ROPSHELL 
ropshell> use b921fb870c9ac0d509b2ccabbbbe95f3 (download)
name         : kernel32.dll (i386/PE)
base address : 0x7c801000
total gadgets: 8249

ropshell> suggest
call
    > 0x7c81951f : call eax
    > 0x7c8103a5 : call ebx
    > 0x7c80eb7c : call ecx
    > 0x7c809a1f : call edx
    > 0x7c801a7f : call esi
jmp
    > 0x7c828bc7 : push esp; ret 1
    > 0x7c85e4ec : jmp eax
    > 0x7c873c53 : jmp ebx
    > 0x7c810798 : jmp ecx
    > 0x7c82d944 : jmp esi
load mem
    > 0x7c83541b : mov eax, [ebp + 0x10]; pop ebp; ret 0xc
    > 0x7c82cc3b : mov eax, [ebx]; push eax; call edi
    > 0x7c80b3bc : mov eax, [esi]; push eax; call edi
    > 0x7c86b75d : movsx eax, [edi]; push eax; call esi
    > 0x7c86b7c8 : movsx eax, [edi + 1]; push eax; call esi
load reg
    > 0x7c80998d : pop eax; ret
    > 0x7c80dfed : pop ebx; ret
    > 0x7c8032fc : pop esi; ret
    > 0x7c86cfc3 : pop edi; ret
    > 0x7c80df42 : pop ebp; ret
pop pop ret
    > 0x7c80998d : pop eax; ret
    > 0x7c87f437 : pop eax; pop ebp; ret
    > 0x7c80dfeb : pop edi; pop esi; pop ebx; ret
    > 0x7c8107f4 : pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c80e031 : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x7c80df40 : mov esp, ebp; pop ebp; ret
    > 0x7c840a03 : mov esp, edi; inc [ebx - 0x35160038]; ret
    > 0x7c83ab4d : xchg eax, esp; add al, [eax]; ret
    > 0x7c8107f2 : mov esp, esi; pop ebx; pop edi; pop esi; pop ebp; ret 0x10
    > 0x7c83fef5 : lea esp, [esp + edi*8 - 1]; call [ecx + 0x50]
write mem
    > 0x7c83c876 : add [ebx], edi; ret
    > 0x7c80aaf7 : add [ebx], ebp; ret
    > 0x7c8560ac : add [eax], ecx; pop ebp; ret 0xc
    > 0x7c81eefe : add [eax + 0x5d5e5f01], esi; ret 0x10
    > 0x7c81ef00 : add [edi + 0x5e], ebx; pop ebp; ret 0x10

© 2014 - 2019 - Powered by ROPEME | Contact