ropshell> use 207bced406cb1783c3d93c52f6c4ee38 (download)
name         : entree.exe (i386/PE)
base address : 0x401000
total gadgets: 884
ropshell> suggest
call
    > 0x004019aa : call eax
    > 0x00406812 : call ebx
    > 0x00401b66 : call ecx
    > 0x00404b49 : call edx
    > 0x00401bd2 : call esi
jmp
    > 0x00402502 : jmp eax
    > 0x00408730 : jmp esi
    > 0x004045b7 : jmp [eax]
    > 0x00403714 : jmp [ebx]
    > 0x00406cff : jmp [ecx]
load mem
    > 0x004047ec : mov eax, [ebp + 0x10]; inc [eax]; pop ebp; ret
    > 0x004025cf : mov eax, [ecx + 4]; mov [esi + 4], eax; mov eax, esi; pop esi; pop ebp; ret 4
load reg
    > 0x0040869e : pop ebx; ret
    > 0x004012e0 : pop ecx; ret
    > 0x00401296 : pop esi; ret
    > 0x00407739 : pop edi; ret
    > 0x0040116d : pop ebp; ret
pop pop ret
    > 0x0040116d : pop ebp; ret
    > 0x0040195f : pop eax; pop ebp; ret
    > 0x00408470 : pop eax; pop esi; pop edi; ret
    > 0x00404892 : pop ebx; pop edi; pop esi; pop ebp; ret
    > 0x00407b2a : pop ecx; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x00402525 : add esp, 0x14; ret
    > 0x00402525 : add esp, 0x14; ret
stack pivoting
    > 0x0040116b : mov esp, ebp; pop ebp; ret
    > 0x0040593d : xchg eax, esp; inc [eax]; push edi; call esi
    > 0x0040d1fb : leave ; ret
write mem
    > 0x0040a123 : add [esi + 0x5d], ebx; ret
    > 0x004081d5 : add [ebx + 0x5e0c2444], ecx; pop edi; ret
    > 0x004081e9 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret