ROPSHELL 
ropshell> use dcc7beb1f4184c09b8d6968bd5950609 (download)
name         : OfcPfwCommon.dll (i386/PE)
base address : 0x60e31000
total gadgets: 5209

ropshell> suggest "load mem"
> 0x60e61bf2 : mov eax, [ecx]; ret
> 0x60e50916 : movzx eax, [edx]; ret
> 0x60e4b880 : mov eax, [ecx + 0x1c]; ret
> 0x60e706b4 : mov eax, [edx + 4]; ret
> 0x60e3618f : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x60e5b930 : mov eax, [esi + 0x18]; pop ebx; pop esi; ret
> 0x60e53f3c : mov ebp, [ebx + 0x20]; jmp eax
> 0x60e51e4a : mov eax, [esi]; pop esi; mov esp, ebp; pop ebp; ret
> 0x60e47073 : mov eax, [ebx + 0x20]; call eax
> 0x60e45127 : mov eax, [edi + 0x20]; call eax
> 0x60e7922c : mov eax, [edi]; call [eax + 0x24]
> 0x60e58135 : mov ecx, [ebp + 8]; call [ebp + 0xc]; pop ebp; ret 0xc
> 0x60e51013 : mov ebx, [eax]; add [eax], al; mov esp, ebp; pop ebp; ret
> 0x60e7911c : mov edx, [esi]; push eax; call [edx + 0x30]
> 0x60e558cf : mov ecx, [edx + ecx]; add ecx, esi; add eax, ecx; pop esi; pop ebp; ret
> 0x60e3cc52 : mov edx, [eax]; mov ecx, eax; push 1; call [edx]
> 0x60e53afd : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
> 0x60e78eaa : mov edi, [ebp + 0xc]; push edi; push edx; call [eax + 0x2c]
> 0x60e50b0d : mov edx, [ecx]; movzx eax, [eax]; push eax; call [edx + 0xc]
> 0x60e53da9 : mov ebx, [ebp + 0xc]; mov ebp, [ebp - 4]; mov esp, [ebx - 4]; jmp eax
> 0x60e50506 : mov edx, [ebp + 0xc]; mov [eax], edx; mov [eax + 4], ecx; pop ebp; ret 8
> 0x60e4e710 : mov ecx, [eax]; mov eax, [ebp + 8]; mov [eax], ecx; mov al, 1; pop ebp; ret 4
> 0x60e7923c : mov edx, [edi]; movzx eax, [esi + eax]; push eax; call [edx + 0x44]
> 0x60e47e5f : movzx ecx, [ebx + 0x402]; pop esi; mov [eax + 0x16b4], ecx; pop ebx; mov esp, ebp; pop ebp; ret
> 0x60e6ae50 : mov ecx, [edx]; mov ax, [ebp + 8]; mov [ecx], ax; add [edx], 2; pop ebp; ret
> 0x60e416d7 : mov edx, [ebx]; push eax; push [ebp + 8]; mov eax, [edx + 0x10]; call eax
> 0x60e558cc : mov edx, [esi + edx]; mov ecx, [edx + ecx]; add ecx, esi; add eax, ecx; pop esi; pop ebp; ret
> 0x60e791f4 : mov esi, [ebp + 0xc]; push edi; mov edi, ecx; push esi; mov eax, [edi]; call [eax + 0x28]
> 0x60e5090b : mov ecx, [esi + 0x1c]; pop esi; mov edx, [ecx]; lea eax, [edx + 2]; mov [ecx], eax; movzx eax, [edx]; ret
> 0x60e53d9e : mov eax, [ebx]; mov fs:[0], eax; mov eax, [ebp + 8]; mov ebx, [ebp + 0xc]; mov ebp, [ebp - 4]; mov esp, [ebx - 4]; jmp eax

© 2014 - 2019 - Powered by ROPEME | Contact