ropshell> use b47df2a6c5c070bc01f123329b5b48a6 (download)
name         : hexchat (i386/ELF)
base address : 0x8065ac0
total gadgets: 4156

ropshell> suggest "load mem"
> 0x080ba7d8 : mov eax, [ebx + 0x4a8901c1]; add al, 0x5b; ret
> 0x0806da5b : mov eax, [ecx + 0x58]; pop ebx; jmp eax
> 0x080c07b8 : mov eax, [edx + 0x50]; add esp, 4; pop ebx; pop esi; ret
> 0x0806e203 : mov edx, [eax + 0xc]; add esp, 8; mov eax, edx; pop ebx; ret
> 0x0806dc8f : mov ecx, [edx]; push eax; push edx; call [ecx + 0x6c]
> 0x080c0a78 : mov ecx, [esi]; add ebx, [ebx + ecx*4 - 0x5a0d8]; jmp ebx
> 0x0806db60 : mov edx, [esi]; push edi; push esi; call [edx + 0x70]
> 0x0808b971 : mov eax, [esi + 0xabc]; mov [eax], 0; add esp, 4; pop ebx; pop esi; ret
> 0x080cd12a : mov ecx, [eax + 0x4364]; mov eax, [eax + 0x4360]; mov [edx], ecx; ret
> 0x080965d3 : movzx eax, [esi]; mov ecx, [ebx + eax*4 - 0x5f960]; add ecx, ebx; jmp ecx
> 0x0806a73d : movsx ecx, [edx + 0x26]; push ecx; push edx; push eax; call [eax + 0x3c]
> 0x08082b61 : mov eax, [edi + 0x260]; mov ecx, [ebx + eax*4 - 0x62520]; add ecx, ebx; jmp ecx
> 0x0807ef62 : movzx ecx, [edi + 0xc]; mov edx, [ebx + ecx*4 - 0x62b44]; add edx, ebx; jmp edx
> 0x080be270 : mov edx, [esi + 8]; sub esp, 8; push eax; push edx; call [edx + 0x28]
> 0x080ba7d4 : mov ebx, [edx]; mov [ebx + ecx*4], eax; add ecx, 1; mov [edx + 4], ecx; pop ebx; ret
> 0x080d4d26 : mov edx, [ecx]; mov eax, [esp + 0x1c]; mov [eax], edx; add esp, 8; mov eax, 1; pop ebx; ret
> 0x080d3d42 : movzx eax, [ebp + 0x40]; push eax; push [ebp + 0x2c]; push [ebp + 0x18]; push ecx; call esi
> 0x080bab30 : mov edx, [edi + 8]; push [ebp + 8]; mov eax, [esp + 0x10]; push eax; push edx; call [edx + 0x6c]
> 0x080cc079 : mov edx, [ebx]; push [ebx + 0x10]; mov eax, [ebx + 8]; push [eax + edx*4 - 4]; push [esp + 0x30]; call [ebx + 0xc]