ROPSHELL 
ropshell> use 6ca1ff4c257aa667e9569063f70482d0 (download)
name         : VulnApp2.exe (i386/PE)
base address : 0x14801000
total gadgets: 992

ropshell> suggest
call
    > 0x148029ab : call eax
    > 0x14801211 : call ebx
    > 0x14802400 : call ecx
    > 0x148013ca : call esi
    > 0x148019de : call edi
jmp
    > 0x1480bca5 : jmp eax
    > 0x1480241f : jmp esi
    > 0x1480113d : jmp esp
    > 0x14804ee6 : jmp [eax]
    > 0x1480a135 : jmp [ebx]
load mem
    > 0x1480a354 : mov eax, [edx + 4]; ret
    > 0x14809c1e : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret
    > 0x14803f0f : movzx eax, [edx]; movzx ecx, [ecx]; sub eax, ecx; pop esi; pop ebp; ret
    > 0x1480182d : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
    > 0x14802252 : mov eax, [edi]; mov [ecx], eax; mov [ecx + 4], 0; pop edi; pop ebp; ret
load reg
    > 0x14801146 : pop ebx; ret
    > 0x1480130c : pop ecx; ret
    > 0x148098de : pop edx; ret
    > 0x14801529 : pop esi; ret
    > 0x1480307a : pop edi; ret
pop pop ret
    > 0x1480103e : pop ebp; ret
    > 0x1480359d : pop eax; pop ebp; ret
    > 0x14804ca2 : pop ebx; pop edi; pop esi; ret
    > 0x1480549f : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x14805ab4 : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret
sp lifting
    > 0x14806608 : add esp, 0x10; ret
    > 0x14806608 : add esp, 0x10; ret
stack pivoting
    > 0x1480c351 : xchg eax, esp; ret
    > 0x1480acb2 : mov esp, ebx; pop ebx; ret
    > 0x14801149 : mov esp, ebp; pop ebp; ret
    > 0x1480c38e : lea esp, [ebx + eax*8 - 0x5b6feb80]; ret
    > 0x1480bfa6 : lea esp, [esp]; lea ecx, [ecx]; mov eax, [esp + 0xc]; pop esi; pop edi; ret
write mem
    > 0x1480bd11 : add [ebx + 0x5e0c2444], ecx; pop edi; ret
    > 0x1480bd25 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret
    > 0x148020d9 : add [ebx + 9], esi; rep stosb es:[edi], al; mov eax, [esp + 4]; mov edi, edx; ret

© 2014 - 2019 - Powered by ROPEME | Contact