ropshell> use d3a21f576bd28cf1ab5ef85f67746df5 (download)
name         : msctf_.dll (i386/PE)
base address : 0x10001000
total gadgets: 10164

ropshell> suggest "load mem"
> 0x1004bf42 : mov eax, [ecx]; ret
> 0x1004bf50 : mov eax, [edx]; ret
> 0x10051c20 : mov eax, [esi]; pop esi; ret
> 0x1004edc0 : mov eax, [ecx + 0x14]; ret
> 0x1003d21a : mov eax, [esi + 0x10]; pop esi; ret
> 0x1001662f : mov eax, [edi + 0x3c]; pop edi; ret
> 0x10080c76 : mov eax, [ebp + 0xc]; pop ebp; ret 8
> 0x1002f4dc : mov edx, [ecx + eax]; pop ebp; ret 4
> 0x1001b18e : mov ecx, [esi]; mov eax, ecx; pop esi; ret
> 0x10014635 : mov esi, [eax]; mov eax, esi; pop esi; ret
> 0x10048c0e : mov ecx, [ebp + 0x40]; call esi
> 0x10018a91 : mov esi, [edi]; add [eax], eax; pop edi; pop esi; ret
> 0x1009377d : mov eax, [ebx + 0x5e5ffffb]; pop ebx; mov esp, ebp; pop ebp; ret 0x10
> 0x1008531e : mov edx, [edi + 0x484]; pop esi; mov eax, edx; pop edi; ret
> 0x10057b1d : mov eax, [ebx]; inc [eax]; mov al, 1; pop ebx; pop ebp; ret 0x14
> 0x10025711 : mov ebx, [ecx]; add eax, [eax]; mov esp, ebp; pop ebp; ret 0x10
> 0x100bb38c : mov esi, [ebx]; test esi, esi; pop edi; pop esi; sete al; pop ebx; ret
> 0x100bdf80 : mov edi, [ecx]; mov eax, edi; pop edi; pop esi; pop ebx; pop ebp; ret 4
> 0x10096340 : mov ecx, [edx + 0x10]; cmp ecx, [edx - 0xc]; setg al; pop ebp; ret 8
> 0x1001360e : mov eax, [edx + 0x1c]; mov [ecx + 0x1c], eax; mov eax, ecx; pop ebp; ret 4
> 0x100111e0 : mov ecx, [eax + 0xa0]; xor eax, eax; cmp [ecx + 0xc], eax; setne al; ret
> 0x10018c24 : mov ecx, [esi + 0x18]; pop esi; mov [eax], ecx; xor eax, eax; pop ebp; ret 8
> 0x10042171 : mov edx, [esi + 0x48]; xor eax, eax; test edx, edx; pop esi; setne al; pop ebp; ret 0xc
> 0x10032af4 : mov esi, [edi + 0x1c]; mov eax, esi; pop edi; pop esi; mov esp, ebp; pop ebp; ret
> 0x1003db3b : mov edx, [ebp + 0x10]; mov ecx, [ebp - 4]; mov [edx], ecx; mov esp, ebp; pop ebp; ret 0xc