ROPSHELL 
ropshell> use 1fab4c106642a4dfe4b8a489cc2b3334 (download)
name         : ncat.exe (i386/PE)
base address : 0x401000
total gadgets: 22194

ropshell> suggest
call
    > 0x004b8240 : call [ebp - 0x7d]; ret
    > 0x004086e8 : call eax
    > 0x00408582 : call ebx
    > 0x0040c888 : call ecx
    > 0x0040ee41 : call edx
jmp
    > 0x00404e9c : push esp; ret
    > 0x00408729 : jmp eax
    > 0x0042fd7d : jmp ebx
    > 0x0041a650 : jmp ecx
    > 0x0041a771 : jmp edx
load mem
    > 0x0042e0b6 : mov eax, [ecx]; ret
    > 0x00456396 : mov eax, [ecx + 0x10]; ret
    > 0x004a0792 : mov eax, [edx + 0x108]; ret
    > 0x0045a7b1 : mov eax, [esi + 0x14]; ret
    > 0x004649af : mov eax, [esi]; pop edi; pop esi; ret
load reg
    > 0x0041e096 : pop eax; ret
    > 0x00401b63 : pop ebx; ret
    > 0x00405fd7 : pop ecx; ret
    > 0x00525a93 : pop edx; ret
    > 0x00401be8 : pop esi; ret
pop pop ret
    > 0x0041e096 : pop eax; ret
    > 0x004bdec0 : pop eax; pop ebp; ret
    > 0x004d57fe : pop eax; pop esi; pop ebp; ret
    > 0x004c68b8 : pop eax; pop esi; pop edi; pop ebp; ret
    > 0x005204e2 : pop eax; pop ebx; pop ebp; pop edi; pop esi; ret
sp lifting
    > 0x00451f9a : add esp, 0x1004; ret
    > 0x00451f9a : add esp, 0x1004; ret
    > 0x00499611 : add esp, 0x204; ret
    > 0x00428bf2 : add esp, 0x30; ret
    > 0x0049764e : add esp, 0x404; ret
stack pivoting
    > 0x00459045 : xchg eax, esp; ret
    > 0x00401844 : mov esp, ebp; pop ebp; ret
    > 0x004549a6 : lea esp, [ebp + 0x474]; pop ebp; ret
    > 0x004e57bb : xchg esp, esi; inc [ebx - 0x3874db3c]; pop edi; pop esi; ret
    > 0x00499e9d : push ebp; pop esp; pop ebp; pop ebx; add esp, 0x14; ret
write mem
    > 0x0043406c : add [ebx], ecx; ret
    > 0x004ceae8 : add [ebx], edi; ret
    > 0x004ba63e : add [ebx], ebp; ret
    > 0x00444442 : adc [ebp], edx; ret
    > 0x00424ce3 : add [edx], eax; pop ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact