ropshell> use 4e44765502a8aafba57c8661983c23ad (download) name : vuln10.exe (i386/PE) base address : 0x401000 total gadgets: 423
ropshell> suggest call > 0x004010aa : call eax > 0x00407c78 : call ecx > 0x00401346 : call edx > 0x00402da8 : call edi jmp > 0x004012e5 : jmp eax > 0x00405ecf : jmp [eax] > 0x004040e7 : jmp [ecx] > 0x004010ed : jmp [esi - 0x70] load mem > 0x004077e1 : mov ecx, [eax + eax]; add [ebx - 0x137c03a3], cl; add al, 0xc9; ret > 0x00401d4d : mov eax, [ebx + 4]; mov [esp], esi; call eax load reg > 0x00401be1 : pop ebx; ret > 0x00402298 : pop ecx; ret > 0x004028e8 : pop esi; ret > 0x004021a4 : pop edi; ret > 0x0040158b : pop ebp; ret pop pop ret > 0x0040158b : pop ebp; ret > 0x00402297 : pop eax; pop ecx; ret > 0x00401589 : pop ebx; pop edi; pop ebp; ret > 0x004018e1 : pop ebx; pop esi; pop edi; pop ebp; ret > 0x00404fd8 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret sp lifting > 0x00403877 : add esp, 0x1c; ret > 0x00403877 : add esp, 0x1c; ret > 0x0040129b : add esp, 0x3c; ret > 0x00401b8b : sub esp, 0xc; nop ; call eax stack pivoting > 0x00401586 : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret > 0x0040138b : leave ; ret write mem > 0x004024a9 : add [esi + 0x5f], ebx; pop ebp; ret > 0x004022e8 : add [ebp + 0x31d375c9], eax; dec [ecx + 0x5f5e5bf8]; ret