ropshell> use da9506e800e13da0abba32bb0c105382 (download) name : xinput1_3.dll (i386/PE) base address : 0x401000 total gadgets: 1193
ropshell> suggest call > 0x00407825 : call eax > 0x00408756 : call ebx > 0x004080a6 : call ecx > 0x004087ad : call esi > 0x00401e1b : call edi jmp > 0x00407b35 : jmp eax > 0x00409f85 : jmp [eax] > 0x0040b1e5 : jmp [ebx] > 0x00401dff : jmp [ecx] > 0x00409e5e : jmp [esi - 0x75] load mem > 0x00407df3 : mov ebp, [ebx + 0x20]; jmp eax > 0x0040d2c4 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x00407886 : mov eax, [ebp + 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret 0xc > 0x00407f04 : mov eax, [edx + 4]; mov [ecx + 4], eax; pop ebp; ret > 0x0040901f : mov ecx, [esi + ecx]; add ecx, edx; add eax, ecx; pop esi; ret load reg > 0x0040869b : pop eax; ret > 0x004079bd : pop ebx; ret > 0x00408a59 : pop ecx; ret > 0x004080c6 : pop esi; ret > 0x004083a1 : pop edi; ret pop pop ret > 0x0040869b : pop eax; ret > 0x0040bfc1 : pop eax; pop esi; ret > 0x00408448 : pop ebx; pop esi; pop edi; ret > 0x00408447 : pop ecx; pop ebx; pop esi; pop edi; ret > 0x00407a01 : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4 stack pivoting > 0x0040b782 : xchg eax, esp; ret > 0x004035ad : mov esp, ebp; pop ebp; ret > 0x0040d2c2 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret > 0x004075a7 : leave ; ret write mem > 0x00408c17 : add [eax + 0x70], ebp; inc [eax]; call ebx > 0x00404012 : add [ebx + 0x189f84d], ecx; mov eax, [ebp - 4]; mov esp, ebp; pop ebp; ret 0xc > 0x0040a7ac : adc [ecx], eax; stosd es:[edi], eax; stosd es:[edi], eax; stosd es:[edi], eax; pop edi; ret > 0x0040cfdc : add [ebp + 0x18], esi; lea eax, [ebp - 0x30]; push eax; push [ebp + 0xc]; call esi