ropshell> use f62cabb6fcbcfb581a2163eb95bd2d41 (download)
name         : vcat4.jlevin1 (i386/RAW)
base address : 0x0
total gadgets: 145
ropshell> suggest
call
    > 0x00001019 : call eax
    > 0x000031ff : call ecx
    > 0x000020cd : call edx
    > 0x00002022 : call [eax + 0x51]
    > 0x00010030 : call [edx]
jmp
    > 0x00011977 : jmp esi
    > 0x0000f494 : jmp [ecx]
load reg
    > 0x0000101e : pop ebx; ret
    > 0x00002138 : pop edx; ret
    > 0x000024c3 : pop ebp; ret
    > 0x000024c2 : pop edi; pop ebp; ret
    > 0x00002463 : popal ; cld ; ret
pop pop ret
    > 0x000024c3 : pop ebp; ret
    > 0x000024c2 : pop edi; pop ebp; ret
    > 0x000024c1 : pop esi; pop edi; pop ebp; ret
    > 0x000024c0 : pop ebx; pop esi; pop edi; pop ebp; ret
stack pivoting
    > 0x00002462 : lea esp, [ecx - 4]; ret
    > 0x0000245c : lea esp, [ebp - 8]; pop ecx; pop ebx; pop ebp; lea esp, [ecx - 4]; ret
    > 0x00002085 : leave ; ret
write mem
    > 0x0000fa60 : add [esi + 0x5000059], ebx; ret
    > 0x00010013 : add [eax + 0x5000050], edx; mov bl, 1; ret