ropshell> use 50ab85231f52f991097c1a760ac332e9 (download)
name         : ImageLoad.dll (i386/PE)
base address : 0x10001000
total gadgets: 5563

ropshell> suggest
call
    > 0x100192c9 : call eax
    > 0x1000102e : call ebx
    > 0x1001ab83 : call ecx
    > 0x10001682 : call esi
    > 0x10016463 : call edi
jmp
    > 0x10002682 : push esp; ret
    > 0x10012b14 : jmp eax
    > 0x1000d5e0 : jmp [eax]
    > 0x10006943 : jmp [ebx]
    > 0x1001a5c1 : jmp [edx + 0x14]
load mem
    > 0x1001925a : mov eax, [ebp + 8]; pop ebp; ret
    > 0x10006939 : mov edx, [eax]; call [edx]; add esp, 4; ret
    > 0x10004f9e : mov edx, [ecx]; call [edx]; add esp, 4; ret
    > 0x1000ae53 : mov eax, [ebx]; call [eax + 4]
    > 0x1000bb17 : mov eax, [esi]; call [eax + 0x10]
load reg
    > 0x10015442 : pop eax; ret
    > 0x1000108c : pop ebx; ret
    > 0x10001bb5 : pop ecx; ret
    > 0x1000283f : pop esi; ret
    > 0x1000725d : pop edi; ret
pop pop ret
    > 0x10015442 : pop eax; ret
    > 0x1000de77 : pop eax; pop esi; ret
    > 0x1000645b : pop ebp; pop ebx; pop ecx; ret
    > 0x1000a824 : pop ebp; pop edi; pop esi; pop ebx; ret
    > 0x1000b7f4 : pop ebp; pop esi; pop edi; pop ebx; pop ecx; ret
sp lifting
    > 0x1002280a : add esp, 0x1004; ret
    > 0x1002280a : add esp, 0x1004; ret
    > 0x10008204 : add esp, 0x20; ret
    > 0x10002f1d : add esp, 0x30; ret
    > 0x1001c935 : add esp, 0x41c; ret
stack pivoting
    > 0x10003db4 : mov esp, ebp; pop ebp; ret
    > 0x1000c232 : xchg eax, esp; pop edi; pop esi; pop ebp; pop ebx; pop ecx; ret
    > 0x10024666 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x10010001 : push ecx; pop esp; mov eax, [eax + 0x74]; mov [ecx + 0x60], eax; ret
    > 0x10009a62 : xchg esp, ebx; add [eax], al; add [ebx + 0x1a8b7], cl; add [ebx], bh; ret
write mem
    > 0x1001bc43 : add [eax], ecx; ret
    > 0x1001bf15 : adc [ebx], edi; ret
    > 0x1001289f : add [eax], edx; pop esi; ret
    > 0x10002c0a : adc [ebx + 0x5e5f04c4], eax; ret
    > 0x10008856 : add [edi + 3], eax; ret