ropshell> use 335a9fab2ac3ae212e9feee4bcd19e80 (download) name : libc-2.3.6.so (i386/ELF) base address : 0x14cb0 total gadgets: 10011
ropshell> suggest call > 0x00014cd0 : call eax > 0x00021466 : call ebx > 0x00016860 : call ecx > 0x000161b3 : call edx > 0x00067d26 : call esi jmp > 0x00104849 : push esp; ret > 0x00015e3e : jmp eax > 0x0006c364 : jmp ebx > 0x0002853d : jmp ecx > 0x00028699 : jmp edx load mem > 0x0005a0de : mov eax, [ecx]; pop ebp; ret > 0x0002976f : mov eax, [ecx + 0x34]; ret > 0x0002041c : mov ecx, [edx]; sub eax, ecx; ret > 0x000d5eb4 : mov eax, [edx + 0x18]; pop ebp; ret > 0x00022d80 : mov eax, [ebp + 0xc]; pop ebp; ret load reg > 0x0002120c : pop eax; ret > 0x0006c04d : pop ebx; ret > 0x000285d6 : pop edx; ret > 0x0006c319 : pop esi; ret > 0x00035504 : pop edi; ret pop pop ret > 0x0002120c : pop eax; ret > 0x00014f94 : pop ebx; pop ebp; ret > 0x0001e0c4 : pop eax; pop ebx; pop ebp; ret > 0x0006970a : pop eax; pop ebx; pop esi; pop ebp; ret > 0x0001a188 : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret sp lifting > 0x0006c131 : add esp, 0x100; ret > 0x0006c131 : add esp, 0x100; ret > 0x000b5aca : add esp, 0x24; ret 4 > 0x0008e319 : add esp, 0x34; ret stack pivoting > 0x00014dc7 : mov esp, ebp; pop ebp; ret > 0x0002abd7 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret > 0x0006abd1 : xchg eax, esp; add [eax], al; add [edx - 9], al; ret 3 > 0x00078b90 : lea esp, [edi + ebp*8 - 1]; inc [ebx - 0x11077b]; jmp [eax] > 0x0002a522 : lea esp, [eax + 0x1fffffe]; into ; mov ecx, [ebp - 0x114]; mov [esp + 4], esi; mov [esp], ecx; call [ebp + 0x14] syscall > 0x0008e815 : call gs:[0x10]; ret write mem > 0x000f71d2 : add [eax + 0x5d5b0742], ecx; ret > 0x0005dc17 : adc [esi + 0x5d], ebx; ret > 0x0008f57f : add [edi + 0x5d], ebx; ret > 0x0005e38f : add [ecx], ebx; sal bh, 0xd0; ret > 0x000540a9 : add [ebp + 2], esi; pop ebp; ret