ROPSHELL 
ropshell> use 45a53a27852a741866e2ba41aa68d38e (download)
name         : final_1458344.raw (i386/RAW)
base address : 0x0
total gadgets: 12500

ropshell> suggest
call
    > 0x00016e65 : call eax
    > 0x0001cb0e : call ebx
    > 0x0004d4d9 : call ecx
    > 0x0001927a : call edx
    > 0x00016de2 : call esi
jmp
    > 0x00112ff9 : push esp; ret
    > 0x00017d11 : jmp eax
    > 0x00079004 : jmp ebx
    > 0x000081c3 : jmp ecx
    > 0x000285c1 : jmp edx
load mem
    > 0x00067bde : mov eax, [ecx]; pop ebp; ret
    > 0x0002b54f : mov eax, [ecx + 0x34]; ret
    > 0x00022bc2 : mov ebp, [esi + 0x5d5bfffd]; ret
    > 0x00126be3 : movzx eax, [edx]; sub eax, ecx; ret
    > 0x0006e1c3 : mov eax, [ebp + 8]; pop ebp; ret
load reg
    > 0x0002073c : pop eax; ret
    > 0x00077c24 : pop ebx; ret
    > 0x00071430 : pop ecx; ret
    > 0x0002a46c : pop edx; ret
    > 0x00078f69 : pop esi; ret
pop pop ret
    > 0x0002073c : pop eax; ret
    > 0x00016f93 : pop ebx; pop ebp; ret
    > 0x0002c8e5 : pop ebp; pop esi; pop edi; ret
    > 0x0002c8e4 : pop ebx; pop ebp; pop esi; pop edi; ret
    > 0x0001e7a1 : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00078d71 : add esp, 0x100; ret
    > 0x00078d71 : add esp, 0x100; ret
    > 0x000c68ed : add esp, 0x24; ret 4
stack pivoting
    > 0x000fd087 : xchg eax, esp; ret
    > 0x00016d1a : mov esp, ebp; pop ebp; ret
    > 0x0003f94e : lea esp, [ecx - 4]; ret
    > 0x0002a54d : mov esp, ecx; jmp edx
    > 0x000ce4e1 : xchg esp, esi; jmp [ebp - 0x77]
syscall
    > 0x000a3d25 : call gs:[0x10]; ret
write mem
    > 0x0019206b : add [ebx], eax; ret 2
    > 0x000d4afd : add [ebx + 0x5d5b08c4], eax; ret
    > 0x001043d5 : add [eax + 1], edi; pop ebp; ret
    > 0x000faee9 : adc [esi + 0x5f], ebx; pop ebp; ret
    > 0x0005235a : add [ebp + 2], esi; pop ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact