ropshell> use 5df2776aef2f96833554ac27952742ad (download)
name         : ch75_bis.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 1177
ropshell> suggest
call
    > 0x14000271e : call rax
    > 0x140001797 : call rbx
    > 0x14000d476 : call rdx
    > 0x140002d00 : call rsi
    > 0x140001e27 : call rdi
jmp
    > 0x140010134 : jmp rax
    > 0x140002125 : jmp rcx
    > 0x14000261b : jmp r9
    > 0x140011da3 : push rsp; and al, 8; ret
    > 0x140012651 : jmp [rbx]
load mem
    > 0x14000ca2e : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x140002178 : mov rcx, [rdx]; mov [rax], rcx; ret
    > 0x14000a4b2 : mov eax, [rcx + 0x18]; add rsp, 0x28; ret
    > 0x14000e0cd : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
    > 0x14000a48a : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
load reg
    > 0x1400100d5 : pop rax; ret
    > 0x14000167b : pop rbx; ret
    > 0x140002f65 : pop rsi; ret
    > 0x140001255 : pop rdi; ret
    > 0x140001990 : pop rbp; ret
pop pop ret
    > 0x1400045d6 : pop r12; ret
    > 0x14000cbbd : pop r12; pop rbp; ret
    > 0x14000700b : pop r12; pop rdi; pop rsi; ret
    > 0x140005e1f : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x14000608a : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1400010c9 : add rsp, 0x18; ret
    > 0x1400010c9 : add rsp, 0x18; ret
    > 0x14000169f : add rsp, 0x28; ret
    > 0x140001199 : add rsp, 0x38; ret
    > 0x1400122c2 : add rsp, 0x48; ret
stack pivoting
    > 0x140001d1c : xchg eax, esp; ret
    > 0x140008733 : mov rsp, r11; pop r14; ret
    > 0x140008734 : mov esp, ebx; pop r14; ret
    > 0x14000e00d : lea rsp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
    > 0x14000e00e : lea esp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret
write mem
    > 0x1400024bf : adc [rcx], eax; mov rax, r11; ret
    > 0x14000be3d : add [rcx + 0xf], eax; xchg eax, esi; ret
    > 0x140007b83 : adc [rdi + 6], esi; mov eax, 0xd; ret
    > 0x1400020ce : add [rdi], ecx; sub [rbx + 0x49000001], -0x75; ret
    > 0x1400024bc : adc [rbx], ecx; movups xmm[rcx], xmm0; mov rax, r11; ret