ROPSHELL 
ropshell> use ca340a2a594352105b120027f64359ea (download)
name         : avpmain.dll (i386/PE)
base address : 0x67111000
total gadgets: 10618

ropshell> suggest
call
    > 0x6711677b : call eax
    > 0x671124b9 : call ebx
    > 0x67121fb0 : call ecx
    > 0x671249e9 : call edx
    > 0x67111fbb : call esi
jmp
    > 0x6713cf42 : jmp eax
    > 0x67146b5a : jmp edi
    > 0x671135aa : jmp ebp
    > 0x67180b57 : jmp esp
    > 0x671ad485 : push esp; idiv bh; ret
load mem
    > 0x67170b9c : mov eax, [esi]; pop esi; ret 4
    > 0x67127dca : mov eax, [ecx + 0x140]; ret
    > 0x6714b827 : mov ebp, [eax + 0x5de58b00]; ret 4
    > 0x6712909b : mov eax, [ebp + 8]; pop ebp; ret 4
    > 0x671327be : mov eax, [ecx]; push 1; call [eax]; ret
load reg
    > 0x67111752 : pop eax; ret
    > 0x67117e2a : pop ebx; ret
    > 0x6711105e : pop ecx; ret
    > 0x671112d3 : pop esi; ret
    > 0x6713489b : pop edi; ret
pop pop ret
    > 0x67111752 : pop eax; ret
    > 0x671151df : pop ebx; pop ebp; ret
    > 0x67153582 : pop ebp; pop edi; pop esi; ret
    > 0x67153581 : pop ebx; pop ebp; pop edi; pop esi; ret
    > 0x67153580 : pop eax; pop ebx; pop ebp; pop edi; pop esi; ret
sp lifting
    > 0x671424fe : add esp, 0x14; ret
    > 0x671424fe : add esp, 0x14; ret
stack pivoting
    > 0x67121880 : xchg eax, esp; ret
    > 0x6718579e : mov esp, ebx; pop ebx; ret
    > 0x67111045 : mov esp, ebp; pop ebp; ret
    > 0x67162c87 : push ecx; pop esp; and [esi], 0; pop ecx; pop esi; ret
    > 0x6718d449 : lea esp, [ebp + edi*8 + 0x45c6ffff]; cld ; add eax, ebp; ret
write mem
    > 0x6713dbab : add [ebx], edi; ret
    > 0x67117b3a : add [ecx], eax; ret
    > 0x67192450 : add [ebx + 0x3b6602c1], eax; ret
    > 0x67172d88 : add [ebx + 0x5d5e5fc6], ecx; ret 4
    > 0x67194ae2 : add [edi], ecx; xchg eax, ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact