ropshell> use 335a9fab2ac3ae212e9feee4bcd19e80 (download)
name         : libc-2.3.6.so (i386/ELF)
base address : 0x14cb0
total gadgets: 10011
ropshell> suggest
call
    > 0x00014cd0 : call eax
    > 0x00021466 : call ebx
    > 0x00016860 : call ecx
    > 0x000161b3 : call edx
    > 0x00067d26 : call esi
jmp
    > 0x00104849 : push esp; ret
    > 0x00015e3e : jmp eax
    > 0x0006c364 : jmp ebx
    > 0x0002853d : jmp ecx
    > 0x00028699 : jmp edx
load mem
    > 0x0005a0de : mov eax, [ecx]; pop ebp; ret
    > 0x0002976f : mov eax, [ecx + 0x34]; ret
    > 0x0002041c : mov ecx, [edx]; sub eax, ecx; ret
    > 0x000d5eb4 : mov eax, [edx + 0x18]; pop ebp; ret
    > 0x00022d80 : mov eax, [ebp + 0xc]; pop ebp; ret
load reg
    > 0x0002120c : pop eax; ret
    > 0x0006c04d : pop ebx; ret
    > 0x000285d6 : pop edx; ret
    > 0x0006c319 : pop esi; ret
    > 0x00035504 : pop edi; ret
pop pop ret
    > 0x0002120c : pop eax; ret
    > 0x00014f94 : pop ebx; pop ebp; ret
    > 0x0001e0c4 : pop eax; pop ebx; pop ebp; ret
    > 0x0006970a : pop eax; pop ebx; pop esi; pop ebp; ret
    > 0x0001a188 : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0006c131 : add esp, 0x100; ret
    > 0x0006c131 : add esp, 0x100; ret
    > 0x000b5aca : add esp, 0x24; ret 4
    > 0x0008e319 : add esp, 0x34; ret
stack pivoting
    > 0x00014dc7 : mov esp, ebp; pop ebp; ret
    > 0x0002abd7 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x0006abd1 : xchg eax, esp; add [eax], al; add [edx - 9], al; ret 3
    > 0x00078b90 : lea esp, [edi + ebp*8 - 1]; inc [ebx - 0x11077b]; jmp [eax]
    > 0x0002a522 : lea esp, [eax + 0x1fffffe]; into ; mov ecx, [ebp - 0x114]; mov [esp + 4], esi; mov [esp], ecx; call [ebp + 0x14]
syscall
    > 0x0008e815 : call gs:[0x10]; ret
write mem
    > 0x000f71d2 : add [eax + 0x5d5b0742], ecx; ret
    > 0x0005dc17 : adc [esi + 0x5d], ebx; ret
    > 0x0008f57f : add [edi + 0x5d], ebx; ret
    > 0x0005e38f : add [ecx], ebx; sal bh, 0xd0; ret
    > 0x000540a9 : add [ebp + 2], esi; pop ebp; ret