ropshell> use e52edf9e16b718131ae16fb22514b44c (download)
name         : libc-2.15.so (i386/ELF)
base address : 0x16f70
total gadgets: 15591
ropshell> suggest
call
    > 0x00019532 : call eax
    > 0x0001f1c2 : call ebx
    > 0x0002b2a2 : call ecx
    > 0x000251a9 : call edx
    > 0x000194a8 : call esi
jmp
    > 0x00129996 : push esp; ret
    > 0x000278e3 : jmp eax
    > 0x0007dd14 : jmp ebx
    > 0x0003b610 : jmp ecx
    > 0x0001a2f1 : jmp edx
load mem
    > 0x00073bf0 : movzx eax, [edx]; pop esi; ret
    > 0x0001af9b : mov eax, [ecx + 0x36c0]; ret
    > 0x0013ec24 : movzx eax, [edx + 1]; sub eax, ecx; ret
    > 0x0010357f : mov ebp, [ecx + 0xc]; jmp edx
    > 0x0013c432 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x00023be8 : pop eax; ret
    > 0x0001934e : pop ebx; ret
    > 0x000cae3b : pop ecx; ret
    > 0x0002dc4c : pop edx; ret
    > 0x00019096 : pop esi; ret
pop pop ret
    > 0x00023be8 : pop eax; ret
    > 0x001321a3 : pop ebp; pop ebx; ret
    > 0x000a7197 : pop eax; pop edi; pop esi; ret
    > 0x0002fdca : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001706b : pop eax; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0007da31 : add esp, 0x100; ret
    > 0x0007da31 : add esp, 0x100; ret
    > 0x0007e9f2 : add esp, 0x20; ret
    > 0x000ef1d8 : add esp, 0x34; ret
    > 0x000e6261 : add esp, 0x40; ret
stack pivoting
    > 0x000504d8 : xchg eax, esp; ret
    > 0x00030d33 : mov esp, ebp; pop ebp; ret
    > 0x0002dd1d : mov esp, ecx; jmp edx
    > 0x000b6a91 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
    > 0x00045713 : lea esp, [ebx + edi*8 - 1]; jmp [esi - 0x41]
syscall
    > 0x000b9085 : call gs:[0x10]; ret
    > 0x000eeaf1 : int 0x80; pop ebp; pop edi; pop esi; pop ebx; ret
write mem
    > 0x0009587c : add [eax], edx; ret
    > 0x0009589c : add [eax], esi; ret
    > 0x00089a01 : add [eax + 0x5f028d02], ecx; ret
    > 0x0008b515 : add [ebx + 0x5b5fffd8], eax; ret
    > 0x00081ba0 : adc [esi + 0x5f], ebx; ret