > 0x7c973167 : movzx eax, [ecx]; inc ecx; mov [edx], ecx; ret
load reg
    > 0x7c90192c : pop ebx; ret
    > 0x7c96d53a : pop ecx; ret
    > 0x7c90137d : pop edx; ret
    > 0x7c901d52 : pop esi; ret
    > 0x7c902486 : pop edi; ret
pop pop ret
    > 0x7c90e504 : pop ebp; ret
    > 0x7c972c6a : pop eax; pop ebp; ret
    > 0x7c92388b : pop ebx; pop edi; pop ebp; ret
    > 0x7c915262 : pop edi; pop esi; pop ebx; pop ebp; ret
    > 0x7c90eb2e : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
sp lifting
    > 0x7c90e037 : add esp, 0x14; ret
    > 0x7c90e037 : add esp, 0x14; ret
stack pivoting
    > 0x7c918bfe : xchg eax, esp; ret
    > 0x7c972e3d : mov esp, ebx; pop ebx; ret
    > 0x7c90e502 : mov esp, ebp; pop ebp; ret
    > 0x7c90118a : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c92d9e6 : lea esp, [esi + edi*8]; dec ecx; ret 0x10
write mem
    > 0x7c91bb9b : add [edx], eax; pop ebp; ret
    > 0x7c939b13 : adc [eax + 0xc1d8036b], edx; ret
    > 0x7c939a20 : adc [ebx + 0x33f703c7], ecx; ret
    > 0x7c9746c7 : add [esi + 0xffffff8a], ebx; ret
    > 0x7c957792 : add [edi + 0xffffffc9], ebx; ret 8

© 2014 - 2019 - Powered by ROPEME | Contact