ROPSHELL 
ropshell> use f1066e2543d511b6540dab8925034363 (download)
name         : ntdll.dll (i386/RAW)
base address : 0x0
total gadgets: 11366

ropshell> suggest
call
    > 0x00019966 : call eax
    > 0x0002402d : call ebx
    > 0x0003ba82 : call ecx
    > 0x0001b0be : call edx
    > 0x0002042c : call esi
jmp
    > 0x00015118 : push esp; ret
    > 0x0001bf3d : jmp eax
    > 0x00011afc : jmp ebx
    > 0x0006c015 : jmp ecx
    > 0x0006e2cf : jmp esi
load mem
    > 0x00018b95 : mov edx, [ebx]; ret
    > 0x00015520 : mov ebp, [eax]; ret
    > 0x00072274 : mov eax, [edx + 4]; ret
    > 0x000d839e : mov eax, [esi + 0x20]; pop esi; ret
    > 0x0006de0d : mov eax, [ebp + 0x10]; pop ebp; ret
load reg
    > 0x00067182 : pop eax; ret
    > 0x0002825b : pop ebx; ret
    > 0x000170e1 : pop ecx; ret
    > 0x00017a89 : pop edx; ret
    > 0x00022471 : pop esi; ret
pop pop ret
    > 0x00067182 : pop eax; ret
    > 0x0006eef2 : pop eax; pop ebp; ret
    > 0x00076eb2 : pop eax; pop esi; pop ebp; ret
    > 0x0006ee8c : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x0007731b : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0006cf77 : add esp, 0x14; ret
    > 0x0006cf77 : add esp, 0x14; ret
stack pivoting
    > 0x0005a66b : xchg eax, esp; ret
    > 0x00189543 : mov esp, ebp; ret
    > 0x00031d63 : mov esp, ebx; pop ebx; ret
    > 0x0007e498 : lea esp, [esp + 0x80]; pop ecx; ret
    > 0x00069c96 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
write mem
    > 0x00067422 : add [ebx], eax; ret
    > 0x0003a016 : add [ebx], esi; ret
    > 0x00078e3c : add [ebx], edi; ret
    > 0x00181640 : add [ecx], esi; ret
    > 0x000304b2 : add [ecx], eax; pop edi; ret

© 2014 - 2019 - Powered by ROPEME | Contact