ROPSHELL 
ropshell> use d7eef2c46a9880f21be01511024b53ab (download)
name         : MSCOMCTL.OCX (i386/PE)
base address : 0x27581000
total gadgets: 20271

ropshell> suggest
call
    > 0x275cb1de : call eax
    > 0x2758de3f : call ebx
    > 0x275b0ba9 : call ecx
    > 0x2758a983 : call esi
    > 0x2758ab6e : call edi
jmp
    > 0x275b7b5d : push esp; ret 8
    > 0x27581b7d : jmp ebx
    > 0x275e3988 : jmp ecx
    > 0x2759e170 : jmp esi
    > 0x27582fa4 : jmp edi
load mem
    > 0x275e5f1d : mov eax, [ecx + 0x20]; ret
    > 0x2758cb77 : mov ecx, [eax]; call [ecx]; ret 8
    > 0x2761a645 : movsx eax, [ebx + 0xb2]; pop ebx; ret 4
    > 0x275aae6c : mov eax, [esi + 0x10]; pop esi; ret 4
    > 0x275ce8de : mov eax, [ebp + 0x10]; pop ebp; ret 0xc
load reg
    > 0x27590da4 : pop eax; ret
    > 0x2758bfc7 : pop ebx; ret
    > 0x2759499c : pop ecx; ret
    > 0x2758ad32 : pop esi; ret
    > 0x275dd158 : pop edi; ret
pop pop ret
    > 0x27590da4 : pop eax; ret
    > 0x2758ad36 : pop eax; pop esi; ret
    > 0x275b5c57 : pop eax; pop edi; pop esi; ret
    > 0x275a3f28 : pop eax; pop edi; pop esi; pop ebx; ret
    > 0x275dd4f1 : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x275deead : add esp, 0x14; ret
    > 0x275deead : add esp, 0x14; ret
    > 0x275c83d3 : add esp, 0x34; ret
    > 0x275e0775 : add esp, 0x41c; ret
stack pivoting
    > 0x27598bee : xchg eax, esp; ret
    > 0x275de37c : mov esp, ebp; pop ebp; ret
    > 0x275ae3eb : mov esp, ebx; add [eax], eax; add [ecx - 0x3fccfbb8], cl; ret 4
    > 0x275c8276 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x2761ffb7 : lea esp, [edi + edi*8 - 1]; call [eax]
syscall
    > 0x276158e6 : int 0x80; daa ; add [edi + 0x5e], bl; ret 8
write mem
    > 0x275dfca3 : add [eax], ecx; ret
    > 0x27590eb1 : adc [ebx], edi; ret
    > 0x276193af : add [ebx], ebp; ret
    > 0x2761c958 : add [eax + 0x3b], ebx; ret
    > 0x27615913 : add [eax + 0xc], ecx; ret 0xc

© 2014 - 2019 - Powered by ROPEME | Contact