ROPSHELL 
ropshell> use d7c7e50f2d5d32b260ed380c475fc37f (download)
name         : ntdll.dll (i386/PE)
base address : 0x4b281000
total gadgets: 12633

ropshell> suggest "stack pivoting"
> 0x4b2cd8f8 : xchg eax, esp; ret
> 0x4b2ac768 : mov esp, ebx; pop ebx; ret
> 0x4b2a66b1 : mov esp, ebp; pop ebp; ret
> 0x4b2b9877 : lea esp, [eax - 0x74000003]; ret
> 0x4b3070a8 : lea esp, [esp + 0x80]; pop ecx; ret
> 0x4b386b35 : xchg esp, ecx; idiv bh; mov esp, ebp; pop ebp; ret 8
> 0x4b36c44c : xchg esp, esi; jmp [esi - 0x75]
> 0x4b2f15e6 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
> 0x4b329413 : xchg esp, edi; call [esi - 0x18]
> 0x4b31bb52 : lea esp, [edi + edi*8 - 1]; jmp [eax]
> 0x4b2e0a3f : lea esp, [ecx + edi*8 - 1]; dec [ebx + 0x33c28bf7]; dec [ecx - 0x69f4b]; jmp [ecx]
> 0x4b2a63d4 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact