ROPSHELL 
ropshell> use 1fab4c106642a4dfe4b8a489cc2b3334 (download)
name         : ncat.exe (i386/PE)
base address : 0x401000
total gadgets: 22194

ropshell> suggest "stack pivoting"
> 0x00459045 : xchg eax, esp; ret
> 0x00401844 : mov esp, ebp; pop ebp; ret
> 0x004549a6 : lea esp, [ebp + 0x474]; pop ebp; ret
> 0x004e57bb : xchg esp, esi; inc [ebx - 0x3874db3c]; pop edi; pop esi; ret
> 0x00499e9d : push ebp; pop esp; pop ebp; pop ebx; add esp, 0x14; ret
> 0x004a7e59 : lea esp, [esp]; push 0; call ebp
> 0x0047580a : push ecx; pop esp; push ebp; push ebx; push esi; call edx
> 0x00417b8f : lea esp, [edi + edi*8 - 1]; call [edx + 0x51]
> 0x00448fbf : lea esp, [esi - 2]; inc [ebx + 0x5e5f04c4]; xor eax, eax; pop ebp; add esp, 0x10; ret
> 0x00434f77 : push esp; add [eax - 0x18], dl; int1 ; pop esp; add [eax], al; add esp, 8; ret
> 0x004666f3 : xchg esp, edi; inc [ebx - 0x47a0ef3c]; add [eax], eax; add [eax], al; pop esi; add esp, 0x18; ret
> 0x004b907b : push eax; adc [eax], eax; add [ebx], dh; fist [ebp - 0x77]; pop esp; and al, 0x2c; call eax
> 0x004a0f84 : xchg esp, ecx; add [eax], al; add [ebx + 0xc88f], cl; add [ecx + 0xc88e], cl; add [ebx], bh; ret
> 0x004be145 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact