ropshell> use 6ca1ff4c257aa667e9569063f70482d0 (download) name : VulnApp2.exe (i386/PE) base address : 0x14801000 total gadgets: 992
ropshell> suggest call > 0x148029ab : call eax > 0x14801211 : call ebx > 0x14802400 : call ecx > 0x148013ca : call esi > 0x148019de : call edi jmp > 0x1480bca5 : jmp eax > 0x1480241f : jmp esi > 0x1480113d : jmp esp > 0x14804ee6 : jmp [eax] > 0x1480a135 : jmp [ebx] load mem > 0x1480a354 : mov eax, [edx + 4]; ret > 0x14809c1e : mov eax, [ebp + 8]; mov esp, ebp; pop ebp; ret > 0x14803f0f : movzx eax, [edx]; movzx ecx, [ecx]; sub eax, ecx; pop esi; pop ebp; ret > 0x1480182d : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret > 0x14802252 : mov eax, [edi]; mov [ecx], eax; mov [ecx + 4], 0; pop edi; pop ebp; ret load reg > 0x14801146 : pop ebx; ret > 0x1480130c : pop ecx; ret > 0x148098de : pop edx; ret > 0x14801529 : pop esi; ret > 0x1480307a : pop edi; ret pop pop ret > 0x1480103e : pop ebp; ret > 0x1480359d : pop eax; pop ebp; ret > 0x14804ca2 : pop ebx; pop edi; pop esi; ret > 0x1480549f : pop eax; pop edi; pop esi; pop ebp; ret > 0x14805ab4 : pop ecx; pop edi; pop ebx; pop esi; pop ebp; ret sp lifting > 0x14806608 : add esp, 0x10; ret > 0x14806608 : add esp, 0x10; ret stack pivoting > 0x1480c351 : xchg eax, esp; ret > 0x1480acb2 : mov esp, ebx; pop ebx; ret > 0x14801149 : mov esp, ebp; pop ebp; ret > 0x1480c38e : lea esp, [ebx + eax*8 - 0x5b6feb80]; ret > 0x1480bfa6 : lea esp, [esp]; lea ecx, [ecx]; mov eax, [esp + 0xc]; pop esi; pop edi; ret write mem > 0x1480bd11 : add [ebx + 0x5e0c2444], ecx; pop edi; ret > 0x1480bd25 : add [edx + 0x47880246], ecx; add cl, [ebx + 0x5e0c2444]; pop edi; ret > 0x148020d9 : add [ebx + 9], esi; rep stosb es:[edi], al; mov eax, [esp + 4]; mov edi, edx; ret