ropshell> use 33f2e09e5c0755fe275b9865f9023c8b (download)
name         : IPGen2_64.exe (x86_64/PE)
base address : 0x401000
total gadgets: 34433
ropshell> suggest "stack pivoting"
> 0x0042eca2 : xchg eax, esp; ret
> 0x0040f99f : mov rsp, rbp; pop rbp; ret
> 0x0040f9a0 : mov esp, ebp; pop rbp; ret
> 0x00539e93 : lea esp, [rax - 0x18000000]; ret
> 0x004a35c9 : lea rsp, [rbp + 0x100]; pop rbp; ret
> 0x004a35ca : lea esp, [rbp + 0x100]; pop rbp; ret
> 0x0047830c : lea rsp, [ebp + 0x88]; pop rbx; pop rbp; ret
> 0x00444f16 : push rsi; pop rsp; cld ; jmp [rsi + 0xf]
> 0x005f477f : movsxd rsp, ecx; dec [rax - 0x73]; sub gs:[rbx + 0x5d], bl; ret
> 0x005911e2 : mov rsp, rdi; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret
> 0x0059161f : xchg edi, esp; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret
> 0x005911e3 : mov esp, edi; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret
> 0x0043369f : lea esp, [rsi - 3]; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret
> 0x0064f7bb : push rbp; sub [rbx + rcx*4 + 0x45], al; pop rsp; mov rsi, [rax]; call [rsi + 0x18]
> 0x005f22ee : xchg ecx, esp; dec [rax - 0x73]; movsd [rdi], [rsi]; clc ; add [rax], eax; add [rbx + 0x5d], bl; ret
> 0x0047656b : leave ; mov eax, ecx; ret