ROPSHELL 
ropshell> use 935dc3659569d8fae90f2e3ef60c24e9 (download)
name         : Player.dll (i386/PE)
base address : 0x10001000
total gadgets: 3076

ropshell> suggest "load mem"
> 0x1000edc3 : mov eax, [ecx + 0x78]; ret
> 0x1000ed06 : mov eax, [esi + 0x60]; pop edi; pop esi; ret 4
> 0x1000a37a : mov ebx, [esi + 0x5b]; add esp, 0x10; ret 4
> 0x1000f1e2 : movsx eax, [edi]; pop ebp; pop edi; pop esi; pop ebx; ret 4
> 0x1000e0c4 : mov eax, [ecx]; call [eax + 0x18]
> 0x100081d2 : mov ebx, [eax]; call [ebx + 0x1c]
> 0x10008ed5 : mov ebx, [ecx]; call [ebx + 0x14]
> 0x10012a48 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x1000e5da : mov esi, [ebp]; call [esi + 4]
> 0x100087be : mov ebp, [eax]; call [ebp + 0x10]
> 0x1000e11b : mov ebp, [ecx]; push ebx; call [ebp + 0x14]
> 0x1000ecef : mov eax, [esi]; mov ecx, esi; call [eax + 0x10]
> 0x1000ec35 : mov esi, [ebx]; mov ecx, ebx; call [esi + 0xc]
> 0x1000e277 : mov ecx, [esi + 0x18]; sub eax, ecx; pop ebp; pop edi; pop esi; pop ebx; ret 0xc
> 0x10008c84 : mov ebx, [edx]; push esi; push ecx; push edx; call [ebx + 0x10]
> 0x1000ddb1 : mov ebx, [esi]; push eax; mov ecx, esi; call [ebx + 0x10]
> 0x1000ea60 : mov ebp, [ebx]; push eax; mov ecx, ebx; call [ebp + 0xc]
> 0x10011037 : mov edi, [ecx + 0x14]; mov ecx, [esp + 0x20]; call edi
> 0x1000df40 : mov eax, [edi + 0x2c]; mov ecx, edi; push eax; call [ebx + 0xc]
> 0x1000e671 : mov eax, [ebp + 0xc]; add eax, esi; push eax; call [edi + 4]
> 0x1001621e : mov edx, [ecx + 0x40]; mov [edi], edx; pop edi; pop esi; pop ebx; add esp, 4; ret
> 0x10008fa2 : mov esi, [eax]; lea esi, [esi + ebx*8]; mov [eax], esi; pop esi; pop ebx; ret 8
> 0x1001b8c2 : mov eax, [edx + 8]; add eax, eax; or eax, esi; pop esi; mov [edx + 8], eax; ret
> 0x10018d90 : mov ecx, [eax + 0x1008ea70]; xor eax, eax; mov al, [ecx + edx + 4]; and eax, 0x40; ret
> 0x10010fbb : mov ecx, [edx + 8]; inc ecx; pop esi; mov [edx + 8], ecx; mov [edx + 4], ecx; ret
> 0x1000df3e : mov ebx, [edi]; mov eax, [edi + 0x2c]; mov ecx, edi; push eax; call [ebx + 0xc]
> 0x10008803 : mov ecx, [esi]; shl edi, 3; push edi; mov ebx, [ecx]; push ecx; call [ebx + 0x14]
> 0x10009a74 : mov edi, [esi + 0x40dc]; push 0; push 0; mov eax, [ecx]; push 4; call [eax + 0x14]
> 0x1000e73f : mov edi, [ebp]; push eax; mov eax, [ebp + 0xc]; add eax, ecx; mov ecx, ebp; push eax; call [edi + 4]
> 0x10003e38 : mov ebx, [edx + 0x1c]; mov [ecx + 0xa938], ebx; pop ebx; mov edx, [edx + 0x20]; mov [ecx + 0xa90c], 1; mov [ecx + 0xa93c], edx; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact