ROPSHELL 
ropshell> use cd491c8ea3c952decf24e0a3414977b1 (download)
name         : lab4B (i386/RAW)
base address : 0x0
total gadgets: 9731

ropshell> suggest
call
    > 0x00000d86 : call eax
    > 0x00002468 : call ebx
    > 0x00014995 : call ecx
    > 0x00000dc3 : call edx
    > 0x00025df2 : call esi
jmp
    > 0x00073b16 : push esp; ret
    > 0x00008e34 : jmp eax
    > 0x000134ff : jmp ebx
    > 0x000138ff : jmp ecx
    > 0x0003543a : jmp edx
load mem
    > 0x0008e9a6 : mov edi, [edx]; ret
    > 0x0000d13b : movzx eax, [edx]; pop ebx; ret
    > 0x00073a80 : mov eax, [edx + 0x4c]; ret
    > 0x00052970 : mov eax, [ecx]; pop ebx; pop esi; ret
    > 0x00019ee0 : movzx ecx, [eax]; movzx eax, [edx]; sub eax, ecx; ret
load reg
    > 0x00073b06 : pop eax; ret
    > 0x000001c9 : pop ebx; ret
    > 0x0009d1d1 : pop ecx; ret
    > 0x00026d3a : pop edx; ret
    > 0x00001a75 : pop esi; ret
pop pop ret
    > 0x00073b06 : pop eax; ret
    > 0x00076c0f : pop ebx; pop edi; ret
    > 0x000567c5 : pop ebp; pop esi; pop edi; ret
    > 0x000563ca : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x00008116 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0003390c : add esp, 0x14; ret
    > 0x0003390c : add esp, 0x14; ret
    > 0x00001837 : add esp, 0x2c; ret
    > 0x00054eb0 : add esp, 0x3c; ret
stack pivoting
    > 0x0000330c : xchg eax, esp; ret
    > 0x00073d66 : mov esp, ecx; ret
    > 0x00073dd5 : mov esp, ebp; pop ebp; ret
    > 0x00000e83 : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
    > 0x00003001 : lea esp, [edi + edi*8 - 1]; jmp [esi - 0x7b]
syscall
    > 0x00027400 : int 0x80; ret
write mem
    > 0x0004d042 : add [ecx], eax; ret
    > 0x00014351 : add [ecx], edi; ret
    > 0x000931b6 : add [edx], ecx; ret
    > 0x0001f361 : add [eax + 0x5f028d02], ecx; ret
    > 0x00047017 : add [eax + 0x39f47503], ebp; ret

© 2014 - 2019 - Powered by ROPEME | Contact