ROPSHELL 
ropshell> use acb0504a5cd299154111632d9f240d4e (download)
name         : brokenwindow.exe (i386/PE)
base address : 0x401000
total gadgets: 937

ropshell> suggest
call
    > 0x00401ea2 : call eax
    > 0x0040907b : call ebx
    > 0x00402013 : call ecx
    > 0x00406b61 : call edx
    > 0x0040207f : call esi
jmp
    > 0x00401a39 : jmp eax
    > 0x00408800 : jmp esi
    > 0x004034bb : jmp [eax]
    > 0x004050b0 : jmp [ebx]
    > 0x0040762a : jmp [ecx]
load mem
    > 0x004036f0 : mov eax, [ebp + 0x10]; inc [eax]; pop ebp; ret
    > 0x00402b22 : mov eax, [ecx + 4]; mov [esi + 4], eax; mov eax, esi; pop esi; pop ebp; ret 4
load reg
    > 0x0040876e : pop ebx; ret
    > 0x00401388 : pop ecx; ret
    > 0x0040133e : pop esi; ret
    > 0x00401b7d : pop edi; ret
    > 0x00401067 : pop ebp; ret
pop pop ret
    > 0x00401067 : pop ebp; ret
    > 0x00403803 : pop eax; pop ebp; ret
    > 0x00401e30 : pop eax; pop esi; pop edi; ret
    > 0x00403796 : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x0040833d : pop ecx; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x004029a1 : add esp, 0x14; ret
    > 0x004029a1 : add esp, 0x14; ret
stack pivoting
    > 0x004012ec : mov esp, ebp; pop ebp; ret
    > 0x004055ac : xchg eax, esp; bound eax, [ecx]; call esi
    > 0x0040d61b : leave ; ret
write mem
    > 0x00405f9e : add [ecx], eax; pop ebp; ret
    > 0x004089e3 : add [esi + 0x5d], ebx; ret
    > 0x00401b95 : add [ebx + 0x5e0c2444], ecx; pop edi; ret
    > 0x00401ba9 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact