ropshell> use 57a1912d4b8abbf1680ca7256ae0ef31 (download)
name         : m2.exe (i386/PE)
base address : 0x401000
total gadgets: 317
ropshell> suggest
call
    > 0x00401024 : call eax
    > 0x004060ac : call ecx
jmp
    > 0x004012c5 : jmp eax
    > 0x00403dac : jmp [eax]
    > 0x0040257a : jmp [ecx]
    > 0x004057a3 : jmp [esi - 0x39]
    > 0x004017d0 : push esp; mov ebp, [esp + 0x58]; add esp, 0x5c; ret
load mem
    > 0x00401b3c : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x00401ac1 : pop ebx; ret
    > 0x00406b98 : pop ecx; ret
    > 0x00401b5e : pop esi; ret
    > 0x0040205b : pop edi; ret
    > 0x0040132f : pop ebp; ret
pop pop ret
    > 0x0040132f : pop ebp; ret
    > 0x00406b97 : pop eax; pop ecx; ret
    > 0x00402059 : pop ebx; pop esi; pop edi; ret
    > 0x00401527 : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00405b65 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00401b80 : add esp, 0x1c; ret
    > 0x00401b80 : add esp, 0x1c; ret
    > 0x004064fd : add esp, 0x24; ret
    > 0x00405684 : add esp, 0x3c; ret
    > 0x00405205 : add esp, 0x4c; ret
stack pivoting
    > 0x00405d63 : xchg eax, esp; lea eax, [0]; ret
    > 0x00401524 : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00401321 : leave ; ret