ropshell> use f71e966c590bfb1f53ea3410f8b489d4 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x17420
total gadgets: 15645

ropshell> suggest
call
    > 0x00019a82 : call eax
    > 0x0001fadf : call ebx
    > 0x0002bba6 : call ecx
    > 0x0001b177 : call edx
    > 0x000199f8 : call esi
jmp
    > 0x001251a6 : push esp; ret
    > 0x0001a910 : jmp eax
    > 0x000462ad : jmp ebx
    > 0x000521e6 : jmp ecx
    > 0x0002c709 : jmp edx
load mem
    > 0x00065e87 : mov eax, [edx]; ret
    > 0x0001b5eb : mov eax, [ecx + 0x3664]; ret
    > 0x000d2c67 : mov eax, [edx + 8]; pop ebx; pop esi; ret
    > 0x000fc8af : mov ebp, [ecx + 0xc]; jmp edx
    > 0x00137242 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
load reg
    > 0x00026a88 : pop eax; ret
    > 0x000198ae : pop ebx; ret
    > 0x000a91be : pop ecx; ret
    > 0x0002e12c : pop edx; ret
    > 0x00019606 : pop esi; ret
pop pop ret
    > 0x00026a88 : pop eax; ret
    > 0x0014008b : pop ebp; pop ebx; ret
    > 0x000a6fc7 : pop eax; pop edi; pop esi; ret
    > 0x0004128a : pop eax; pop ebx; pop esi; pop edi; ret
    > 0x0001d4e8 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret
sp lifting
    > 0x0007b6a1 : add esp, 0x100; ret
    > 0x0007b6a1 : add esp, 0x100; ret
    > 0x0001a5af : add esp, 0x24; ret
    > 0x000dae32 : add esp, 0x3c; ret
    > 0x00118335 : add esp, 0x4c; ret
stack pivoting
    > 0x00098bc3 : xchg eax, esp; ret
    > 0x0002e1fd : mov esp, ecx; jmp edx
    > 0x001322cb : xchg esp, edi; jmp [esi - 0x70]
    > 0x0011717a : lea esp, [ebp - 8]; pop ebx; pop edi; pop ebp; ret
    > 0x00127008 : xchg esp, esi; inc [ebx - 0xf76d33c]; pop ebx; pop esi; pop edi; pop ebp; ret
syscall
    > 0x000b7de5 : call gs:[0x10]; ret
    > 0x000ebc11 : int 0x80; pop ebp; pop edi; pop esi; pop ebx; ret
write mem
    > 0x0009553c : add [eax], edx; ret
    > 0x0009555c : add [eax], esi; ret
    > 0x000896c1 : add [eax + 0x5f028d02], ecx; ret
    > 0x0008b1d5 : add [ebx + 0x5b5fffd8], eax; ret
    > 0x00107744 : adc [esi + 0x5f], ebx; ret