ropshell> use 4329ee7d502c9113eba0f9570392f5ee (download)
name         : hal.dll (i386/PE)
base address : 0x80010400
total gadgets: 963
ropshell> suggest
call
    > 0x80010acb : call eax
    > 0x80010f96 : call ecx
    > 0x80016a53 : call esi
    > 0x80018016 : call [eax]
    > 0x8001476c : call [ebx + 0x10]
jmp
    > 0x80017df5 : jmp ebx
    > 0x80011ed4 : jmp ecx
    > 0x80018b67 : jmp esp
    > 0x80015de9 : jmp [eax]
    > 0x80018234 : jmp [esi + 0x3d]
load mem
    > 0x800186cb : mov eax, [ebp + 8]; pop ebp; ret 4
    > 0x80015024 : mov eax, [esi + 0x14]; pop edi; pop esi; pop ebx; pop ebp; ret 8
    > 0x80016a9f : mov ecx, [ebp + 0xc]; mov [ecx], al; pop ebp; ret 8
load reg
    > 0x80010aae : pop eax; ret
    > 0x80010c05 : pop ebx; ret
    > 0x80014101 : pop esi; ret
    > 0x80018f4d : pop edi; ret 0xc
    > 0x8001399e : pop ebp; ret
pop pop ret
    > 0x80010aae : pop eax; ret
    > 0x80014100 : pop ebx; pop esi; ret
    > 0x80013c14 : pop ebx; pop edi; pop ebp; ret
    > 0x80016056 : pop eax; pop edi; pop esi; pop ebp; ret 0x10
stack pivoting
    > 0x80013b5e : mov esp, ebp; pop ebp; ret
    > 0x8001185f : leave ; ret
write mem
    > 0x8001625b : add [eax + 0x5d], ebx; ret 0x10
    > 0x800180d9 : add [esi + 0x5d], ebx; ret 0xc
    > 0x8001597c : add [ebx + 0x74c30bc7], ecx; or bh, dh; ret 0
    > 0x800162a7 : adc [eax], ebp; add [eax], al; xor eax, eax; inc eax; pop ebp; ret 0x10
    > 0x80012a17 : adc [ebx + 0x77500fa], eax; or ecx, 2; mov [eax + 4], ecx; ret