ropshell> use 4f4c1bcfce3df1802b75b39b9d01a9ac (download) name : msv1_0.dll (i386/PE) base address : 0x77c61000 total gadgets: 1984
ropshell> suggest call > 0x77c6e6e8 : call eax > 0x77c6cbd9 : call ebx > 0x77c6f6dc : call ecx > 0x77c61f92 : call esi > 0x77c61733 : call edi jmp > 0x77c6870c : jmp eax > 0x77c65c1c : jmp edi > 0x77c6ffbe : jmp ebp > 0x77c62eee : jmp esp > 0x77c631d5 : jmp [eax] load mem > 0x77c63c52 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x77c61d44 : movzx ecx, [edx]; add [eax], ecx; pop esi; pop ebp; ret 0x10 > 0x77c7bbc7 : mov eax, [ebp + 0x10]; pop edi; pop esi; pop ebx; pop ebp; ret 0x10 > 0x77c75e22 : mov esi, [ebp + 0xc]; mov eax, esi; pop esi; pop ebp; ret 8 > 0x77c73230 : mov eax, [edi]; push [eax + 0x30]; call esi load reg > 0x77c69d66 : pop ebx; ret 0x10 > 0x77c689c1 : pop esi; ret > 0x77c6e6f3 : pop edi; ret > 0x77c756c4 : pop ebp; ret > 0x77c6870b : pop ecx; jmp eax pop pop ret > 0x77c756c4 : pop ebp; ret > 0x77c689c0 : pop edi; pop esi; ret > 0x77c618f8 : pop ebx; pop edi; pop ebp; ret 0x10 > 0x77c6351e : pop ebp; pop edi; pop esi; pop ebx; ret 0xc stack pivoting > 0x77c6665f : mov esp, ebp; pop ebp; ret 0xc > 0x77c63c2c : xchg eax, esp; mov eax, [eax]; push eax; ret > 0x77c63c50 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x77c6a9b8 : lea esp, [edx + edi*8 - 1]; call [ecx - 0x73] > 0x77c619e6 : leave ; ret write mem > 0x77c68d94 : add [ebx], ebp; ret > 0x77c7978c : add [esi + 0x5d], ebx; ret 4 > 0x77c61d47 : add [eax], ecx; pop esi; pop ebp; ret 0x10 > 0x77c781bc : add [ebx], esi; jmp [ecx] > 0x77c69100 : add [edi], ecx; test [ebx + 0x300007b], bl; ret