ropshell> use 687061d0dbd2fad0332620fe8fe68be2 (download)
name         : VulnApp3.exe (i386/PE)
base address : 0x14801000
total gadgets: 990
ropshell> suggest
call
    > 0x1480298b : call eax
    > 0x148011f1 : call ebx
    > 0x148023e0 : call ecx
    > 0x148013aa : call esi
    > 0x148019be : call edi
jmp
    > 0x1480bc85 : jmp eax
    > 0x148023ff : jmp esi
    > 0x1480111e : jmp esp
    > 0x14804ec6 : jmp [eax]
    > 0x1480a115 : jmp [ebx]
load mem
    > 0x1480a334 : mov eax, [edx + 4]; ret
    > 0x14809bfe : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret
    > 0x14803eef : movzx eax, [edx]; movzx ecx, [ecx]; sub eax, ecx; pop esi; pop ebp; ret
    > 0x1480180d : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
    > 0x14802232 : mov eax, [edi]; mov [ecx], eax; mov [ecx + 4], 0; pop edi; pop ebp; ret
load reg
    > 0x14801127 : pop ebx; ret
    > 0x148012ec : pop ecx; ret
    > 0x148098be : pop edx; ret
    > 0x14801509 : pop esi; ret
    > 0x1480305a : pop edi; ret
pop pop ret
    > 0x1480103e : pop ebp; ret
    > 0x1480357d : pop eax; pop ebp; ret
    > 0x14804c82 : pop ebx; pop edi; pop esi; ret
    > 0x1480547f : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x14805a94 : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret
sp lifting
    > 0x148065e8 : add esp, 0x10; ret
    > 0x148065e8 : add esp, 0x10; ret
stack pivoting
    > 0x1480ac92 : mov esp, ebx; pop ebx; ret
    > 0x1480112a : mov esp, ebp; pop ebp; ret
    > 0x14802def : xchg eax, esp; inc ebp; call ecx
    > 0x1480bf86 : lea esp, [esp]; lea ecx, [ecx]; mov eax, [esp + 0xc]; pop esi; pop edi; ret
    > 0x14807ebe : leave ; ret
write mem
    > 0x1480bcf1 : add [ebx + 0x5e0c2444], ecx; pop edi; ret
    > 0x1480bd05 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret
    > 0x148020b9 : add [ebx + 9], esi; rep stosb es:[edi], al; mov eax, [esp + 4]; mov edi, edx; ret