ropshell> use bd94baeec6bf96d111fadb01c4e0f1f4 (download) name : urlaubsverwaltung (i386/RAW) base address : 0x0 total gadgets: 558
ropshell> suggest call > 0x000015f3 : call eax > 0x0000162d : call edx > 0x00011027 : call esi > 0x00008e1b : call [eax] > 0x0002145c : call [ecx] jmp > 0x00008593 : jmp eax > 0x00008b83 : jmp ecx > 0x00008c4f : jmp edi > 0x00008b57 : jmp esp > 0x0000854b : jmp [eax] load mem > 0x00001e32 : mov eax, [ebp + 8]; pop ebp; ret > 0x00007548 : mov edx, [ebp + 8]; mov eax, [ebp + 0xc]; or eax, edx; pop ebp; ret load reg > 0x00001145 : pop ebx; ret > 0x00001d3e : pop ebp; ret > 0x00001de0 : pop esi; pop ebp; ret > 0x00001d3d : pop edi; pop ebp; ret > 0x000015c0 : mov ebx, [esp]; ret pop pop ret > 0x00001d3e : pop ebp; ret > 0x00001d3d : pop edi; pop ebp; ret > 0x00001ddf : pop ebx; pop esi; pop ebp; ret > 0x00001d3b : pop ebx; pop esi; pop edi; pop ebp; ret stack pivoting > 0x00001ddc : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret > 0x000016c7 : leave ; ret write mem > 0x0000be97 : adc [eax], ecx; ret > 0x0000342e : add [ecx], eax; ret > 0x0000a6c4 : add [esi + 0x1900000a], edi; ret 0x3e > 0x0000f212 : adc [ebx + 0xa], edi; sbb [eax], ebx; cmp bh, [ebx + 0x200000a]; ret 7 > 0x00011020 : add [edi], ebp; pop ds; sub eax, [eax]; add [edx], ah; call esi