ropshell> use 4c80b782dfdc9636e18663815f75bc48 (download) name : libc.so-3.6 (i386/ELF) base address : 0x17420 total gadgets: 15666
ropshell> suggest call > 0x00019a82 : call eax > 0x0001f9bc : call ebx > 0x00033461 : call ecx > 0x0001b087 : call edx > 0x000199f8 : call esi jmp > 0x00124236 : push esp; ret > 0x0001a830 : jmp eax > 0x0007c414 : jmp ebx > 0x0004d3d6 : jmp ecx > 0x0002c9e1 : jmp edx load mem > 0x0006ce67 : mov eax, [edx]; ret > 0x0001b4fb : mov eax, [ecx + 0x3664]; ret > 0x000c5717 : mov eax, [edx + 8]; pop ebx; pop esi; ret > 0x000b3ff3 : mov eax, [ebp + ebx]; add al, ch; ret > 0x000f9d7f : mov ebp, [ecx + 0xc]; jmp edx load reg > 0x000248e8 : pop eax; ret > 0x000198ae : pop ebx; ret > 0x0002e3cc : pop edx; ret > 0x00019606 : pop esi; ret > 0x0001749a : pop edi; ret pop pop ret > 0x000248e8 : pop eax; ret > 0x0013f06b : pop ebp; pop ebx; ret > 0x000a53f7 : pop eax; pop edi; pop esi; ret > 0x0003036a : pop eax; pop ebx; pop esi; pop edi; ret > 0x0001d3e8 : pop esp; pop ebx; pop esi; pop edi; pop ebp; ret sp lifting > 0x0007c131 : add esp, 0x100; ret > 0x0007c131 : add esp, 0x100; ret > 0x0001a4cf : add esp, 0x24; ret > 0x000d9182 : add esp, 0x3c; ret > 0x00117005 : add esp, 0x4c; ret stack pivoting > 0x00035214 : xchg eax, esp; ret > 0x0002e49d : mov esp, ecx; jmp edx > 0x00115e4a : lea esp, [ebp + 0xfffffff8]; pop ebx; pop edi; pop ebp; ret > 0x0005baf1 : lea esp, [edi + edi*8 + 0xffffffff]; jmp [ebp + 0xffffff89] > 0x0012997b : xchg esp, ebx; add eax, [eax]; add ebx, [ebx + ecx*4]; add edx, ecx; jmp ebx syscall > 0x000b6065 : call gs:[0x10]; ret > 0x000ea621 : int 0x80; pop ebp; pop edi; pop esi; pop ebx; ret write mem > 0x000946ec : add [eax], edx; ret > 0x0009470c : add [eax], esi; ret > 0x00088861 : add [eax + 0x5f028d02], ecx; ret > 0x0008a375 : add [ebx + 0x5b5fffd8], eax; ret > 0x00106364 : adc [esi + 0x5f], ebx; ret