ROPSHELL 
ropshell> use f869804e1748ee8426bc6cba41786010 (download)
name         : source.exe (i386/PE)
base address : 0x401000
total gadgets: 695

ropshell> suggest
call
    > 0x0040915b : call ebx
    > 0x00401731 : call [eax]
    > 0x00404315 : call [ebx - 0x18]
    > 0x00403e28 : call [ecx + 0x68]
    > 0x00402f56 : call [edx]
jmp
    > 0x00402080 : jmp [eax]
    > 0x00407fbd : jmp [ecx + 0x72]
    > 0x00401b6d : jmp [esi - 0x75]
    > 0x00401d41 : jmp [edi]
load mem
    > 0x00406f9a : mov eax, [ebp + 0x10]; pop ebp; ret
    > 0x0040247a : mov edx, [ecx + 4]; pop ebp; ret
    > 0x00402493 : mov ecx, [eax]; mov ax, [ecx - 4]; pop ebp; ret
    > 0x00402478 : mov eax, [ecx]; mov edx, [ecx + 4]; pop ebp; ret
    > 0x00402f53 : mov edx, [ebp + 8]; call [edx]
load reg
    > 0x00404220 : pop ebx; ret
    > 0x00407170 : pop edi; ret
    > 0x00401099 : pop ebp; ret
    > 0x00404261 : pop ecx; pop ebx; ret 4
    > 0x0040421f : pop esi; pop ebx; ret
pop pop ret
    > 0x00401099 : pop ebp; ret
    > 0x0040d64f : pop ebx; pop ebp; ret
    > 0x00407806 : pop ebx; pop esi; pop edi; ret
    > 0x0040d64d : pop edi; pop esi; pop ebx; pop ebp; ret
stack pivoting
    > 0x00401097 : mov esp, ebp; pop ebp; ret
    > 0x004072b6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x00403ded : xchg eax, esp; add [eax], al; add [ebp - 0x977b], cl; call [eax - 1]
    > 0x004081cd : leave ; ret
write mem
    > 0x0040239d : add [ebx + 0x189104d], ecx; mov esp, ebp; pop ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact