ropshell> use 024ff462edfc76100b9372a0fc57b7cf (download) name : healiat.exe (i386/PE) base address : 0x401000 total gadgets: 1500
ropshell> suggest call > 0x00403106 : call [edx - 0x18]; ret > 0x00410dc4 : call eax > 0x0040c64a : call ebx > 0x0040c656 : call ecx > 0x004148e7 : call esi jmp > 0x0040ec59 : jmp eax > 0x0040c626 : jmp ebx > 0x0040e69c : jmp esi > 0x00403540 : jmp [eax] > 0x0040ee8c : jmp [ebx + 0x18] load mem > 0x004055ab : mov eax, [ebp + 0x10]; pop ebp; ret > 0x004123cb : movzx eax, [ecx]; inc ecx; mov [edx], ecx; ret > 0x00405e26 : mov eax, [ecx + 0x16c]; mov esp, ebp; pop ebp; ret > 0x0040f3d8 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x0040ee89 : mov ebp, [ebx + 0x20]; jmp [ebx + 0x18] load reg > 0x0041056c : pop eax; ret > 0x0040b3ec : pop ebx; ret > 0x0040f1fe : pop ecx; ret > 0x0040e2f9 : pop esi; ret > 0x0040e4c0 : pop edi; ret pop pop ret > 0x0041056c : pop eax; ret > 0x004136f2 : pop eax; pop ebp; ret > 0x0041121f : pop eax; pop edi; pop esi; ret > 0x0040f92c : pop eax; pop edi; pop ebx; pop esi; ret > 0x0040ee91 : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret sp lifting > 0x0040e39a : add esp, 0x10; ret > 0x0040e39a : add esp, 0x10; ret > 0x00412cee : add esp, 0x44; ret stack pivoting > 0x00401101 : mov esp, ebp; pop ebp; ret > 0x0040f3d6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x00401d93 : lea esp, [eax + edi*8 - 0x72fc0001]; sar ah, 0xff; call [ecx - 0x18] > 0x0040312e : lea esp, [esi*8 + 0x6a51ffff]; add [ebx - 0x7a36b], cl; dec [ebx - 0x74afefbe]; lea ebx, [eax + edi*8 - 1]; call [ecx - 0x18] > 0x0040e37c : leave ; ret write mem > 0x004102d7 : add [edi + 0x3a], eax; ret > 0x0041121e : add [eax + 0x5f], ebx; pop esi; ret > 0x004090c1 : add [ebx + 0x7500d87d], eax; or al, 0x83; ret > 0x0040240e : add [eax + 1], edi; mov esp, ebp; pop ebp; ret > 0x00413486 : add [ebp + 0x374c104], ecx; mov eax, [eax]; ret