ROPSHELL 
ropshell> use a1f9191578ccf9869a952e47591e1708 (download)
name         : SystemSurvey.exe (i386/PE)
base address : 0x401000
total gadgets: 21654

ropshell> suggest
call
    > 0x00405375 : call eax
    > 0x004019f0 : call ebx
    > 0x00401cb2 : call ecx
    > 0x004051e8 : call edx
    > 0x00401e6c : call esi
jmp
    > 0x0048ba20 : push esp; ret
    > 0x004288e6 : jmp eax
    > 0x004c988d : jmp ebx
    > 0x00414fed : jmp ecx
    > 0x0044ef3f : jmp edx
load mem
    > 0x00428b64 : mov eax, [edx]; ret
    > 0x0040b7db : mov eax, [ecx]; cdq ; ret
    > 0x004253ff : mov eax, [esi]; pop esi; ret
    > 0x004db7a0 : mov eax, [ecx + 0x1c]; ret
    > 0x00462f5e : mov edx, [eax]; push 1; call edx; ret
load reg
    > 0x004621c6 : pop eax; ret
    > 0x00402786 : pop ebx; ret
    > 0x0040418c : pop ecx; ret
    > 0x0048ba32 : pop edx; ret
    > 0x004015b0 : pop esi; ret
pop pop ret
    > 0x004621c6 : pop eax; ret
    > 0x0051746b : pop eax; pop ebp; ret
    > 0x00516583 : pop eax; pop esi; pop ebp; ret
    > 0x00520ad3 : pop eax; pop esi; pop edi; pop ebp; ret
    > 0x004a72ea : pop ebp; pop edi; pop esi; pop ebx; pop ecx; ret
sp lifting
    > 0x0047c540 : add esp, 0x1004; ret
    > 0x0047c540 : add esp, 0x1004; ret
    > 0x004835f1 : add esp, 0x204; ret
    > 0x004864ed : add esp, 0x30; ret
    > 0x00499eca : add esp, 0x408; ret
stack pivoting
    > 0x004099dd : xchg eax, esp; ret
    > 0x005322a3 : mov esp, ebx; pop ebx; ret
    > 0x004013c0 : mov esp, ebp; pop ebp; ret
    > 0x004609f4 : mov esp, edi; dec [ebx - 0x1a74a13a]; pop ebp; ret
    > 0x0049f72f : xchg esp, edi; add al, [eax]; add [ebx], bh; ret
write mem
    > 0x004d10d1 : add [ebx], eax; ret
    > 0x0044cdc4 : add [ebx], ecx; ret
    > 0x00438203 : adc [ebx], edi; ret
    > 0x0045cd51 : add [ebx], ebp; ret
    > 0x0040c8a2 : add [ecx], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact