ROPSHELL 
ropshell> use cd602bfcce93143c096d0c76c31c8a51 (download)
name         : Dumped_test.exe (i386/PE)
base address : 0x401000
total gadgets: 44609

ropshell> suggest
call
    > 0x004154e1 : call [ebp - 0x75]; ret
    > 0x0040109d : call eax
    > 0x0041942f : call ebx
    > 0x004031ec : call ecx
    > 0x0040105b : call edx
jmp
    > 0x00423350 : push esp; ret
    > 0x0040100b : jmp eax
    > 0x00442440 : jmp ebx
    > 0x004b9d3d : jmp ecx
    > 0x0040102d : jmp edx
load mem
    > 0x004794fb : mov eax, [ecx]; ret
    > 0x005cdb8c : mov eax, [edx]; ret
    > 0x005805c8 : mov eax, [esi]; pop esi; ret
    > 0x0054d7eb : mov eax, [ecx + 0x12c]; ret
    > 0x005cdb6c : mov eax, [edx + 0x128]; ret
load reg
    > 0x004431fe : pop eax; ret
    > 0x00401379 : pop ebx; ret
    > 0x004031a1 : pop ecx; ret
    > 0x0064a982 : pop edx; ret
    > 0x004012f7 : pop esi; ret
pop pop ret
    > 0x004431fe : pop eax; ret
    > 0x006057e9 : pop eax; pop eax; ret
    > 0x005429e0 : pop eax; pop edi; pop esi; ret
    > 0x00668912 : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x0057e31b : pop ebp; pop ebx; pop edi; pop esi; pop ecx; ret
sp lifting
    > 0x00563e49 : add esp, 0x1000; ret
    > 0x00563e49 : add esp, 0x1000; ret
    > 0x0043ffcf : add esp, 0x2000; ret
    > 0x00575008 : add esp, 0x304; ret
    > 0x00558e19 : add esp, 0x4000; ret
stack pivoting
    > 0x00426afc : xchg eax, esp; ret
    > 0x00401bf3 : mov esp, ebp; pop ebp; ret
    > 0x0062b70b : lea esp, [ebp + 6]; ret
    > 0x0052ae49 : push esi; pop esp; pop esi; add esp, 0xc; ret
    > 0x00628879 : lea esp, [esp]; call ebx
write mem
    > 0x0041aba4 : add [ebx], eax; ret
    > 0x0041423d : add [ebx], ecx; ret
    > 0x00570a37 : add [ebx], esi; ret
    > 0x0040136f : add [ebx], edi; ret
    > 0x0067cd77 : adc [ebx], ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact