ROPSHELL 
ropshell> use bfd4ff5cc102f150729bf9b2a7eadb8e (download)
name         : a.exe (i386/RAW)
base address : 0x0
total gadgets: 348

ropshell> suggest
call
    > 0x00000821 : call eax
    > 0x0000118d : call esi
    > 0x000014ef : call edi
    > 0x000007be : call ebp
    > 0x00001d6b : call [eax]
jmp
    > 0x00000c7f : jmp eax
    > 0x000023ab : jmp esp
    > 0x00001303 : jmp [eax]
    > 0x00016485 : jmp [ecx]
    > 0x000011f5 : jmp [esi + 0x2e]
load mem
    > 0x000014e8 : mov ecx, [ebx]; call ebp
    > 0x000018f0 : movzx ecx, [eax + 6]; mov eax, ecx; ret
    > 0x00001a40 : mov eax, [edx + 0x24]; not eax; shr eax, 0x1f; ret
    > 0x000014fb : mov eax, [ebx + 8]; dec eax; mov ecx, esi; call eax
    > 0x00001183 : mov edx, [eax + 0x10]; dec eax; mov ecx, [eax + 8]; dec ecx; mov ecx, edi; call esi
load reg
    > 0x000012dc : pop eax; ret
    > 0x000013e6 : pop ebx; ret
    > 0x00001b50 : pop ecx; ret
    > 0x00000bdc : pop esi; ret
    > 0x00000eab : pop edi; ret
pop pop ret
    > 0x000012dc : pop eax; ret
    > 0x00001b4f : pop eax; pop ecx; ret
    > 0x00000ea9 : pop ebx; pop esi; pop edi; ret
    > 0x00000910 : pop ebx; pop esi; pop edi; pop ebp; inc ecx; pop esp; ret
sp lifting
    > 0x000006ab : add esp, 0x28; ret
    > 0x000006ab : add esp, 0x28; ret
    > 0x00000775 : add esp, 0x38; ret
    > 0x00001bae : add esp, 0x48; ret
    > 0x000012da : add esp, 0x58; ret
stack pivoting
    > 0x00016497 : xchg eax, esp; add [eax], ecx; lcall [edx]; or eax, [eax]; jmp [ecx]
    > 0x00000820 : leave ; call eax
write mem
    > 0x0000dd6a : add [eax], ecx; ret 0x18
    > 0x00016c2a : add [eax + 4], ebx; ret
    > 0x00016bab : add [ecx + 4], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact