ropshell> use 522a2681d9ccad1ed953f8f61f2f42d1 (download)
name         : libc-2.26.so_cc8df6278e095fcc4ca8a98e1f1c69c04db30a4c (x86_64/ELF)
base address : 0x20820
total gadgets: 16500
ropshell> suggest "stack pivoting"
> 0x000285ce : xchg eax, esp; ret
> 0x0010fe47 : mov esp, edx; call rbp
> 0x0003b77f : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x0003b780 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00036ec9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00036eca : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x0010f134 : xchg edi, esp; add [rax], al; add [rax - 0x7d], cl; ret
> 0x000391fa : lea esp, [rsi + rbx]; mov rdi, r12; call r15
> 0x0013e5bd : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x000cb9ab : mov esp, esp; xor [rax], al; mov [rdx], eax; xor edx, edx; add rsp, 8; mov rax, rdx; ret
> 0x000c7eb5 : mov esp, esi; and r12, rbp; and r12d, 1; add r12, rax; mov [rsp + 0xa8], r12; call r15
> 0x0014d7ef : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x0005dce5 : lea esp, [rax + 0x44fffff6]; mov [rbp - 0x954], al; mov rsi, r15; mov [rbp - 0x950], r11d; mov rdi, [rbp - 0x8d0]; call rax
> 0x001480b4 : xchg esp, edx; add [rax], al; add [rbx + 0x48102444], cl; lea edx, [rip + 0x5b29c]; movsxd rax, [rdx + rax*4]; add rax, rdx; jmp rax
> 0x0004cb43 : leave ; ret