Could someone explain what this assembly code does and how could it be used in a ROP attack? What type of data could go in the registers to successfully perform a ROP attack? Should it be chained to other gadgets?
`xor eax, eax;`
`mov eax, dword ptr [esp];`
`call eax;`
For what I know the first instruction performs an exclusive OR (XOR), and sets the register eax to zero. Then the next instruction loads the 32-bit value from the location pointed by esp. Finally, i think the last instruction calls the function located at the adress stored in the eax.
But i don't know exactly what type of data could go in the registers to successfully perform a ROP attack.