ropshell> use 3899f258e06eda564292b936b806261f (download)
name         : RM2MP3Converter.exe (i386/PE)
base address : 0x401000
total gadgets: 6308

ropshell> suggest
call
    > 0x004163e6 : call eax
    > 0x00401931 : call ebx
    > 0x00420965 : call ecx
    > 0x00402e39 : call esi
    > 0x004024ff : call edi
jmp
    > 0x0041cfe8 : push esp; ret
    > 0x004389db : jmp edi
    > 0x00408bbd : jmp ebp
    > 0x004128eb : jmp [eax]
    > 0x0041112b : jmp [ecx + 2]
load mem
    > 0x0042c210 : mov eax, [ecx]; ret
    > 0x004255c0 : mov eax, [ecx + 0x134]; ret
    > 0x00437034 : mov eax, [esi + 0x18]; pop esi; add esp, 0x100; ret
    > 0x004201a1 : mov ecx, [ebx + 0x5e5fffff]; pop ebp; add esp, 0x4510; ret 8
    > 0x00434b83 : mov edx, [eax + 0xc]; push edx; push eax; call ecx; ret
load reg
    > 0x00437552 : pop eax; ret
    > 0x0040329f : pop ebx; ret
    > 0x0040545a : pop ecx; ret
    > 0x00401880 : pop esi; ret
    > 0x00419ec7 : pop edi; ret
pop pop ret
    > 0x00437552 : pop eax; ret
    > 0x00405b60 : pop ebp; pop ebx; ret
    > 0x0041532f : pop ebp; pop ebx; pop ecx; ret
    > 0x00405b5e : pop edi; pop esi; pop ebp; pop ebx; ret
    > 0x0041532d : pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
sp lifting
    > 0x00437038 : add esp, 0x100; ret
    > 0x00437038 : add esp, 0x100; ret
    > 0x00431c03 : add esp, 0x200; ret
    > 0x00416814 : add esp, 0x304; ret
    > 0x00404c7d : add esp, 0x440c; ret
stack pivoting
    > 0x004375a0 : xchg eax, esp; ret
    > 0x00411900 : mov esp, ebp; pop ebp; ret 0x14
    > 0x00405637 : lea esp, [ebp - 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret 4
    > 0x004377a6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x00405d0e : leave ; call [eax + 0x50]
write mem
    > 0x004264b4 : adc [ebx], eax; ret
    > 0x00436168 : add [eax + 1], edi; pop esi; ret
    > 0x00432867 : adc [ebx], ebp; add [eax], al; ret
    > 0x00425dab : add [edx], eax; add [eax], al; ret 8
    > 0x0042621d : adc [ecx], eax; add [edi + 0x5e], bl; ret 0xc