ropshell> use 33f2e09e5c0755fe275b9865f9023c8b (download) name : IPGen2_64.exe (x86_64/PE) base address : 0x401000 total gadgets: 34433
ropshell> suggest "stack pivoting" > 0x0042eca2 : xchg eax, esp; ret > 0x0040f99f : mov rsp, rbp; pop rbp; ret > 0x0040f9a0 : mov esp, ebp; pop rbp; ret > 0x00539e93 : lea esp, [rax - 0x18000000]; ret > 0x004a35c9 : lea rsp, [rbp + 0x100]; pop rbp; ret > 0x004a35ca : lea esp, [rbp + 0x100]; pop rbp; ret > 0x0047830c : lea rsp, [ebp + 0x88]; pop rbx; pop rbp; ret > 0x00444f16 : push rsi; pop rsp; cld ; jmp [rsi + 0xf] > 0x005f477f : movsxd rsp, ecx; dec [rax - 0x73]; sub gs:[rbx + 0x5d], bl; ret > 0x005911e2 : mov rsp, rdi; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret > 0x0059161f : xchg edi, esp; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret > 0x005911e3 : mov esp, edi; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret > 0x0043369f : lea esp, [rsi - 3]; call [rax + 0x50458b48]; lea rsp, [rbp + 0x38]; pop rbx; pop rbp; ret > 0x0064f7bb : push rbp; sub [rbx + rcx*4 + 0x45], al; pop rsp; mov rsi, [rax]; call [rsi + 0x18] > 0x005f22ee : xchg ecx, esp; dec [rax - 0x73]; movsd [rdi], [rsi]; clc ; add [rax], eax; add [rbx + 0x5d], bl; ret > 0x0047656b : leave ; mov eax, ecx; ret