ropshell> use 056c3a57132b805ff530cbadf13ee878 (download)
name         : seh_overflow.exe (i386/RAW)
base address : 0x0
total gadgets: 342

ropshell> suggest
call
    > 0x000015de : call [eax - 0x7d]; ret
    > 0x000019fb : call eax
    > 0x000028b8 : call ebx
    > 0x000025de : call edx
    > 0x00001524 : call esi
jmp
    > 0x0000059b : jmp [esi]
load mem
    > 0x00002764 : mov edx, [eax]; call edx
    > 0x00002648 : mov eax, [edx + 8]; call eax
    > 0x00002781 : mov edx, [eax + 0x28]; call edx
    > 0x00002762 : mov eax, [ecx]; mov edx, [eax]; call edx
    > 0x00002646 : mov edx, [ecx]; mov eax, [edx + 8]; call eax
load reg
    > 0x00001ef4 : pop esi; ret
    > 0x00000837 : pop ebp; ret
    > 0x00000cac : pop ebx; pop esi; pop ebp; ret 4
    > 0x00000bf0 : pop eax; mov esp, ebp; pop ebp; ret
    > 0x00000cab : pop edi; pop ebx; pop esi; pop ebp; ret 4
pop pop ret
    > 0x00000837 : pop ebp; ret
    > 0x00000cad : pop esi; pop ebp; ret 4
    > 0x00000cac : pop ebx; pop esi; pop ebp; ret 4
    > 0x00000cab : pop edi; pop ebx; pop esi; pop ebp; ret 4
sp lifting
    > 0x00000e1f : add esp, 0x14; ret
    > 0x00000e1f : add esp, 0x14; ret
stack pivoting
    > 0x00000835 : mov esp, ebp; pop ebp; ret
    > 0x00002985 : xchg eax, esp; bound eax, [ecx]; push eax; call edi
write mem
    > 0x00002629 : add [ebx + 0x558d6840], ecx; cld ; push edx; call eax
    > 0x00002249 : adc [ecx + 0x10bfa], eax; add [esp + eax + 0x33], dh; shr bl, 5; mov eax, 1; mov esp, ebp; pop ebp; ret