ROPSHELL 
ropshell> use aad8314b8930c06eb75b2c93a6f2cbd3 (download)
name         : AntReg.dll (i386/PE)
base address : 0x10001000
total gadgets: 583

ropshell> suggest
call
    > 0x100018c1 : call eax
    > 0x10001393 : call ebx
    > 0x1000129f : call esi
    > 0x100013da : call edi
    > 0x1000235d : call ebp
jmp
    > 0x10002dcf : jmp [eax]
    > 0x10003fe3 : jmp [esi - 0x75]
load mem
    > 0x100047a8 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x10001922 : mov eax, [ebp + 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret 0xc
    > 0x100038dd : mov ecx, [ebp + 8]; mov [ebx + 8], ecx; mov [ebx + 4], eax; mov [ebx + 0xc], ebp; pop ecx; pop ebx; ret 4
load reg
    > 0x10002644 : pop eax; ret
    > 0x1000203a : pop ebx; ret
    > 0x100017a6 : pop ecx; ret
    > 0x10001c9e : pop esi; ret
    > 0x10001c60 : pop edi; ret
pop pop ret
    > 0x10002644 : pop eax; ret
    > 0x10001ced : pop eax; pop esi; ret
    > 0x10002470 : pop ebx; pop ecx; pop ecx; ret
    > 0x1000246f : pop ebp; pop ebx; pop ecx; pop ecx; ret
    > 0x1000246e : pop esi; pop ebp; pop ebx; pop ecx; pop ecx; ret
sp lifting
    > 0x10001bab : add esp, 0x10; ret
    > 0x10001bab : add esp, 0x10; ret
stack pivoting
    > 0x1000381c : mov esp, ebp; pop ebp; ret
    > 0x100047a6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x100010cf : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact