ropshell> use 5e28284f9b5f9097640d58a73d38ad4c (download)
name         : notepad.exe (i386/PE)
base address : 0x1001000
total gadgets: 869
ropshell> suggest
call
    > 0x01002969 : call eax
    > 0x010030f4 : call ebx
    > 0x0100193a : call esi
    > 0x01001dcf : call edi
    > 0x01004706 : call [eax + 0x52]
jmp
    > 0x01004210 : jmp [esi + 0x39]
load mem
    > 0x01005845 : mov ebx, [ebp + 8]; push ebx; call edi
    > 0x01005e19 : mov edi, [ebp + 8]; push 8; push edi; call esi
    > 0x01003f70 : movzx eax, [ebx]; inc edi; inc edi; inc ebx; push eax; inc ebx; call esi
    > 0x010044c6 : mov ecx, [ebp + 0x14]; mov [ecx + 0x17], al; xor eax, eax; pop ebp; ret 0x10
    > 0x010044c0 : mov eax, [ebp + 8]; mov al, [eax + 0x17]; mov ecx, [ebp + 0x14]; mov [ecx + 0x17], al; xor eax, eax; pop ebp; ret 0x10
load reg
    > 0x0100753c : pop ecx; ret
    > 0x01001956 : pop esi; ret
    > 0x01004ca4 : pop edi; ret
    > 0x010044ce : pop ebp; ret 0x10
    > 0x010044b1 : pop ebx; pop ebp; ret 4
pop pop ret
    > 0x0100753c : pop ecx; ret
    > 0x0100753b : pop ecx; pop ecx; ret
    > 0x01004b8e : pop ebx; pop esi; pop ebp; ret 0xc
    > 0x010023fd : pop eax; pop esi; pop edi; pop ebp; ret 8
stack pivoting
    > 0x010045ba : xchg eax, esp; adc [eax], eax; add [ebx], edi; ret
    > 0x010019d9 : leave ; ret
write mem
    > 0x010045bd : add [ebx], edi; ret
    > 0x01006a42 : add [eax + 0x3b], ecx; ret
    > 0x01004e15 : add [esi + 0x5d], ebx; ret 4
    > 0x010033d3 : add [edi + 0x5e], ebx; ret
    > 0x01001fe0 : add [ebx + 0x5fc78bf8], ecx; pop esi; pop ebp; ret 0x14