ROPSHELL 
ropshell> use 935dc3659569d8fae90f2e3ef60c24e9 (download)
name         : Player.dll (i386/PE)
base address : 0x10001000
total gadgets: 3076

ropshell> suggest
call
    > 0x100124c9 : call eax
    > 0x1000ad19 : call ebx
    > 0x100131f2 : call ecx
    > 0x100082ed : call esi
    > 0x10008760 : call edi
jmp
    > 0x10019c78 : push esp; ret
    > 0x1000fbff : jmp ecx
    > 0x10009351 : jmp [ebx]
    > 0x100171bd : jmp [esi + 0x25]
    > 0x1000437b : jmp [edi]
load mem
    > 0x1000edc3 : mov eax, [ecx + 0x78]; ret
    > 0x1000ed06 : mov eax, [esi + 0x60]; pop edi; pop esi; ret 4
    > 0x1000a37a : mov ebx, [esi + 0x5b]; add esp, 0x10; ret 4
    > 0x1000f1e2 : movsx eax, [edi]; pop ebp; pop edi; pop esi; pop ebx; ret 4
    > 0x1000e0c4 : mov eax, [ecx]; call [eax + 0x18]
load reg
    > 0x10015ea1 : pop eax; ret
    > 0x10004c2d : pop ebx; ret
    > 0x1001af5c : pop edx; ret
    > 0x10004998 : pop esi; ret
    > 0x10003aea : pop edi; ret
pop pop ret
    > 0x10015ea1 : pop eax; ret
    > 0x10010915 : pop ebp; pop ebx; ret
    > 0x1001b4d6 : pop ebx; pop esi; pop edi; ret
    > 0x100088b3 : pop ebp; pop edi; pop esi; pop ebx; ret
    > 0x1000e205 : pop eax; pop ebp; pop edi; pop esi; pop ebx; ret 0xc
sp lifting
    > 0x1001e94b : add esp, 0x1008; ret
    > 0x1001e94b : add esp, 0x1008; ret
    > 0x1000aac1 : add esp, 0x20; ret
    > 0x10003d5e : add esp, 0x30; ret
    > 0x10019031 : add esp, 0x418; ret
stack pivoting
    > 0x1000994e : xchg eax, esp; ret
    > 0x10013a56 : mov esp, ebp; pop ebp; ret
    > 0x10012a46 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x1001244d : leave ; ret
write mem
    > 0x1001054e : add [eax], edx; pop esi; ret
    > 0x100135ec : add [ebx + 0x5b5e5fc7], ecx; ret
    > 0x10018c0d : add [eax], edi; pop esi; adc eax, -1; ret
    > 0x10019f83 : add [edx], ebp; call esi
    > 0x10018e3c : add [eax + 1], edi; add esp, 4; ret

© 2014 - 2019 - Powered by ROPEME | Contact