ROPSHELL 
ropshell> use 2a003eca609be390f13cb47a10f0c966 (download)
name         : offsecsrv.exe (i386/PE)
base address : 0x401000
total gadgets: 3926

ropshell> suggest "load mem"
> 0x00414643 : mov eax, [ebp + 0xc]; pop ebp; ret
> 0x00438343 : mov ecx, [eax + 0x1c]; jmp ecx
> 0x0041f1e9 : mov ecx, [edx + 0x10]; jmp ecx
> 0x00404fdc : mov eax, [edx]; mov [edx], ecx; pop ebp; ret
> 0x0042a5a3 : mov ecx, [ebp + 0xc]; pop ebp; jmp ecx
> 0x0042f5d8 : mov edx, [ebx]; mov eax, edx; pop edx; pop ebx; pop ebp; ret
> 0x00409446 : mov edx, [ebp + 0xc];  add [eax], edx; pop ebp; ret
> 0x0040eef6 : mov ecx, [eax]; mov eax, [eax + 4]; jmp eax
> 0x00416707 : mov ecx, [edx]; mov ecx, [ecx + 0x10]; jmp ecx
> 0x0041f1e7 : mov edx, [eax]; mov ecx, [edx + 0x10]; jmp ecx
> 0x00415c81 : mov eax, [edx + 0x14]; mov [ecx + 4], eax; pop ebp; ret
> 0x0042e93f : mov eax, [ebx + 0x18]; mov [ebp - 0x58], 2; call eax
> 0x0042baea : mov eax, [ecx + 0x10]; mov [ebp - 0x40], 2; call eax
> 0x004292bd : mov eax, [esi + 0x10]; mov [ebp - 0x68], 2; call eax
> 0x0040e8ab : mov ebp, [eax + 0x20]; mov esp, [edx + 8]; jmp ecx
> 0x004043a9 : mov eax, [ebx]; mov [esp], eax; call [ecx + 0x20]
> 0x00404660 : mov eax, [ecx]; mov [esp], eax; call [edx + 0x1c]
> 0x004299ba : mov eax, [esi]; mov [esp], esi; call [eax + 0x24]
> 0x00431ca6 : mov ebx, [ebp + 0xc]; mov eax, edx; pop ecx; add eax, ebx; pop ebx; pop ebp; ret
> 0x0043f625 : mov edx, [ecx + 0xc]; or edx, [ebp + 0xc]; mov [ecx + 0xc], edx; pop ebp; ret
> 0x0043310b : mov edx, [ebx + 0x40]; mov [ebx + 8], eax; mov [ebx + 4], edx; pop ebx; pop ebp; ret
> 0x0040ad23 : mov eax, [edi]; mov [esp], edi; mov [esp + 4], edx; call [eax + 0x10]
> 0x0043828b : mov edx, [ecx]; mov [esp + 4], eax; mov [esp], ecx; call [edx + 0x34]
> 0x00434a6d : mov eax, [edi + 0x58]; mov edx, [eax]; mov [esp], eax; call [edx + 0x14]
> 0x00434b5c : mov edx, [edi + 0x58]; mov [esp], edx; mov edx, [ebp - 0x34]; call [edx + 0x10]
> 0x0043db59 : mov edx, [edi]; movzx eax, al; mov [esp + 4], eax; mov [esp], edi; call [edx + 0x34]
> 0x00415c79 : mov edx, [eax + 8]; mov eax, [edx + 0x10]; mov [ecx], eax; mov eax, [edx + 0x14]; mov [ecx + 4], eax; pop ebp; ret
> 0x00420ef6 : mov edx, [esi]; xor eax, eax; mov [esp + 8], eax; movsx eax, cl; mov [esp + 4], eax; mov [esp], esi; call [edx + 0x20]

© 2014 - 2019 - Powered by ROPEME | Contact