ropshell> use bd94baeec6bf96d111fadb01c4e0f1f4 (download)
name         : urlaubsverwaltung (i386/RAW)
base address : 0x0
total gadgets: 558
ropshell> suggest
call
    > 0x000015f3 : call eax
    > 0x0000162d : call edx
    > 0x00011027 : call esi
    > 0x00008e1b : call [eax]
    > 0x0002145c : call [ecx]
jmp
    > 0x00008593 : jmp eax
    > 0x00008b83 : jmp ecx
    > 0x00008c4f : jmp edi
    > 0x00008b57 : jmp esp
    > 0x0000854b : jmp [eax]
load mem
    > 0x00001e32 : mov eax, [ebp + 8]; pop ebp; ret
    > 0x00007548 : mov edx, [ebp + 8]; mov eax, [ebp + 0xc]; or eax, edx; pop ebp; ret
load reg
    > 0x00001145 : pop ebx; ret
    > 0x00001d3e : pop ebp; ret
    > 0x00001de0 : pop esi; pop ebp; ret
    > 0x00001d3d : pop edi; pop ebp; ret
    > 0x000015c0 : mov ebx, [esp]; ret
pop pop ret
    > 0x00001d3e : pop ebp; ret
    > 0x00001d3d : pop edi; pop ebp; ret
    > 0x00001ddf : pop ebx; pop esi; pop ebp; ret
    > 0x00001d3b : pop ebx; pop esi; pop edi; pop ebp; ret
stack pivoting
    > 0x00001ddc : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x000016c7 : leave ; ret
write mem
    > 0x0000be97 : adc [eax], ecx; ret
    > 0x0000342e : add [ecx], eax; ret
    > 0x0000a6c4 : add [esi + 0x1900000a], edi; ret 0x3e
    > 0x0000f212 : adc [ebx + 0xa], edi; sbb [eax], ebx; cmp bh, [ebx + 0x200000a]; ret 7
    > 0x00011020 : add [edi], ebp; pop ds; sub eax, [eax]; add [edx], ah; call esi