ROPSHELL 
ropshell> use b94b59adfba87d97669ec2ad881973d4 (download)
name         : ucrtbase.dll (i386/RAW)
base address : 0x0
total gadgets: 4531

ropshell> suggest
call
    > 0x000385f6 : call eax
    > 0x0003059d : call edx
    > 0x0007b925 : call edi
    > 0x000ba4dd : call ebp
    > 0x0000c0c4 : call esp
jmp
    > 0x0000f6f6 : jmp eax
    > 0x000bd5fa : jmp ebx
    > 0x0000e396 : jmp ecx
    > 0x00036eb5 : jmp edx
    > 0x00055ffd : jmp esi
load mem
    > 0x0003fa90 : mov eax, [ecx + 0x10]; ret
    > 0x00010e98 : mov ecx, [eax + 0x63]; ret
    > 0x000f4eb9 : mov edi, [ebx + 0x73]; ret
    > 0x00022406 : movzx ecx, [edx]; sub eax, ecx; ret
    > 0x00007166 : mov eax, [ecx]; add [ebx], bh; ret
load reg
    > 0x00016e32 : pop eax; ret
    > 0x00000484 : pop ebx; ret
    > 0x000242d0 : pop ecx; ret
    > 0x000201c2 : pop edx; ret 4
    > 0x00000e69 : pop esi; ret
pop pop ret
    > 0x00016e32 : pop eax; ret
    > 0x00002eaa : pop ebp; pop ebx; ret
    > 0x00006d02 : pop eax; pop esi; pop ebx; ret
    > 0x00002ea8 : pop edi; pop esi; pop ebp; pop ebx; ret
    > 0x000124aa : pop edi; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x0002938c : add esp, 0x10; ret
    > 0x0002938c : add esp, 0x10; ret
    > 0x00000589 : add esp, 0x28; ret
    > 0x00000886 : add esp, 0x38; ret
    > 0x0000074c : add esp, 0x48; ret
stack pivoting
    > 0x000022c2 : xchg eax, esp; ret
    > 0x000331cf : mov esp, ebx; ret
    > 0x0004262f : lea esp, [ebp + 0x10]; pop ebp; ret
    > 0x000f48bd : xchg ebp, esp; wait ; adc bh, [ebx]; ret
    > 0x0000d92f : leave ; ret 3
write mem
    > 0x0001a1a7 : add [edx], eax; ret
    > 0x000122e0 : adc [eax + 8], edi; ret
    > 0x00031d5b : add [ecx + 0x23], eax; ret
    > 0x000136ea : add [edi + 9], esi; ret
    > 0x0000e508 : add [ebp + 0x3b], eax; ret

© 2014 - 2019 - Powered by ROPEME | Contact