ROPSHELL 
ropshell> use 72830e8ced936faef098dcab0fa16136 (download)
name         : tbbmalloc.dll (i386/PE)
base address : 0x10001000
total gadgets: 1702

ropshell> suggest
call
    > 0x10001790 : call eax
    > 0x100018a8 : call ebx
    > 0x100041e9 : call ecx
    > 0x1000405a : call edx
    > 0x10003fd9 : call esi
jmp
    > 0x10001b6f : push esp; ret
    > 0x10006735 : jmp eax
load mem
    > 0x100015a0 : mov eax, [ecx]; ret
    > 0x10001510 : mov eax, [ecx + 0x48]; ret
    > 0x1000406f : mov esi, [eax]; call edi
    > 0x1000214e : mov eax, [edx + 0x1c]; pop edi; pop esi; pop ecx; ret
    > 0x1000215b : mov eax, [esi + 0x48]; pop edi; pop esi; pop ecx; ret
load reg
    > 0x10001522 : pop eax; ret
    > 0x10002519 : pop ebx; ret
    > 0x10001100 : pop ecx; ret
    > 0x1000147d : pop esi; ret
    > 0x10001b39 : pop edi; ret
pop pop ret
    > 0x10001522 : pop eax; ret
    > 0x100031e5 : pop ebp; pop ebx; ret
    > 0x10001ea1 : pop ebp; pop ebx; pop ecx; ret
    > 0x100031e3 : pop edi; pop esi; pop ebp; pop ebx; ret
    > 0x10001e9f : pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
sp lifting
    > 0x1000457b : add esp, 0x10; ret
    > 0x1000457b : add esp, 0x10; ret
    > 0x10005805 : add esp, 0x28; ret 0x10
    > 0x10004909 : add esp, 0x30; ret 0x1c
    > 0x100078b2 : add esp, 0x404; ret
stack pivoting
    > 0x100010ce : mov esp, ebp; pop ebp; ret
    > 0x1000124b : xchg eax, esp; rol bl, -0x34; int3 ; mov al, [ecx + 2]; and al, 1; ret
    > 0x10007e7c : leave ; ret
write mem
    > 0x10001329 : add [eax], edx; ret
    > 0x10007a96 : adc [ebx], edi; ret
    > 0x1000450c : add [esi + 0x5d], ebx; ret 4
    > 0x100012d1 : add [ebx + 0x20acb8], eax; add [eax], al; setne al; ret
    > 0x1000196f : add [edx + 0x10891049], ecx; mov [eax + 4], cl; ret 4

© 2014 - 2019 - Powered by ROPEME | Contact