ROPSHELL 
ropshell> use 1ab5406f33d8be8febd070750080329a (download)
name         : win32k.sys (i386/PE)
base address : 0xbf800380
total gadgets: 16986

ropshell> suggest "stack pivoting"
> 0xbf84d730 : xchg eax, esp; ret
> 0xbf8688bc : push ecx; pop esp; ret
> 0xbf8016a6 : mov esp, ebp; pop ebp; ret
> 0xbf88374d : xchg esp, edi; dec [ebx - 0x36a4a13a]; ret 0x18
> 0xbf8b7d54 : mov esp, esi; jmp [esi - 0x2f]
> 0xbf873abe : xchg esp, ebx; add [eax], eax; add [ebx], bh; ret
> 0xbf83d8ef : lea esp, [eax - 0x7c000003]; dec ebp; cld ; jmp [esi - 0x7d]
> 0xbf8b6da0 : lea esp, [edi + edi*8 - 1]; call [ecx + 0x52]
> 0xbf8671f9 : lea esp, [esp]; mov edx, edi; mov ecx, esi; call [ebp - 0x38]
> 0xbf800dbd : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact