ROPSHELL 
ropshell> use df81d3b7bf8664873759beaaa0583b0b (download)
name         : tshark.exe (i386/PE)
base address : 0x401000
total gadgets: 1291

ropshell> suggest
call
    > 0x00438f62 : call ebx
    > 0x0041f40d : call ecx
    > 0x00439ff0 : call esi
    > 0x00438ec8 : call edi
    > 0x00405deb : call [eax]
jmp
    > 0x0042917b : jmp esi
    > 0x0042a29e : jmp edi
    > 0x004023e1 : jmp [eax]
    > 0x00417295 : jmp [esi]
    > 0x0042a198 : jmp [edi]
load mem
    > 0x004125f9 : mov eax, [ecx]; pop ebp; ret
    > 0x00421213 : mov eax, [ebp + 0xc]; pop ebp; ret
    > 0x004391f6 : mov ecx, [ebp + 0xc]; ror eax, cl; pop ebp; ret
    > 0x004125f6 : mov ecx, [eax + 4]; mov eax, [ecx]; pop ebp; ret
    > 0x00421827 : mov edx, [ebp + 0x10]; mov [edx], 0; pop ebp; ret
load reg
    > 0x00437cc0 : pop ebx; ret 0x10
    > 0x00439d6b : pop esi; ret
    > 0x00438546 : pop edi; ret 0x10
    > 0x004012f8 : pop ebp; ret
    > 0x004221ca : pop ecx; add [eax], eax; pop ebp; ret
pop pop ret
    > 0x004012f8 : pop ebp; ret
    > 0x00439d6a : pop edi; pop esi; ret
    > 0x00438544 : pop ebx; pop esi; pop edi; ret 0x10
    > 0x00437a6b : pop edi; pop esi; pop ebx; pop ebp; ret 4
sp lifting
    > 0x00437c7f : add esp, 0x14; ret
    > 0x00437c7f : add esp, 0x14; ret
    > 0x00437ead : add esp, 0x20; ret
stack pivoting
    > 0x004013c4 : mov esp, ebp; pop ebp; ret
    > 0x00438865 : xchg esp, edi; call [eax - 0x18]
    > 0x00402828 : xchg eax, esp; push ebx; add eax, [eax]; mov esp, ebp; pop ebp; ret
    > 0x00418294 : lea esp, [edi + edi*8 - 1]; call [ecx - 0x18]
    > 0x0041b1e2 : leave ; add [eax], eax; pop ebp; ret
write mem
    > 0x00419fe3 : add [ecx], eax; nop [eax]; ret
    > 0x004296a5 : add [ebx + 0x189084d], ecx; pop ebp; ret
    > 0x00433797 : add [edx], eax; add [eax], al; add [ebx - 0x1176b], cl; call [edx + 0x68]

© 2014 - 2019 - Powered by ROPEME | Contact