ropshell> use 75bb692f5cd51ba4143a42fc4948b025 (download) name : readme_revenge (x86_64/ELF) base address : 0x400300 total gadgets: 7758
ropshell> suggest "load reg" > 0x0043364c : pop rax; ret > 0x00400da1 : pop rbx; ret > 0x00435435 : pop rdx; ret > 0x004059d6 : pop rsi; ret > 0x00400525 : pop rdi; ret > 0x00400484 : pop rbp; ret > 0x0040118b : pop rsp; ret > 0x00435434 : pop r10; ret > 0x0040118a : pop r12; ret > 0x00400483 : pop r13; ret > 0x004059d5 : pop r14; ret > 0x00400524 : pop r15; ret > 0x00429602 : pop rcx; jmp [rdx - 0x2f] > 0x0040f60e : pop r8; mov [rdi + 4], eax; ret > 0x0043553c : pop r11; xor eax, eax; pop r12; pop rbp; ret > 0x00414578 : mov rsi, [rsp]; jmp rax > 0x00414579 : mov esi, [rsp]; jmp rax > 0x004898b5 : mov rax, [rsp + 0x10]; add rsp, 0x28; ret > 0x004898b6 : mov eax, [rsp + 0x10]; add rsp, 0x28; ret > 0x0045ed4b : mov edi, [rsp]; call rbp > 0x0048b46e : mov rdi, [rsp + 0x10]; call r14 > 0x0046fc0d : mov r9, [rsp + 0x20]; call r9 > 0x0046fc0e : mov ecx, [rsp + 0x20]; call r9 > 0x00414fbe : mov rdx, [rsp + 8]; add rax, r13; jmp rax > 0x00414fbf : mov edx, [rsp + 8]; add rax, r13; jmp rax > 0x0046f5d6 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax] > 0x00408826 : mov r8, [rsp + 0x10]; mov r9, [rdi + 8]; mov rdi, rbp; call [rbp + 0x18] > 0x0046f5cc : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax] > 0x0046f5cd : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax] > 0x0046f5c7 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]