ropshell> use 476ae25c77b802a39fb335a615564143 (download)
name         : libc-2.28.so (i386/ELF)
base address : 0x190e0
total gadgets: 17665
ropshell> suggest
call
    > 0x0001ab82 : call eax
    > 0x0001dfae : call ebx
    > 0x0005ab93 : call ecx
    > 0x0001abe7 : call edx
    > 0x0001bd9e : call esi
jmp
    > 0x00137796 : push esp; ret
    > 0x0001ae87 : jmp eax
    > 0x0001a85b : jmp ebx
    > 0x0004aacb : jmp ecx
    > 0x0001b633 : jmp edx
load mem
    > 0x0006a067 : mov eax, [edx]; ret
    > 0x001357c0 : mov eax, [edx + 4]; ret
    > 0x000766b8 : mov eax, [ecx]; mov [edx], eax; ret
    > 0x000766e9 : mov eax, [ecx + 8]; sub eax, edx; ret
    > 0x0010a952 : mov ebp, [ecx + 0xc]; jmp edx
load reg
    > 0x000266a7 : pop eax; ret
    > 0x0001a8b5 : pop ebx; ret
    > 0x0006b8c8 : pop ecx; ret 0xc
    > 0x0002ee7c : pop edx; ret
    > 0x0001bf5c : pop esi; ret
pop pop ret
    > 0x000266a7 : pop eax; ret
    > 0x00156f0b : pop ebp; pop ebx; ret
    > 0x000ae137 : pop eax; pop edi; pop esi; ret
    > 0x00041b9a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001e3c3 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00136981 : add esp, 0x10; ret
    > 0x00136981 : add esp, 0x10; ret
    > 0x00165772 : add esp, 0x20; ret
    > 0x000f2f50 : add esp, 0x3c; ret
    > 0x000e9f75 : add esp, 0x4c; ret
stack pivoting
    > 0x0001b299 : xchg eax, esp; ret
    > 0x0002efad : mov esp, ecx; jmp edx
    > 0x00042a48 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x000d0765 : mov esp, esi; inc [ebx + 0x5e5b1cc4]; pop edi; pop ebp; ret
    > 0x0011b2c1 : xchg esp, edx; mov bl, 0xfa; call [eax - 0x73]
syscall
    > 0x000c0d05 : call gs:[0x10]; ret
write mem
    > 0x00098f7c : add [eax], edx; ret
    > 0x00098f9c : add [eax], esi; ret
    > 0x00035c35 : add [eax], edi; ret
    > 0x0005c761 : add [ecx], eax; ret
    > 0x00040810 : add [ecx], edi; ret