ROPSHELL 
ropshell> use a1f9191578ccf9869a952e47591e1708 (download)
name         : SystemSurvey.exe (i386/PE)
base address : 0x401000
total gadgets: 21654

ropshell> suggest "write mem"
> 0x004d10d1 : add [ebx], eax; ret
> 0x0044cdc4 : add [ebx], ecx; ret
> 0x00438203 : adc [ebx], edi; ret
> 0x0045cd51 : add [ebx], ebp; ret
> 0x0040c8a2 : add [ecx], eax; ret
> 0x00422c03 : add [edx], edi; ret
> 0x00446e70 : adc [esi], edx; ret
> 0x0052aba0 : add [eax], ebx; pop ebp; ret
> 0x004060b4 : add [eax + 0x3a414202], ecx; ret
> 0x004a4a6c : add [ebx + 0x3b082444], ecx; ret
> 0x00431fe6 : add [ecx + 0x3a], eax; ret
> 0x00438f19 : add [ecx + 0x5d], ebx; ret
> 0x004a5d1d : add [edx + 0x3a], eax; ret
> 0x004066fc : add [esi + 0x5d], ebx; ret
> 0x004a19e2 : add [edi + 0x3a], eax; ret
> 0x00444075 : add [edi + 0x5d], ebx; ret
> 0x004a9692 : add [ebp + 0x3a], eax; ret
> 0x0046ec9f : add [eax + 0x5b5e5f01], esi; pop ebp; ret 4
> 0x00498bce : add [eax + 1], edi; pop esi; ret
> 0x0044d6e4 : add [esi + 0x16a8], ecx; pop esi; ret
> 0x004483c5 : add [edi + 0x48], edx; pop edi; ret
> 0x0044e531 : add [eax], edi; and [esi], edx; ret
> 0x004a87ef : add [edx], eax; add [eax], al; ret
> 0x0048b763 : add [ebp + 0x5d5e0146], ecx; pop ebx; pop ecx; ret
> 0x00422d21 : add [ebx + 0x57], edx; call ecx
> 0x0051a391 : add [ebp + 4], esi; xor eax, eax; inc eax; ret
> 0x004d15c8 : add [edx], ebp; add al, 0; mov esp, ebp; pop ebp; ret 0xc
> 0x00427ed2 : add [edi], ecx; mov dh, 0; pop edi; pop ebx; pop esi; ret
> 0x004a96de : adc [ebx + 0x5e5fffc8], eax; pop ebp; pop ebx; add esp, 0x40; ret
> 0x0041dbb8 : add [ebx], esi; rol [ebp - 0x3d6bf040], cl; pop esi; mov eax, edx; ret
> 0x0044bbe3 : add [esi + 0x16c0], edi; pop edi; pop ebx; mov esp, ebp; pop ebp; ret
> 0x004bd55d : add [ebx + 4], esi; pop edi; pop esi; mov al, 1; pop ebx; pop ebp; ret 8
> 0x0052c94c : add [eax], edx; add [eax], al; push eax; push edi; call ebx
> 0x004030fb : adc [ecx], edx; add [ebp - 0x4036b], cl; call [edx - 0x75]
> 0x00422965 : adc [eax + 0x51], edx; mov ecx, [edx + 0x5c]; call ecx
> 0x004f63e6 : adc [esi + 0x50], edx; mov eax, [edx + 0x20]; call eax
> 0x00461593 : add [ebx + 8], edi; mov [ebx + 4], ecx; pop edi; mov esp, ebp; pop ebp; ret
> 0x0041b2fb : add [edx + 1], ebp; push eax; mov eax, [ecx + 0x10]; call eax
> 0x00424b4e : add [eax + 0x44], ebp; add eax, [eax]; add [ebp - 0x3577b], cl; call [edi - 0x77]

© 2014 - 2019 - Powered by ROPEME | Contact