ROPSHELL 
ropshell> use ca340a2a594352105b120027f64359ea (download)
name         : avpmain.dll (i386/PE)
base address : 0x67111000
total gadgets: 10618

ropshell> suggest "write mem"
> 0x6713dbab : add [ebx], edi; ret
> 0x67117b3a : add [ecx], eax; ret
> 0x67192450 : add [ebx + 0x3b6602c1], eax; ret
> 0x67172d88 : add [ebx + 0x5d5e5fc6], ecx; ret 4
> 0x67194ae2 : add [edi], ecx; xchg eax, ebp; ret
> 0x6711d88f : add [edi + 0x5e], ebx; pop ebp; ret 4
> 0x6718ea5b : add [ebx], ecx; add [eax], eax; ret
> 0x67128232 : add [ebx], esi; ror [ecx - 0x1a74fbaf], 0x5d; ret
> 0x67159110 : add [eax + 0x6437e801], esi; add al, 0; ret 8
> 0x671327bf : add [edx + 1], ebp; call [eax]; ret
> 0x671676d4 : add [edi + 4], esi; pop edi; pop esi; pop ebp; ret 4
> 0x6712d7ea : add [edx], ebp; call [eax + 0x2c]
> 0x6712fe9b : adc [eax + 0x51], edx; call [edx + 0x14]
> 0x6713fca2 : add [ebx + 0x51], edx; call [eax + 0xc]
> 0x671528af : add [ecx + 0x57], edx; call [eax + 0xc]
> 0x67157637 : add [ecx + 0x78b574a], ebp; call [eax + 4]
> 0x67143caf : add [ebp + 0x5152e855], ecx; call [eax + 0xc]
> 0x6711db97 : add [ebp + 4], esi; and [esi + 0xc], 0; pop esi; ret
> 0x67138ab8 : add [ebx + 4], esi; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret 0x10
> 0x67152b99 : add [esi + 4], edi; pop edi; mov eax, esi; pop esi; pop ebx; pop ebp; ret 4
> 0x67157440 : adc [ecx + 0x59], ebx; mov eax, edi; pop edi; pop esi; mov esp, ebp; pop ebp; ret
> 0x67151800 : adc [eax + 0x14], ebp; inc eax; sbb esp, [edi + 0x50]; call esi
> 0x67158f67 : add [ebx + 4], ebp; add [ebx + 0x1b00cc4], al; pop edi; pop esi; pop ebx; pop ebp; ret 8
> 0x67153e96 : adc [edi + 0x6a], edx; add [ebp - 0x24f73], ecx; inc [ebx - 0x4717021d]; add bh, ah; push esi; ret
> 0x6718163a : add [edi], ebx; mov [esi], ebx; mov eax, [ebx]; push ebx; call [eax]
> 0x6714e2c0 : add [eax], ebp; adc [eax + 0x20], ah; push eax; mov ecx, [eax]; call [ecx + 0x1c]
> 0x67173487 : add [ebp + 0x7b840fc0], eax; add [eax], eax; add [ebp - 0x64773], cl; dec [ebp - 0x43f7b]; jmp [esi - 0x75]
> 0x671621d3 : adc [ebp + 0x50], edi; mov eax, gs:[edx]; push ecx; push edi; push edx; mov [ebp - 0x10], 1; call [eax + 0xc]
> 0x67190c48 : adc [ecx], ebx; call [di]; inc eax; sbb ah, [edi - 0x77]; inc ebp; or [ebp + 0x6a1074c0], al; call [eax - 1]

© 2014 - 2019 - Powered by ROPEME | Contact