ropshell> use 86f1895ae8c5e8b17d99ece768a70732 (download)
name         : msvcr71.dll (i386/PE)
base address : 0x7c341000
total gadgets: 3036

ropshell> suggest "load mem"
> 0x7c35aa0f : mov eax, [ecx + 0xc]; ret
> 0x7c345897 : mov eax, [edx + 4]; ret
> 0x7c36c93b : mov edi, [ebx + 0x5959fffd]; ret
> 0x7c354f9d : mov eax, [esi + 0x28]; pop esi; ret
> 0x7c351d60 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x7c365298 : movzx eax, [ecx]; add eax, esi; pop esi; ret
> 0x7c3701d1 : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x7c359d70 : mov ebp, [ebx + 0x20]; jmp eax
> 0x7c341f0c : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x7c3590b1 : mov ecx, [esi + 0xc]; mov [eax + 0x80], ecx; pop esi; ret
> 0x7c3590d0 : mov ecx, [ebp + 0xc]; call [ebp + 8]
> 0x7c35ac01 : mov eax, [esi]; mov ecx, esi; call [eax]
> 0x7c35ac3f : mov eax, [edi]; mov ecx, edi; pop edi; pop esi; jmp [eax + 4]
> 0x7c3701f9 : mov edx, [eax]; sub dx, cx; neg dx; sbb edx, edx; not edx; and eax, edx; ret
> 0x7c35aded : mov ecx, [esi]; mov [esi + ecx*4 + 4], eax; mov eax, esi; pop esi; ret 4
> 0x7c358a91 : mov eax, [edi + 4]; mov [esi + 4], eax; pop edi; mov eax, esi; pop esi; ret 4
> 0x7c359b13 : mov ebx, [ebp + 0xc]; mov esp, [ebx - 4]; mov ebp, [ebp - 4]; jmp eax
> 0x7c358f24 : mov esi, [edx + esi]; mov ecx, [esi + ecx]; add ecx, edx; add eax, ecx; pop esi; ret
> 0x7c359ff9 : mov esi, [eax + 8]; add ecx, [edx + esi]; pop esi; mov eax, [eax]; add eax, ecx; ret
> 0x7c359b08 : mov eax, [ebx]; mov fs:[0], eax; mov eax, [ebp + 8]; mov ebx, [ebp + 0xc]; mov esp, [ebx - 4]; mov ebp, [ebp - 4]; jmp eax