ropshell> use d3a21f576bd28cf1ab5ef85f67746df5 (download) name : msctf_.dll (i386/PE) base address : 0x10001000 total gadgets: 10164
ropshell> suggest call > 0x10015441 : call eax > 0x10016c63 : call ebx > 0x1002ad03 : call ecx > 0x1001015a : call esi > 0x10016399 : call edi jmp > 0x1008ad48 : push esp; ret > 0x10019031 : jmp eax > 0x1001f6bd : jmp ebx > 0x100e45fb : jmp edx > 0x100096e8 : jmp edi load mem > 0x1004bf42 : mov eax, [ecx]; ret > 0x1004bf50 : mov eax, [edx]; ret > 0x10051c20 : mov eax, [esi]; pop esi; ret > 0x1004edc0 : mov eax, [ecx + 0x14]; ret > 0x1003d21a : mov eax, [esi + 0x10]; pop esi; ret load reg > 0x1004523c : pop eax; ret > 0x10010021 : pop ebx; ret > 0x1000fdea : pop ecx; ret > 0x1006260e : pop edx; ret > 0x100109ec : pop esi; ret pop pop ret > 0x1004523c : pop eax; ret > 0x10025408 : pop ebx; pop ebp; ret > 0x10055a1b : pop ebx; pop ecx; pop ebp; ret > 0x10025406 : pop edi; pop esi; pop ebx; pop ebp; ret > 0x1007e3a0 : pop edi; pop esi; pop ebx; pop ecx; pop ebp; ret 0x10 sp lifting > 0x100d9fb3 : add esp, 0xc; ret stack pivoting > 0x1001897d : xchg eax, esp; ret > 0x1001079c : mov esp, ebp; pop ebp; ret > 0x10067316 : xchg esp, edi; call [ebx - 0x75] > 0x100a52cd : lea esp, [edi + edi*8 - 1]; call [eax + 0x6a] > 0x1002b138 : lea esp, [ebp + edi*8 - 1]; call [ecx + 0x68] write mem > 0x1000fec8 : add [eax], edx; ret > 0x10072826 : add [ebx], eax; ret > 0x1003ead2 : add [ebx], edi; ret > 0x100615df : add [edx], edi; ret > 0x1002d5ba : add [edi], ecx; cwde ; ret