ropshell> use 3cd632d4245d08e76014e7240e5f5f82 (download)
name         : dbman.exe (i386/PE)
base address : 0x401000
total gadgets: 11623

ropshell> suggest
call
    > 0x00404957 : call eax
    > 0x00473dcd : call ebx
    > 0x0049783a : call ecx
    > 0x00404976 : call edx
    > 0x004980ed : call esi
jmp
    > 0x00428fa5 : push esp; ret
    > 0x004651a7 : jmp eax
    > 0x00460e8d : jmp edx
    > 0x00410a4a : jmp [eax]
    > 0x00453d7e : jmp [ebx]
load mem
    > 0x00438b27 : mov eax, [ebx]; ret
    > 0x00490560 : mov eax, [ecx]; ret
    > 0x004974eb : mov eax, [esi]; pop esi; ret
    > 0x00490b20 : mov eax, [ecx + 0x18]; ret
    > 0x00497514 : mov eax, [esi + 4]; pop esi; ret
load reg
    > 0x00428f99 : pop eax; ret
    > 0x00495ca5 : pop ebx; ret
    > 0x00496b58 : pop ecx; ret
    > 0x00489c7e : pop esi; ret
    > 0x0049b1e6 : pop edi; ret 0x10
pop pop ret
    > 0x00428f99 : pop eax; ret
    > 0x0049bb71 : pop ebx; pop ebp; ret
    > 0x0049bb70 : pop esi; pop ebx; pop ebp; ret
    > 0x0049bb6f : pop edi; pop esi; pop ebx; pop ebp; ret
    > 0x0049531a : pop ecx; pop edi; pop esi; pop ebp; pop ebx; add esp, 0x10; ret 0x10
sp lifting
    > 0x0049549b : add esp, 0x10; ret
    > 0x0049549b : add esp, 0x10; ret
    > 0x004946a2 : add esp, 0x24; ret 8
    > 0x00494a42 : add esp, 0x48; ret 8
    > 0x00492539 : add esp, 0x50; ret 0x10
stack pivoting
    > 0x00428e15 : xchg eax, esp; ret
    > 0x00402b43 : mov esp, ebp; pop ebp; ret
    > 0x00427554 : lea esp, [esi + eax*8 - 1]; inc esi; inc ebp; cld ; ret
    > 0x0042a53e : lea esp, [eax]; aam 0xff; call [ecx - 1]
    > 0x0040eab7 : lea esp, [ebx + edi*8 - 1]; call [ecx - 0x75]
write mem
    > 0x0043d7a2 : adc [eax + 0x458dc155], ecx; ret
    > 0x00417589 : add [ebx], ecx; mov esp, ebp; pop ebp; ret
    > 0x0049717e : add [ebp + 0xf0c244c], ecx; xchg eax, esp; ret
    > 0x00475108 : adc [ebx + 0x4428bc8], ecx; call eax
    > 0x0046ab1d : adc [ebx], eax; add eax, [eax]; mov esp, ebp; pop ebp; ret 0x18