ROPSHELL 
ropshell> use b76f8a048f5a0a05018d2413694d4daa (download)
name         : rpcrt4.dll (i386/RAW)
base address : 0x0
total gadgets: 4073

ropshell> suggest
call
    > 0x0000437a : call eax
    > 0x00080b73 : call ebx
    > 0x0003c8cf : call ecx
    > 0x00002ce9 : call edx
    > 0x000d3aad : call esi
jmp
    > 0x0008c528 : push esp; ret
    > 0x0004f488 : jmp eax
    > 0x001206b0 : jmp ebx
    > 0x000073dd : jmp ecx
    > 0x0004cb53 : jmp edx
load mem
    > 0x00063e93 : mov eax, [ecx + 0x10]; ret
    > 0x00021175 : mov eax, [ecx]; dec eax; add esp, 0x28; ret
    > 0x000535c2 : mov eax, [edx]; dec eax; add esp, 0x28; ret
    > 0x00069517 : mov ecx, [eax + 0xc8]; mov [edx], ecx; ret
    > 0x00079f33 : mov edx, [eax]; add [eax], eax; add al, ch; ret
load reg
    > 0x000049df : pop eax; ret
    > 0x00000a48 : pop ebx; ret
    > 0x0008d9bd : pop edx; ret
    > 0x000006f6 : pop esi; ret
    > 0x00000555 : pop edi; ret
pop pop ret
    > 0x000049df : pop eax; ret
    > 0x00003256 : pop ebp; pop ebx; ret
    > 0x0001a587 : pop ebp; pop edi; pop ebx; ret
    > 0x000d50fd : pop ebp; pop edi; pop esi; pop ebp; ret
    > 0x0003eb9d : pop eax; pop edi; pop esi; pop ebp; pop ebx; ret
sp lifting
    > 0x00067972 : add esp, 0x18; ret
    > 0x00067972 : add esp, 0x18; ret
    > 0x000005d3 : add esp, 0x28; ret
    > 0x000278dd : add esp, 0x368; ret
    > 0x00003f99 : add esp, 0x48; ret
stack pivoting
    > 0x00035de7 : xchg eax, esp; ret
    > 0x00061591 : mov esp, ebx; pop ebp; ret
    > 0x00023db9 : lea esp, [ebp + 0x10]; pop ebp; ret
    > 0x0007381c : mov esp, ebp; dec eax; mov ebp, [ebp + 0x20]; dec eax; add esp, 0x38; ret
    > 0x000bce9e : leave ; ret
write mem
    > 0x000856f7 : add [edi], ecx; inc edi; ret
    > 0x000d9466 : adc [eax + 0x6c0], edi; ret
    > 0x000ced7a : add [ecx + 8], eax; ret
    > 0x000b9f37 : add [edx], eax; xor eax, eax; ret
    > 0x000c623c : add [ecx], eax; dec ecx; mov eax, eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact