ROPSHELL 
ropshell> use f653ebd9f0b68eeeeb0bc6a78133fb79 (download)
name         : oscp.exe (i386/PE)
base address : 0x401000
total gadgets: 254

ropshell> suggest
call
    > 0x004010cf : call eax
    > 0x004013a1 : call esi
    > 0x00403e0d : call edi
    > 0x00401572 : call [eax]
jmp
    > 0x00401ac4 : jmp [eax]
    > 0x00401aa6 : jmp [ecx + 0x6e]
    > 0x00404694 : jmp [esi + 0x39]
    > 0x00401b0b : jmp [ebp + 0x64]
load mem
    > 0x00403e08 : mov eax, [ebx]; mov [esp], eax; call edi
    > 0x00402c4c : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x00402ab3 : pop ebx; ret
    > 0x00404ee8 : pop ecx; ret
    > 0x00402c6e : pop esi; ret
    > 0x00403044 : pop edi; ret
    > 0x004013b4 : pop ebp; ret
pop pop ret
    > 0x004013b4 : pop ebp; ret
    > 0x00404ee7 : pop eax; pop ecx; ret
    > 0x004013b2 : pop ebx; pop esi; pop ebp; ret
    > 0x004025aa : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00401896 : pop ecx; pop ebx; pop esi; pop edi; pop ebp; lea esp, [ecx - 4]; ret
sp lifting
    > 0x00402d9a : add esp, 0x1c; ret
    > 0x00402d9a : add esp, 0x1c; ret
    > 0x00403210 : add esp, 0x2c; ret
    > 0x004012cb : add esp, 0x3c; ret
    > 0x00402a4b : sub esp, 0xc; nop ; call eax
stack pivoting
    > 0x0040189b : lea esp, [ecx - 4]; ret
    > 0x004013af : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0040140c : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact