ropshell> use 2d16e455648f41e816d1951ab7d09667 (download)
name         : ch72.exe (i386/PE)
base address : 0x401000
total gadgets: 1567

ropshell> suggest "load reg"
> 0x004018a7 : pop ebx; ret
> 0x004011d6 : pop ecx; ret
> 0x0041038e : pop edx; ret
> 0x004013c4 : pop esi; ret
> 0x00412bc5 : pop edi; ret
> 0x0040108f : pop ebp; ret
> 0x004032ec : pop eax; pop ebp; ret
> 0x00411709 : mov eax, [esp + 8]; ret
> 0x0040234e : pop esp; inc eax; inc ecx; add [esi + 0x5d], bl; ret
> 0x00404c32 : popal ; or al, 0; add [edx + 0x16], ch; pop eax; pop ebp; ret
> 0x0040203a : mov edx, [esp + 0x10]; mov [edx], eax; mov eax, 3; ret