ropshell> use b729ba1592acacb47f2b06dd3d5753fa (download)
name         : Flash6.ocx (i386/PE)
base address : 0x10001000
total gadgets: 18015

ropshell> suggest "load mem"
> 0x100852a0 : mov eax, [ecx]; ret
> 0x100838e0 : mov eax, [ecx + 0x14]; ret
> 0x1004df83 : mov eax, [esi]; pop edi; pop esi; ret 0xc
> 0x10034520 : mov eax, [edi]; pop edi; pop esi; ret
> 0x100847e2 : mov ecx, [eax]; call [ecx]; ret 0xc
> 0x10011f52 : movsx ecx, [edx]; sub eax, ecx; ret
> 0x10012619 : mov eax, [esi + 0x10]; pop esi; ret
> 0x10008f2c : mov eax, [edi + 8]; pop edi; ret
> 0x1003d5c0 : mov eax, [ebp + 0x10]; pop ebp; ret 0xc
> 0x10025527 : mov edx, [ecx]; call [edx + 0xc]; ret 8
> 0x1009ad96 : mov eax, [edx + 8]; pop ebx; pop ecx; ret 0x10
> 0x1007a246 : mov esi, [eax + 8]; mov eax, esi; pop esi; ret
> 0x1007ed0a : mov eax, [ebx]; call [eax + 0x1c]
> 0x1006b2b9 : mov eax, [edx]; sete cl; mov [eax + 0x2c], ecx; ret
> 0x1007eb73 : mov ecx, [ebx]; call [ecx + 0xc]
> 0x10082f34 : mov ecx, [esi]; call [ecx + 4]
> 0x100841fb : mov ecx, [ebp]; call [ecx + 4]
> 0x1007ebbc : mov edx, [eax]; call [edx + 0x10]
> 0x1007cdef : mov edx, [ebx]; call [edx]
> 0x10081b65 : mov edx, [esi]; call [edx + 8]
> 0x1005fab7 : mov ebx, [ebp + 8]; push ebx; call edi
> 0x1001abb5 : mov ecx, [ebp + 0x14]; mov [ecx], eax; pop ebp; ret 0x10
> 0x1005433a : mov edx, [ebp + 0x1c]; mov [edx], ecx; pop ebp; ret 0x18
> 0x100740a6 : mov ecx, [edi]; push eax; call [ebx + 0x38]
> 0x1008306e : mov edx, [edi]; push edi; call [edx + 0x3c]
> 0x1005f322 : mov edi, [ecx]; push ecx; call [edi + 0x1c]
> 0x10061c92 : mov ecx, [eax + 4]; call [ecx]
> 0x10082cb4 : mov edx, [ecx + 0x10]; mov [eax], edx; xor eax, eax; ret 8
> 0x10050bc8 : mov esi, [ecx + 0x14]; call [eax + 0x74]
> 0x10038024 : mov esi, [ebp + 8]; mov eax, esi; pop edi; pop esi; pop ebp; ret
> 0x10015c22 : mov eax, [ebp]; mov ecx, ebp; call [eax + 4]
> 0x10082f75 : mov ebx, [edi + 4]; push esi; call [eax + 4]
> 0x1003fe24 : mov ecx, [edx + 0x18]; mov [eax], ecx; pop edi; pop esi; pop ebp; ret 8
> 0x1002d0f8 : mov edx, [edi + 0x2c]; mov [edx + eax], ecx; pop edi; pop esi; ret
> 0x10083100 : mov edx, [ebp]; push eax; mov ecx, ebp; call [edx + 0x20]
> 0x10022328 : mov ecx, [ebx + 0x40]; mov [eax], ecx; pop edi; pop esi; pop ebp; pop ebx; ret 4
> 0x10065685 : mov ecx, [esi + 0x18]; push eax; push esi; call [ecx + 0x14]
> 0x1002197a : mov edx, [eax + 0xc]; imul edx, [ecx]; mov [eax + 0xc], edx; ret 4
> 0x10081f64 : mov ecx, [edi + 0xc]; mov eax, [ecx]; call [eax + 0x14]
> 0x1009253b : mov edx, [esi + 8]; pop edi; mov [esi + 0xc], edx; pop esi; add esp, 8; ret
> 0x1006d1f4 : movzx esi, [edx + esi]; or eax, esi; inc edx; mov [ecx + 0xc], edx; pop esi; ret
> 0x100625fe : mov esi, [edi + 0x1a4]; push ebx; push 1; push edi; call [eax]
> 0x10024db0 : mov esi, [eax]; mov [edx], esi; inc [ecx + 0x5a4]; mov [eax], edx; pop esi; ret 4
> 0x1007eca5 : mov eax, [ebx + 8]; push eax; mov ecx, [eax]; call [ecx + 0x1c]
> 0x10063b23 : mov edi, [esi + 0x118]; shl ecx, 3; push ecx; push 1; push esi; call [eax]
> 0x10008849 : mov edi, [eax + 0x20]; mov eax, [ebx]; mov [ebp - 0x14], edi; call [eax + 0x24]
> 0x1005cdb6 : mov edi, [ebx]; add eax, [ebp + 0x14]; push edx; push ecx; push eax; push ebx; call [edi + 0x10]
> 0x10097e87 : mov ebp, [esi + 0x24]; mov edx, [ecx]; add eax, ebp; push edi; push eax; call [edx + 4]
> 0x10063b1d : mov ebx, [esi + 0x184]; mov edi, [esi + 0x118]; shl ecx, 3; push ecx; push 1; push esi; call [eax]
> 0x10083407 : mov ebx, [ecx + 8]; mov ecx, [ecx + 0xc]; mov [eax + 8], ebx; mov [eax + 0xc], ecx; call [edx + 0x14]
> 0x1008338b : mov ebp, [eax + 8]; mov eax, [eax + 0xc]; mov [ecx + 8], ebp; mov [ecx + 0xc], eax; call [edx + 0xc]
> 0x10083354 : mov ebp, [ecx + 8]; mov [edx + 8], ebp; mov ecx, [ecx + 0xc]; mov [edx + 0xc], ecx; call [eax + 0x1c]
> 0x1003ebf5 : mov edi, [ebp + 0x14]; mov eax, [ebp - 4]; inc [eax + 0xd14]; lea esi, [eax + 0xd14]; lea eax, [ebp - 0x7c]; push eax; call [ebp + 0x1c]
> 0x10083491 : mov edi, [ecx + 8]; mov [eax + 8], edi; mov edi, [esp + 0x50]; mov ecx, [ecx + 0xc]; push edi; mov [eax + 0xc], ecx; call [edx + 0x18]