ROPSHELL 
ropshell> use cd602bfcce93143c096d0c76c31c8a51 (download)
name         : Dumped_test.exe (i386/PE)
base address : 0x401000
total gadgets: 44609

ropshell> suggest "stack pivoting"
> 0x00426afc : xchg eax, esp; ret
> 0x00401bf3 : mov esp, ebp; pop ebp; ret
> 0x0062b70b : lea esp, [ebp + 6]; ret
> 0x0052ae49 : push esi; pop esp; pop esi; add esp, 0xc; ret
> 0x00628879 : lea esp, [esp]; call ebx
> 0x0051ceda : mov esp, esi; call [esi - 0x77]
> 0x00637354 : lea esp, [ebx]; jmp [0]
> 0x00450e50 : push edx; pop esp; push ecx; push eax; call edx
> 0x0044d954 : xchg esp, ebx; or al, [eax]; add [ebx], dh; ret
> 0x0063626c : xchg esp, ecx; add [eax], al; add [ebx], bh; ret
> 0x0063e2e0 : xchg esp, edx; add [eax], al; add [ecx + 0x1b03877], cl; pop esi; ret
> 0x00638b48 : lea esp, [eax]; add [eax], eax; add [ebp + 0x5b], bl; add esp, 0xc; ret
> 0x0067ad2f : lea esp, [edi + edi*8 + 0x4c483ff]; pop edi; mov eax, esi; pop esi; add esp, 0x10; ret
> 0x0042c30e : push ecx; pop esp; xor ecx, ecx; cmp [edx + eax + 0x3a], 1; setne cl; mov eax, ecx; ret
> 0x0044e63b : xchg esp, edi; or al, [eax]; add [ebx - 0x7076f3b2], cl; add [ebx], cl; add [eax], al; add esp, 0x14; ret
> 0x005f3c81 : push ebp; pop esp; push es; pop esi; ret
> 0x004d4f62 : xchg esp, eax; pop ss; add [eax], al; add al, ch; ret
> 0x005946dc : lea esp, [esi]; push es; pop edi; pop esi; pop ebp; pop ebx; ret
> 0x004db114 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact