ROPSHELL 
ropshell> use dfdd5352029f9ef94464b23ec94b33b0 (download)
name         : genalgsim_ausf_a (i386/RAW)
base address : 0x0
total gadgets: 7951

ropshell> suggest "load mem"
> 0x0006e7ba : mov eax, [ecx]; ret
> 0x0000c0d0 : movzx eax, [edx]; ret
> 0x000a5b66 : mov edi, [edx]; ret
> 0x0008d8c2 : mov eax, [esi + 0x10]; ret
> 0x00010521 : mov eax, [edi + 0x68]; ret
> 0x00019d33 : movzx eax, [edi]; sub eax, ecx; ret
> 0x000200b3 : movzx ecx, [esi]; sub eax, ecx; ret
> 0x0001fbf3 : movzx edx, [esi]; sub eax, edx; ret
> 0x00000950 : mov ebp, [ebx]; jmp eax
> 0x0000b5a4 : movzx edx, [eax]; mov eax, edx; pop ebx; ret
> 0x00038f70 : mov edi, [ebx]; call ebp
> 0x0001e368 : movzx edx, [esi + ecx]; sub eax, edx; ret
> 0x0008d4f0 : mov edx, [ebp]; inc ecx; call esp
> 0x0003935d : mov esi, [eax]; inc ecx; call esi
> 0x00053e25 : movzx eax, [ecx + eax]; jmp [edx + eax*8]
> 0x0007bde9 : mov eax, [ebx + 0x18]; dec eax; mov [eax], edi; pop ebx; ret
> 0x00009c61 : mov ecx, [eax + 0x10]; call [ebp + 0x18]
> 0x0007bdc9 : mov edx, [ebx + 0x18]; dec eax; mov [edx], eax; pop ebx; ret
> 0x0007bddd : mov edx, [edi + 0x30]; dec eax; mov [eax], edx; pop ebx; ret
> 0x0008e3d9 : mov edx, [edi]; dec esp; mov edi, ebp; inc ecx; call esi
> 0x00062aab : mov ecx, [edx + 0x48]; cmp ecx, [edx + 0x4c]; cmove eax, ecx; ret
> 0x00019d14 : movzx ecx, [esi + edx]; movzx eax, [edi + edx]; sub eax, ecx; ret
> 0x0008f981 : mov edi, [ebp + 0x10]; dec eax; add edi, ebp; call ebx
> 0x00086344 : mov eax, [ebx]; dec eax; add eax, [edx + 8]; call eax
> 0x00006ed5 : mov edi, [ebp]; dec eax; mov eax, [esp + 8]; call eax
> 0x000392a1 : mov esi, [ebx]; dec esp; mov edi, esp; dec ecx; mov ebp, ebx; call ebp
> 0x0008e5fc : mov esi, [edi]; dec eax; mov edi, [esp + 0x10]; inc ecx; call esi
> 0x00064aaa : mov edi, [esi]; dec esp; lea ecx, [esp + 0x28]; inc ecx; call esp
> 0x0006f9d6 : mov eax, [edx + eax]; mov edx, 0; dec eax; cmp eax, -1; dec eax; cmove eax, edx; ret
> 0x0000b2ab : mov ebp, [ebx + 0x98]; dec eax; mov edi, ebp; call [ebp + 0x20]
> 0x0000a739 : mov ebp, [edi + 0x98]; dec eax; mov edi, ebp; call [ebp + 0x20]
> 0x000020cf : mov eax, [ebp + 8]; sub eax, [ebx + 8]; dec eax; add esp, 8; pop ebx; pop ebp; ret
> 0x000702f4 : mov esi, [edi + 0x20]; dec eax; mov edi, [edi + 0x28]; repne inc ecx; call ebx
> 0x0000aca8 : mov ecx, [ebx + 0x10]; dec esp; lea eax, [esp + 0x10]; call [ebp + 0x18]
> 0x0008e3d5 : mov esi, [ebx + 8]; dec ecx; mov edx, [edi]; dec esp; mov edi, ebp; inc ecx; call esi
> 0x00029a6e : mov eax, [esi]; add [edi + 0x63], cl; or al, -0x76; dec edi; lea edx, [edx + ecx]; inc ecx; jmp edx
> 0x000702f0 : mov ecx, [edi + 0x18]; dec eax; mov esi, [edi + 0x20]; dec eax; mov edi, [edi + 0x28]; repne inc ecx; call ebx
> 0x00020559 : mov ebx, [eax]; pop es; add [ecx + 0x63], cl; or al, -0x6d; dec esp; add ecx, ebx; jmp ecx

© 2014 - 2019 - Powered by ROPEME | Contact