ropshell> use 35ef4ffc9c6ad7ffd1fd8c16f14dc766 (download) name : libc.so.6 (x86_64/ELF) base address : 0x212d0 total gadgets: 16861
ropshell> suggest "stack pivoting" > 0x00046d0e : xchg eax, esp; ret > 0x0011d2c7 : mov esp, edx; call rbp > 0x0011d8a0 : mov esp, esi; call r15 > 0x000e3038 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret > 0x000e3039 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret > 0x0003ed59 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx > 0x0003ed5a : mov esp, eax; mov rbp, r9; nop ; jmp rdx > 0x0014ecda : lea esp, [rsp + 0x10]; call [rax] > 0x000e091c : push rax; pop rsp; or [rax], al; mov rax, r14; call rax > 0x000431ab : lea esp, [rbx + rax*8 + 8]; nop ; call [rbx] > 0x0014bbcd : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx > 0x000f9197 : xchg esp, edx; sldt [rax]; lea rdi, [rip + 0xb823d]; movsxd rax, [rdi + rax*4]; add rax, rdi; jmp rax > 0x00034d33 : leave ; ret