ROPSHELL 
ropshell> use 2baf5bfad99c4c4431432c9df390c739 (download)
name         : ntkrnlpa.exe (i386/PE)
base address : 0x401000
total gadgets: 8015

ropshell> suggest
call
    > 0x004026a3 : call eax
    > 0x0040351b : call ebx
    > 0x004034fb : call ecx
    > 0x00402a1c : call edx
    > 0x00405923 : call esi
jmp
    > 0x00450b3d : push esp; ret
    > 0x004032fb : jmp eax
    > 0x004022bb : jmp ebx
    > 0x0040320b : jmp ecx
    > 0x0040392b : jmp edx
load mem
    > 0x004548dd : mov eax, [edx]; ret 4
    > 0x004652d4 : mov eax, [edx + 4]; ret
    > 0x004117d1 : mov ebx, [ebp + 0x14]; ret
    > 0x00418699 : mov eax, [ecx + 4]; pop ebp; ret 4
    > 0x00462c24 : mov eax, [ebp + 0xc]; pop ebp; ret
load reg
    > 0x00446d12 : pop eax; ret
    > 0x0040fa1f : pop ebx; ret
    > 0x0046739c : pop ecx; ret
    > 0x00403940 : pop edx; ret
    > 0x0040b3e3 : pop esi; ret
pop pop ret
    > 0x00446d12 : pop eax; ret
    > 0x0046f114 : pop ebp; pop ebx; ret
    > 0x00464aae : pop ebx; pop edi; pop ebp; ret
    > 0x00460c98 : pop eax; pop edi; pop esi; pop ebp; ret 0xc
    > 0x004624ed : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
sp lifting
    > 0x0046e9aa : add esp, 0x10; ret
    > 0x0046e9aa : add esp, 0x10; ret
stack pivoting
    > 0x00428097 : xchg eax, esp; ret
    > 0x00466db1 : mov esp, ebx; pop ebx; ret
    > 0x004623fc : mov esp, ebp; pop ebp; ret
    > 0x0042537e : mov esp, edi; pop edi; pop esi; pop ebx; pop ebp; ret 0x10
    > 0x0046f69c : lea esp, [esp]; mov eax, ecx; bswap eax; ret
write mem
    > 0x0043c98c : add [ebx], ecx; ret
    > 0x004116ef : adc [ebx], edi; ret
    > 0x0046ec8d : add [edx], edi; ret
    > 0x004107cd : add [eax], ecx; pop ebp; ret 0x14
    > 0x0044d3c8 : add [eax], edi; pop ebp; ret 0xc

© 2014 - 2019 - Powered by ROPEME | Contact