ROPSHELL 
ropshell> use dfdd5352029f9ef94464b23ec94b33b0 (download)
name         : genalgsim_ausf_a (i386/RAW)
base address : 0x0
total gadgets: 7951

ropshell> suggest
call
    > 0x000003f8 : call eax
    > 0x000007fd : call ebx
    > 0x00014267 : call ecx
    > 0x000075b6 : call edx
    > 0x00014208 : call esi
jmp
    > 0x0001495b : push esp; ret
    > 0x00000953 : jmp eax
    > 0x0004cff5 : jmp ebx
    > 0x00020324 : jmp ecx
    > 0x000060b5 : jmp edx
load mem
    > 0x0006e7ba : mov eax, [ecx]; ret
    > 0x0000c0d0 : movzx eax, [edx]; ret
    > 0x000a5b66 : mov edi, [edx]; ret
    > 0x0008d8c2 : mov eax, [esi + 0x10]; ret
    > 0x00010521 : mov eax, [edi + 0x68]; ret
load reg
    > 0x000383cc : pop eax; ret
    > 0x00001151 : pop ebx; ret
    > 0x0003a1f5 : pop edx; ret
    > 0x00005f66 : pop esi; ret
    > 0x00000556 : pop edi; ret
pop pop ret
    > 0x000383cc : pop eax; ret
    > 0x00008a8d : pop ebp; pop ebp; ret
    > 0x000717c7 : pop eax; pop edx; pop ebx; ret
    > 0x000926ec : pop edx; pop edx; pop edx; pop edx; xor [ecx - 0x4d2f0007], -7; jmp [eax]
    > 0x000926eb : pop edx; pop edx; pop edx; pop edx; pop edx; xor [ecx - 0x4d2f0007], -7; jmp [eax]
sp lifting
    > 0x0004713d : add esp, 0x148; ret
    > 0x0004713d : add esp, 0x148; ret
    > 0x00037f8b : add esp, 0x28; ret
    > 0x000482f2 : add esp, 0x38; ret
    > 0x000383ca : add esp, 0x58; ret
stack pivoting
    > 0x000a4e79 : xchg eax, esp; ret
    > 0x0008cea7 : mov esp, ecx; ret
    > 0x00038ed7 : mov esp, edx; call ebp
    > 0x00071dd9 : mov esp, eax; dec esp; mov ebp, ecx; jmp edx
    > 0x0006fa7f : push ebx; adc [ebx + 0x5d], bl; inc ecx; pop esp; ret
write mem
    > 0x00018834 : adc [ebx], eax; ret
    > 0x00032861 : add [eax + 0x28d4802], ecx; ret
    > 0x00027417 : adc [ecx + 7], edi; ret
    > 0x00010503 : adc [edx + ebp], ebp; ret
    > 0x0003599f : adc [esi + 3], edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact