ropshell> use d40c10c9c401a206c019e64220a403a8 (download) name : m2.exe (i386/PE) base address : 0x401000 total gadgets: 317
ropshell> suggest "load reg" > 0x00401ab1 : pop ebx; ret > 0x00406b88 : pop ecx; ret > 0x00401b4e : pop esi; ret > 0x0040204b : pop edi; ret > 0x0040132f : pop ebp; ret > 0x004017c7 : pop esp; ret > 0x00406b87 : pop eax; pop ecx; ret > 0x00401b6c : mov esi, [esp + 0x18]; add esp, 0x1c; ret > 0x00405d1e : mov edi, [esp + 0x18]; add esp, 0x1c; ret > 0x004064e9 : mov ebp, [esp + 0x20]; add esp, 0x24; ret > 0x00405d1a : mov ebx, [esp + 0x10]; mov edi, [esp + 0x18]; add esp, 0x1c; ret > 0x004051ea : mov edx, [esp + 0x50]; mov [edx], al; mov eax, 1; add esp, 0x4c; ret