ropshell> use 6ab193c70ef923b6154eafb1ee2e696a (download)
name         : winmugen.exe (i386/PE)
base address : 0x401000
total gadgets: 7923

ropshell> suggest
call
    > 0x0047fc26 : call [ebx - 0x18]; ret
    > 0x004169ea : call eax
    > 0x00407cff : call ebx
    > 0x00417184 : call ecx
    > 0x004870a0 : call edx
jmp
    > 0x00403535 : push esp; ret
    > 0x0045929e : jmp eax
    > 0x0042877d : jmp ebx
    > 0x00453a54 : jmp edi
    > 0x004952f2 : jmp [eax]
load mem
    > 0x004189c2 : mov eax, [ecx + 0x20]; ret
    > 0x00498554 : mov eax, [edx + 4]; ret
    > 0x00403f11 : mov eax, [edi]; pop edi; pop esi; pop ebx; ret
    > 0x0041318e : mov edx, [eax]; mov [edx], cl; ret
    > 0x00439a6a : mov edx, [ecx + 0x1028]; sub eax, edx; ret
load reg
    > 0x004303a4 : pop eax; ret
    > 0x00401083 : pop ebx; ret
    > 0x004048ac : pop ecx; ret
    > 0x00492c87 : pop edx; ret
    > 0x004011b6 : pop esi; ret
pop pop ret
    > 0x004303a4 : pop eax; ret
    > 0x00492b69 : pop eax; pop ebp; ret
    > 0x00416f81 : pop ebp; pop ebx; pop ecx; ret
    > 0x00498d8d : pop eax; pop edi; pop ebx; pop esi; ret
    > 0x00476fdd : pop ebp; pop edi; pop esi; pop ebp; pop ebx; ret
sp lifting
    > 0x0040a80d : add esp, 0x100; ret
    > 0x0040a80d : add esp, 0x100; ret
    > 0x0040ce14 : add esp, 0x200; ret
    > 0x004173ef : add esp, 0x30; ret
    > 0x004131e5 : add esp, 0x400; ret
stack pivoting
    > 0x0040832e : xchg eax, esp; ret
    > 0x004179fa : mov esp, ebp; pop ebp; ret
    > 0x0048673c : push eax; pop esp; xor ecx, ecx; test edx, edx; sete cl; mov eax, ecx; ret
    > 0x00493146 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x004350b8 : xchg esp, esi; add al, [eax]; add [ebx + 0x5f], bl; mov eax, 1; pop esi; ret
write mem
    > 0x00448ac0 : add [edx], eax; ret
    > 0x00414356 : adc [edx], ebp; ret
    > 0x00492b68 : add [eax + 0x5d], ebx; ret
    > 0x0041aa3d : add [eax + 1], edi; ret
    > 0x00470f7d : adc [eax + 0x1c], ebp; ret 0x4a