ropshell> use d85f70db20c12c10421e2e75402329d9 (download)
name         : hexchat (i386/ELF)
base address : 0x8065ac0
total gadgets: 4152
ropshell> suggest
call
    > 0x080664dc : call eax
    > 0x080a7f5d : call ebx
    > 0x080c6853 : call ecx
    > 0x0806652d : call edx
    > 0x080a57ad : call esi
jmp
    > 0x0807a3e7 : push esp; ret
    > 0x0806d7d7 : jmp eax
    > 0x080c0a81 : jmp ebx
    > 0x08082b70 : jmp ecx
    > 0x08073281 : jmp edx
load mem
    > 0x080ba7d8 : mov eax, [ebx + 0x4a8901c1]; add al, 0x5b; ret
    > 0x0806da5b : mov eax, [ecx + 0x58]; pop ebx; jmp eax
    > 0x080c07b8 : mov eax, [edx + 0x50]; add esp, 4; pop ebx; pop esi; ret
    > 0x0806e203 : mov edx, [eax + 0xc]; add esp, 8; mov eax, edx; pop ebx; ret
    > 0x0806dc8f : mov ecx, [edx]; push eax; push edx; call [ecx + 0x6c]
load reg
    > 0x080665be : pop ebx; ret
    > 0x08066b53 : pop esi; ret
    > 0x08066689 : pop edi; ret
    > 0x08066742 : pop ebp; ret
    > 0x08065c61 : popal ; cld ; ret
pop pop ret
    > 0x08066742 : pop ebp; ret
    > 0x080a87a4 : pop ebx; pop ebp; ret
    > 0x0806f647 : pop ebx; pop esi; pop ebp; ret
    > 0x0806673f : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x0806aa71 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0806a747 : add esp, 0x1c; ret
    > 0x0806a747 : add esp, 0x1c; ret
    > 0x0806a78a : add esp, 0x2c; ret
stack pivoting
    > 0x0807aac7 : xchg eax, esp; ret
    > 0x08065c60 : lea esp, [ecx - 4]; ret
    > 0x080a8f90 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x08099fa2 : mov esp, eax; fdiv st(5); call [edx + 0x6a]
    > 0x080a9872 : mov esp, esp; and al, 0xfa; call [ecx + 0x52]
syscall
    > 0x080ade65 : int 0x80; ret
write mem
    > 0x080cb192 : add [ecx], eax; ret
    > 0x080c7b89 : add [ecx], edi; ret 0xb8
    > 0x0808c152 : adc [ebx + 0x5e5b24c4], eax; ret
    > 0x080c23df : add [esi + 0x5f], ebx; pop ebp; ret
    > 0x080a93de : add [eax + 0x5bf8658d], edx; pop esi; pop ebp; ret