ropshell> use 72f4e7b940724070bb21c4fc9251dfaa (download)
name         : libpam.so.0.83.1 (x86_64/ELF)
base address : 0x2460
total gadgets: 393
ropshell> suggest
call
    > 0x0000277a : call rax
    > 0x000068e2 : call [rax]
    > 0x00007c9c : call [rbx]
jmp
    > 0x00002484 : jmp rax
    > 0x00002ded : jmp rsi
    > 0x00003b93 : jmp [rcx]
    > 0x00002845 : jmp [rsi + 0x2e]
load mem
    > 0x00002a28 : mov rdx, [rcx + 8]; call rax
    > 0x00002a29 : mov edx, [rcx + 8]; call rax
    > 0x000068de : mov rcx, [rax + 8]; call [rax]
    > 0x000068df : mov ecx, [rax + 8]; call [rax]
    > 0x000066b0 : mov rax, [rdi + 0x58]; mov [rdx], rax; xor eax, eax; add rsp, 8; ret
load reg
    > 0x00002877 : pop rbx; ret
    > 0x0000278d : pop rsi; ret
    > 0x00002c25 : pop rdi; ret
    > 0x00002490 : pop rbp; ret
    > 0x00002650 : pop rsp; ret
pop pop ret
    > 0x0000264f : pop r12; ret
    > 0x0000291c : pop r12; pop r13; ret
    > 0x00002788 : pop r12; pop r13; pop r14; ret
    > 0x00002c1e : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00002c1d : pop rbp; pop r12; pop r13; pop r14; pop r15; ret
sp lifting
    > 0x00006c1f : add rsp, 0x118; ret
    > 0x00006c1f : add rsp, 0x118; ret
stack pivoting
    > 0x00006126 : mov esp, edx; mov edx, esi; mov rbp, rdi; movsxd rax, [rcx + rdx*4]; add rax, rcx; jmp rax
write mem
    > 0x00003fb5 : add [rbp + 0x41], ebx; pop rsp; pop r13; pop r14; ret
    > 0x00002ddb : add [rbx], eax; add [rax], al; lea rdi, [rip + 0x6d62]; movsxd rsi, [rdi + rsi*4]; add rsi, rdi; jmp rsi