ropshell> use 687061d0dbd2fad0332620fe8fe68be2 (download) name : VulnApp3.exe (i386/PE) base address : 0x14801000 total gadgets: 990
ropshell> suggest call > 0x1480298b : call eax > 0x148011f1 : call ebx > 0x148023e0 : call ecx > 0x148013aa : call esi > 0x148019be : call edi jmp > 0x1480bc85 : jmp eax > 0x148023ff : jmp esi > 0x1480111e : jmp esp > 0x14804ec6 : jmp [eax] > 0x1480a115 : jmp [ebx] load mem > 0x1480a334 : mov eax, [edx + 4]; ret > 0x14809bfe : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret > 0x14803eef : movzx eax, [edx]; movzx ecx, [ecx]; sub eax, ecx; pop esi; pop ebp; ret > 0x1480180d : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret > 0x14802232 : mov eax, [edi]; mov [ecx], eax; mov [ecx + 4], 0; pop edi; pop ebp; ret load reg > 0x14801127 : pop ebx; ret > 0x148012ec : pop ecx; ret > 0x148098be : pop edx; ret > 0x14801509 : pop esi; ret > 0x1480305a : pop edi; ret pop pop ret > 0x1480103e : pop ebp; ret > 0x1480357d : pop eax; pop ebp; ret > 0x14804c82 : pop ebx; pop edi; pop esi; ret > 0x1480547f : pop eax; pop edi; pop esi; pop ebp; ret > 0x14805a94 : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret sp lifting > 0x148065e8 : add esp, 0x10; ret > 0x148065e8 : add esp, 0x10; ret stack pivoting > 0x1480ac92 : mov esp, ebx; pop ebx; ret > 0x1480112a : mov esp, ebp; pop ebp; ret > 0x14802def : xchg eax, esp; inc ebp; call ecx > 0x1480bf86 : lea esp, [esp]; lea ecx, [ecx]; mov eax, [esp + 0xc]; pop esi; pop edi; ret > 0x14807ebe : leave ; ret write mem > 0x1480bcf1 : add [ebx + 0x5e0c2444], ecx; pop edi; ret > 0x1480bd05 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret > 0x148020b9 : add [ebx + 9], esi; rep stosb es:[edi], al; mov eax, [esp + 4]; mov edi, edx; ret