ropshell> use 43f465780e27467000a85d8dee3d84b7 (download) name : libc.so.6 (x86_64/ELF) base address : 0x22630 total gadgets: 15179
ropshell> suggest "stack pivoting" > 0x0005b4d0 : mov rsp, rdx; ret > 0x000304ea : xchg eax, esp; ret > 0x0005b4d1 : mov esp, edx; ret > 0x0008e194 : mov esp, eax; mov rax, r12; pop r12; ret > 0x000e14a6 : lea rsp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret > 0x000e14a7 : lea esp, [rbp - 0x10]; pop r12; pop r13; pop rbp; ret > 0x00042db7 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx > 0x0008e1a1 : mov esp, ebp; pop rbx; pop rbp; mov rax, r12; pop r12; ret > 0x00073d00 : movsxd rsp, esp; mov rdx, r12; call [r13 + 0x38] > 0x00117bdf : lea rsp, [ebp - 0x18]; mov eax, r12d; pop rbx; pop r12; pop r13; pop rbp; ret > 0x0011942a : mov esp, esi; lcall [rax + 0x4c]; mov eax, esp; pop rdx; pop r12; ret > 0x00075cc3 : lea esp, [rax]; idiv edi; dec [rax - 0x7d]; clc ; dec [rax - 0x77]; ret > 0x001493d5 : mov esp, esp; lea rsi, [rsp + 8]; call [rax] > 0x00044805 : lea esp, [rcx + rax]; mov r13, rax; mov rdi, r12; call rbx > 0x000469a9 : lea esp, [rbx + rax*8 + 8]; nop [rax]; call [rbx] > 0x00146441 : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, r8; mov rax, [rax + 0x18]; jmp rax > 0x000578c8 : leave ; ret