ropshell> use 50135faec9a232afe60f0628a2ba925d (download)
name         : etms (x86_64/ELF)
base address : 0x404ff0
total gadgets: 6941

ropshell> suggest "load reg"
> 0x0046a265 : pop rax; ret
> 0x004a1359 : pop rbx; ret
> 0x00488902 : pop rdx; ret
> 0x004a1948 : pop rsi; ret
> 0x004a11d2 : pop rdi; ret
> 0x00458adf : pop rbp; ret
> 0x004a0c46 : pop rsp; ret
> 0x004a0c45 : pop r12; ret
> 0x004a0e95 : pop r13; ret
> 0x004a1947 : pop r14; ret
> 0x004a11d1 : pop r15; ret
> 0x004a0a42 : mov rax, [rsp + 0x18]; add rsp, 0xd8; ret
> 0x004d5c8f : mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004a0a43 : mov eax, [rsp + 0x18]; add rsp, 0xd8; ret
> 0x004d5c90 : mov edi, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004ae934 : mov rdx, [rsp + 0x30]; call rbp
> 0x004ae935 : mov edx, [rsp + 0x30]; call rbp
> 0x004608f6 : pop r8; mov esi, ebx; mov rdi, rcx; call rax
> 0x004b782e : mov rsi, [rsp + 8]; mov rdi, r14; call r13
> 0x004b78e2 : mov rdi, [rsp + 8]; xor eax, eax; call r14
> 0x004bbfb7 : mov esi, [rsp + 0x10]; mov rdi, r13; call r14
> 0x004d5c8a : mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x00461074 : pop rcx; xor [rax - 0x75], cl; fmul [r8 - 0x75]; pop r8; mov esi, ebx; mov rdi, rcx; call rax
> 0x004d5c85 : mov r13, [rsp + 0x20]; mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004d5c86 : mov ebp, [rsp + 0x20]; mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004a49e8 : mov rcx, [rsp + 0x28]; mov esi, r12d; mov edx, [rsp + 0x20]; mov edi, r13d; call r14
> 0x004a49e9 : mov ecx, [rsp + 0x28]; mov esi, r12d; mov edx, [rsp + 0x20]; mov edi, r13d; call r14
> 0x004d5c80 : mov r12, [rsp + 0x18]; mov r13, [rsp + 0x20]; mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004d5c81 : mov esp, [rsp + 0x18]; mov r13, [rsp + 0x20]; mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret
> 0x004d5c7b : mov rbp, [rsp + 0x10]; mov r12, [rsp + 0x18]; mov r13, [rsp + 0x20]; mov r14, [rsp + 0x28]; mov r15, [rsp + 0x30]; add rsp, 0x38; ret