ropshell> use 476ae25c77b802a39fb335a615564143 (download)
name         : libc-2.28.so (i386/ELF)
base address : 0x190e0
total gadgets: 17665

ropshell> suggest "stack pivoting"
> 0x0001b299 : xchg eax, esp; ret
> 0x0002efad : mov esp, ecx; jmp edx
> 0x00042a48 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x000d0765 : mov esp, esi; inc [ebx + 0x5e5b1cc4]; pop edi; pop ebp; ret
> 0x0011b2c1 : xchg esp, edx; mov bl, 0xfa; call [eax - 0x73]
> 0x000c25c7 : lea esp, [esi + edi*8 - 1]; jmp [ebp - 0x75]
> 0x0011a238 : mov esp, esp; sub al, 0; add [edx], al; add esp, 8; pop ebx; ret
> 0x0004c981 : lea esp, [ebx + edi*8 - 1]; call [eax - 0x77]
> 0x000c8ecf : lea esp, [edi + edx*8 - 1]; call [edi - 0x73]
> 0x00054449 : lea esp, [eax]; idiv edi; inc esi; test [edi], esi; idiv edi; jmp [eax]
> 0x00026e93 : xchg esp, eax; add ss:[eax], al; push ecx; ror eax, 9; xor eax, gs:[0x18]; call eax
> 0x00059132 : lea esp, [edx + edi*8 - 1]; inc [ebp - 0x6d7bf037]; add [eax], al; add [ebx - 0x5a343], al; call [eax]
> 0x0010a948 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x00107c42 : leave ; ret