ropshell> use 09b4f7d234859cf6dd55bd4a4275d152 (download) name : binex_vuln_custom (x86_64/ELF) base address : 0x6050 total gadgets: 4134
ropshell> suggest "load reg" > 0x00008cf3 : pop rax; ret > 0x0000707e : pop rbx; ret > 0x00006860 : pop rcx; ret > 0x000060d5 : pop rsi; ret > 0x000061a1 : pop rdi; ret > 0x000066bc : pop rbp; ret > 0x000060d4 : pop r14; ret > 0x000061a0 : pop r15; ret > 0x00006376 : pop rsp; pop r14; pop r15; ret > 0x00006375 : pop r12; pop r14; pop r15; ret > 0x000092c4 : pop r13; pop r14; pop r15; ret > 0x0001e6de : mov rax, [rsp]; pop rcx; ret > 0x0001e6df : mov eax, [rsp]; pop rcx; ret > 0x0002bbd7 : mov rdx, [rsp + 0x30]; call rbx > 0x00031d24 : mov rsi, [rsp + 0x30]; call rbp > 0x0002bbd8 : mov edx, [rsp + 0x30]; call rbx > 0x00031d25 : mov esi, [rsp + 0x30]; call rbp > 0x00019f20 : mov edi, [rsp + 0x14]; call r12 > 0x00028fec : mov rcx, [rsp + 0xc8]; xor r8d, r8d; call r14 > 0x0001f7f3 : mov rdi, [rsp + 0x70]; call [r13 + 0x28] > 0x00028fed : mov ecx, [rsp + 0xc8]; xor r8d, r8d; call r14 > 0x0003c558 : pop rdx; add [rax], r8b; mov edx, 1; call [rax + 0x18] > 0x00015c33 : mov rbx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp > 0x00015c34 : mov ebx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp > 0x00019f01 : movzx r8, [rsp + r12 + 0x10]; movsxd rax, [rbp + rax*4]; add rax, rbp; jmp rax > 0x00015c2f : mov r15, [rsp]; mov rbx, [rsp + 8]; mov rdi, r15; mov rsi, rbx; call rbp > 0x0002bbcd : mov rbp, [rsp + 0x38]; mov rdi, rbp; xor esi, esi; mov rdx, [rsp + 0x30]; call rbx > 0x0002bbce : mov ebp, [rsp + 0x38]; mov rdi, rbp; xor esi, esi; mov rdx, [rsp + 0x30]; call rbx > 0x000217fe : mov r13, [rsp + 8]; mov rbx, [rsp + 0x10]; mov rdi, r12; mov rsi, r13; mov rdx, rbx; call r14