ROPSHELL 
ropshell> use f503e4ae1d2faf5a499a8119610ab505 (download)
name         : BNUpdate.exe (i386/PE)
base address : 0x401000
total gadgets: 4767

ropshell> suggest
call
    > 0x00401f36 : call eax
    > 0x00402119 : call ebx
    > 0x00411f38 : call ecx
    > 0x0040d568 : call edx
    > 0x00405ccb : call esi
jmp
    > 0x00419e43 : jmp ebp
    > 0x004233c4 : push esp; xor dl, [eax]; ret
    > 0x00414ea1 : jmp [eax]
    > 0x00404dfe : jmp [ebx]
    > 0x0040fb20 : jmp [ecx]
load mem
    > 0x004155d0 : mov eax, [ecx + 0xc]; ret
    > 0x00404b48 : mov eax, [ecx]; add eax, edx; ret 4
    > 0x0040d4d3 : mov eax, [edx + 0x12c]; pop edi; pop esi; ret
    > 0x0040d46a : mov eax, [edi + 0x12c]; pop edi; pop esi; ret
    > 0x004199e9 : mov ecx, [esi + 0x28]; call eax
load reg
    > 0x004031ff : pop eax; ret
    > 0x00401b7b : pop ebx; ret
    > 0x00401a6a : pop ecx; ret
    > 0x0040111b : pop esi; ret
    > 0x00404450 : pop edi; ret
pop pop ret
    > 0x004031ff : pop eax; ret
    > 0x00402797 : pop ebp; pop ebx; ret
    > 0x004055a9 : pop ebp; pop ebx; pop ecx; ret
    > 0x00422e07 : pop ebp; pop ebx; pop edi; pop ecx; ret
    > 0x004055a7 : pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
sp lifting
    > 0x00403ab0 : add esp, 0x100; ret
    > 0x00403ab0 : add esp, 0x100; ret
    > 0x0040354f : add esp, 0x204; ret
    > 0x00402f5e : add esp, 0x30; ret
    > 0x00423e04 : add esp, 0x40; ret
stack pivoting
    > 0x0040b7cd : mov esp, ebp; pop ebp; ret
    > 0x00414017 : xchg eax, esp; add al, 0; ret 0xc
    > 0x0041112c : lea esp, [esp]; push esi; call ebx
    > 0x0040ba66 : lea esp, [ebp - 0x120]; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret 4
    > 0x00424fc6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
write mem
    > 0x004079ea : add [eax], ecx; ret
    > 0x004171ad : add [ebx], eax; ret
    > 0x0040719e : add [ebx], ebp; ret 0x6a
    > 0x0040671a : adc [ebx + 0x68], edx; ret
    > 0x0041539a : add [edi + 0x5e], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact