ropshell> use 6052d7ed6f5b4cd81632f93ba4e9f3e0 (download)
name         : lab8B (i386/ELF)
base address : 0x950
total gadgets: 65

ropshell> suggest
call
    > 0x000009d8 : call eax
    > 0x00000a25 : call ecx
    > 0x00000972 : call [eax + 0x51]
    > 0x000015d3 : call [esi + 0x53]
    > 0x00000aba : call [ebp - 0x77]
jmp
    > 0x0000150c : jmp eax
    > 0x00000980 : push esp; mov ebx, [esp]; ret
load mem
    > 0x00000a15 : mov edx, [eax + eax]; add [ebp - 0x760f8b37], al; inc esp; and al, 4; mov [esp], edx; call ecx
load reg
    > 0x000009c9 : pop ebp; ret
    > 0x000009c8 : pop ebx; pop ebp; ret
    > 0x000010a4 : pop edi; pop ebp; ret
    > 0x000010a3 : pop esi; pop edi; pop ebp; ret
    > 0x00000982 : mov ebx, [esp]; ret
pop pop ret
    > 0x000009c9 : pop ebp; ret
    > 0x000009c8 : pop ebx; pop ebp; ret
    > 0x000010a3 : pop esi; pop edi; pop ebp; ret
    > 0x000010a2 : pop ebx; pop esi; pop edi; pop ebp; ret
stack pivoting
    > 0x000015c6 : leave ; ret
write mem
    > 0x00000a6e : add [ebx + 0x5d5b14c4], eax; ret