ROPSHELL 
ropshell> use bb5cbffc096497506167bce1d9690ef2 (download)
name         : ntdll.dll (i386/PE)
base address : 0x7c901000
total gadgets: 6382

ropshell> suggest
call
    > 0x7c90eac5 : call eax
    > 0x7c93ee57 : call ebx
    > 0x7c9037bd : call ecx
    > 0x7c925963 : call edx
    > 0x7c927543 : call esi
jmp
    > 0x7c92c35c : push esp; ret
    > 0x7c9556d8 : jmp eax
    > 0x7c955b47 : jmp ebx
    > 0x7c9200d3 : jmp ecx
    > 0x7c965a3b : jmp edx
load mem
    > 0x7c939d3c : mov eax, [edx + 4]; ret
    > 0x7c96ff7f : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x7c9273e0 : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
    > 0x7c9361fc : mov eax, [ecx]; add [eax + 0x5d5e5f01], dh; ret 4
    > 0x7c913309 : mov eax, [esi + 0x20]; pop esi; pop ebx; pop ebp; ret 0x10
load reg
    > 0x7c905df0 : pop eax; ret
    > 0x7c901d68 : pop ebx; ret
    > 0x7c96bd42 : pop ecx; ret
    > 0x7c9013c3 : pop edx; ret
    > 0x7c90219a : pop esi; ret
pop pop ret
    > 0x7c905df0 : pop eax; ret
    > 0x7c971476 : pop eax; pop ebp; ret
    > 0x7c92129a : pop ebx; pop edi; pop ebp; ret
    > 0x7c91506a : pop edi; pop esi; pop ebx; pop ebp; ret
    > 0x7c90f03f : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
sp lifting
    > 0x7c9014cc : add esp, 0x14; ret
    > 0x7c9014cc : add esp, 0x14; ret
stack pivoting
    > 0x7c92c0c8 : xchg eax, esp; ret
    > 0x7c971649 : mov esp, ebx; pop ebx; ret
    > 0x7c90eb77 : mov esp, ebp; pop ebp; ret
    > 0x7c9011a7 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c901117 : lea esp, [esp];  dec [edx + 4]; ret 4
write mem
    > 0x7c91c252 : add [edx], eax; pop ebp; ret
    > 0x7c93a1c5 : adc [ebx + 0x33f703c7], ecx; ret
    > 0x7c9650da : add [esi + 0x5d], ebx; ret 4
    > 0x7c967dec : add [eax + 0x1c], ecx; pop ebp; ret 8
    > 0x7c927b19 : add [edi + 0x5e], ebx; pop ebp; ret 0x10

© 2014 - 2019 - Powered by ROPEME | Contact