ROPSHELL 
ropshell> use b729ba1592acacb47f2b06dd3d5753fa (download)
name         : Flash6.ocx (i386/PE)
base address : 0x10001000
total gadgets: 18015

ropshell> suggest "stack pivoting"
> 0x1005ffc8 : xchg eax, esp; ret
> 0x10041f0e : mov esp, ebx; pop ebx; ret
> 0x1008c194 : mov esp, ebp; pop ebp; ret
> 0x1003545c : push eax; pop esp; pop esi; ret 4
> 0x1004c53b : lea esp, [ebp - 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret
> 0x100433a0 : push ecx; and [ecx + 0x41896041], cl; pop esp; pop ebp; ret 8
> 0x1009dd36 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x1001b2f1 : lea esp, [edi + edi*8 - 1]; call [eax - 0x18]
> 0x100258b8 : lea esp, [eax - 0x75000000]; push es; call [eax]
> 0x100016c3 : leave ; ret

© 2014 - 2019 - Powered by ROPEME | Contact