ropshell> use da9506e800e13da0abba32bb0c105382 (download)
name         : xinput1_3.dll (i386/PE)
base address : 0x401000
total gadgets: 1193
ropshell> suggest
call
    > 0x00407825 : call eax
    > 0x00408756 : call ebx
    > 0x004080a6 : call ecx
    > 0x004087ad : call esi
    > 0x00401e1b : call edi
jmp
    > 0x00407b35 : jmp eax
    > 0x00409f85 : jmp [eax]
    > 0x0040b1e5 : jmp [ebx]
    > 0x00401dff : jmp [ecx]
    > 0x00409e5e : jmp [esi - 0x75]
load mem
    > 0x00407df3 : mov ebp, [ebx + 0x20]; jmp eax
    > 0x0040d2c4 : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x00407886 : mov eax, [ebp + 0xc]; pop edi; pop esi; pop ebx; pop ebp; ret 0xc
    > 0x00407f04 : mov eax, [edx + 4]; mov [ecx + 4], eax; pop ebp; ret
    > 0x0040901f : mov ecx, [esi + ecx]; add ecx, edx; add eax, ecx; pop esi; ret
load reg
    > 0x0040869b : pop eax; ret
    > 0x004079bd : pop ebx; ret
    > 0x00408a59 : pop ecx; ret
    > 0x004080c6 : pop esi; ret
    > 0x004083a1 : pop edi; ret
pop pop ret
    > 0x0040869b : pop eax; ret
    > 0x0040bfc1 : pop eax; pop esi; ret
    > 0x00408448 : pop ebx; pop esi; pop edi; ret
    > 0x00408447 : pop ecx; pop ebx; pop esi; pop edi; ret
    > 0x00407a01 : pop eax; pop ecx; pop ebp; pop ecx; pop ebx; ret 4
stack pivoting
    > 0x0040b782 : xchg eax, esp; ret
    > 0x004035ad : mov esp, ebp; pop ebp; ret
    > 0x0040d2c2 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
    > 0x004075a7 : leave ; ret
write mem
    > 0x00408c17 : add [eax + 0x70], ebp; inc [eax]; call ebx
    > 0x00404012 : add [ebx + 0x189f84d], ecx; mov eax, [ebp - 4]; mov esp, ebp; pop ebp; ret 0xc
    > 0x0040a7ac : adc [ecx], eax; stosd es:[edi], eax; stosd es:[edi], eax; stosd es:[edi], eax; pop edi; ret
    > 0x0040cfdc : add [ebp + 0x18], esi; lea eax, [ebp - 0x30]; push eax; push [ebp + 0xc]; call esi