ropshell> use f13e5713ae0c7776b423cc534ec805e0 (download)
name         : adminsrv.exe (i386/PE)
base address : 0x401000
total gadgets: 410
ropshell> suggest
call
    > 0x00401024 : call eax
    > 0x004087ac : call ecx
    > 0x00401327 : call edx
    > 0x00409563 : call [eax - 0x6b]
jmp
    > 0x004012c5 : jmp eax
    > 0x004064ac : jmp [eax]
    > 0x00404c7a : jmp [ecx]
    > 0x00407ea3 : jmp [esi - 0x39]
    > 0x00403e20 : push esp; mov ebp, [esp + 0x58]; add esp, 0x5c; ret
load mem
    > 0x0040418c : mov eax, [ebx + 4]; mov [esp], esi; call eax
load reg
    > 0x00401e30 : pop ebx; ret
    > 0x00404398 : pop ecx; ret
    > 0x004041ae : pop esi; ret
    > 0x00401eaf : pop edi; ret
    > 0x00401343 : pop ebp; ret
pop pop ret
    > 0x00401343 : pop ebp; ret
    > 0x00404397 : pop eax; pop ecx; ret
    > 0x00402da8 : pop ebx; pop esi; pop edi; ret
    > 0x00401f70 : pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x00408265 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x00402ec6 : add esp, 0x1c; ret
    > 0x00402ec6 : add esp, 0x1c; ret
    > 0x00408bfd : add esp, 0x24; ret
    > 0x00407d84 : add esp, 0x3c; ret
    > 0x00407905 : add esp, 0x4c; ret
stack pivoting
    > 0x0040948c : lea esp, [ecx - 4]; ret
    > 0x00401f6d : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
    > 0x004033bd : xchg eax, esp; rol [ecx + 0x214c4], 0; movzx eax, al; pop esi; pop edi; ret
    > 0x00401335 : leave ; ret