ROPSHELL 
ropshell> use 6728e45b66f93c08f11de2e316fc70dd (download)
name         : rdpwd.sys (i386/PE)
base address : 0x10300
total gadgets: 2222

ropshell> suggest
call
    > 0x0002b9c4 : call eax
    > 0x000117b8 : call ebx
    > 0x00011784 : call esi
    > 0x00012768 : call edi
    > 0x00024867 : call [eax]
jmp
    > 0x0002162c : jmp [eax]
    > 0x0002171c : jmp [ebx]
    > 0x00015433 : jmp [ecx]
    > 0x00010f97 : jmp [esi + 0x3b]
load mem
    > 0x00021fd1 : mov eax, [ecx + 0x3c0]; pop ebp; ret 4
    > 0x0001fdbf : mov eax, [ebp + 8]; pop edi; pop esi; pop ebp; ret 4
    > 0x00022a42 : mov eax, [esi]; mov [eax + 0x520], 0; pop esi; pop ebp; ret 4
    > 0x00019750 : mov ecx, [ebp + 0x14]; mov [eax + 0x10], ecx; pop ebp; ret 0x14
    > 0x00018df6 : mov edx, [ebp + 8]; mov [edx + 0x404], cl; pop ebp; ret 8
load reg
    > 0x00018a6a : pop ebx; ret
    > 0x00028a43 : pop esi; ret 8
    > 0x0001a24b : pop ebp; ret
    > 0x000262ae : pop edi; pop ebp; ret 0xc
    > 0x00019855 : pop ecx; pop esi; pop ebp; ret 4
pop pop ret
    > 0x0001a24b : pop ebp; ret
    > 0x00018a69 : pop esi; pop ebx; ret
    > 0x00028a41 : pop ebx; pop edi; pop esi; ret 8
    > 0x0002bba6 : pop eax; pop esi; pop ebx; pop ebp; ret 0x10
    > 0x0002b503 : pop eax; pop esi; pop edi; pop ebx; pop ebp; ret 0x1c
stack pivoting
    > 0x000109d0 : xchg eax, esp; ret
    > 0x0002570e : mov esp, ebp; pop ebp; ret 0x10
    > 0x000181dc : mov esp, eax; pop es; add [eax], al; call edi
    > 0x00011c26 : leave ; ret
write mem
    > 0x00018ef7 : add [esi], eax; pop ebp; ret 8
    > 0x0002ad4e : adc [ebx + 0x33f703c7], ecx; ret
    > 0x0002233a : adc [esi + 0x5d], ebx; ret 0xc
    > 0x00014bd5 : add [edi + 0x5e], ebx; pop ebp; ret 0xc
    > 0x00023255 : add [edx + 0x18], ecx; pop esi; pop ebx; pop ebp; ret 8

© 2014 - 2019 - Powered by ROPEME | Contact