ROPSHELL 
ropshell> use b729ba1592acacb47f2b06dd3d5753fa (download)
name         : Flash6.ocx (i386/PE)
base address : 0x10001000
total gadgets: 18015

ropshell> suggest
call
    > 0x1004ac31 : call eax
    > 0x10001162 : call ebx
    > 0x10007323 : call ecx
    > 0x10049779 : call esi
    > 0x10047f0a : call edi
jmp
    > 0x10006b2e : push esp; ret
    > 0x10009648 : jmp eax
    > 0x10074599 : jmp ebx
    > 0x1000999a : jmp [eax]
    > 0x100640bc : jmp [ebx]
load mem
    > 0x100852a0 : mov eax, [ecx]; ret
    > 0x100838e0 : mov eax, [ecx + 0x14]; ret
    > 0x1004df83 : mov eax, [esi]; pop edi; pop esi; ret 0xc
    > 0x10034520 : mov eax, [edi]; pop edi; pop esi; ret
    > 0x100847e2 : mov ecx, [eax]; call [ecx]; ret 0xc
load reg
    > 0x100016f0 : pop eax; ret
    > 0x100010f3 : pop ebx; ret
    > 0x10002fd7 : pop ecx; ret
    > 0x1006b630 : pop edx; ret 4
    > 0x1000111a : pop esi; ret
pop pop ret
    > 0x100016f0 : pop eax; ret
    > 0x10001c83 : pop eax; pop ebp; ret
    > 0x100099aa : pop eax; pop edi; pop esi; ret
    > 0x10001a3e : pop eax; pop edi; pop esi; pop ebx; ret
    > 0x1008aa3e : pop eax; pop ebx; pop ebp; pop esi; pop edi; ret
sp lifting
    > 0x100115de : add esp, 0x10; ret
    > 0x100115de : add esp, 0x10; ret
    > 0x10094751 : add esp, 0x208; ret
    > 0x100851e2 : add esp, 0x30; ret 0x14
    > 0x1008648d : add esp, 0x400; ret
stack pivoting
    > 0x1005ffc8 : xchg eax, esp; ret
    > 0x10041f0e : mov esp, ebx; pop ebx; ret
    > 0x1008c194 : mov esp, ebp; pop ebp; ret
    > 0x1003545c : push eax; pop esp; pop esi; ret 4
    > 0x1004c53b : lea esp, [ebp - 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret
write mem
    > 0x100149d6 : add [eax], edx; ret
    > 0x1001811c : add [ebx], edi; ret
    > 0x1007b147 : add [ebx], ebp; ret
    > 0x1001419a : add [edx], edi; ret
    > 0x100312f6 : add [eax + 0x3a], ebx; ret

© 2014 - 2019 - Powered by ROPEME | Contact