ropshell> use a1c79d11f2b070b114fee3fe6ff7b8fd (download)
name         : text (x86_64/RAW)
base address : 0x0
total gadgets: 27088
ropshell> suggest "stack pivoting"
> 0x00021771 : xchg eax, esp; ret
> 0x001e8ab0 : movsxd rsp, ecx; dec [rax - 0x7d]; ret
> 0x001e39c4 : xchg ecx, esp; dec [rax - 0x7d]; ret
> 0x001e3684 : mov esp, ecx; dec [rax - 0x7d]; ret
> 0x001d18bd : xchg edx, esp; inc [rbx + 0x5b01f043]; ret
> 0x001b5bc4 : xchg esp, esp; jmp [rsi + 0xf]
> 0x001b5bc4 : xchg esp, esp; jmp [rsi + 0xf]
> 0x001334fb : mov esp, ebp; jmp [rsi - 0x70]
> 0x001b8070 : movsxd rsp, esp; inc [rbx - 0x398afe40]; pop rbx; pop rbp; pop r12; ret
> 0x0028bdc1 : lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0028809d : xchg ebx, esp; xlatb ; jmp [rsi + 0x66]
> 0x002c481e : lea esp, [rax + rbp]; call rbp
> 0x0028bdc2 : lea esp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0013c3ca : xchg esp, edi; add [rax], al; add [rax - 0x7d], cl; ret
> 0x001f2348 : mov esp, eax; inc [rcx - 0x7d]; std ; add ecx, [rax - 0x77]; ret
> 0x001ba608 : lea esp, [rbx - 0x58]; mov rsi, r12; call rax
> 0x0001771d : lea esp, [rsi - 0x70]; add rdx, 7; mov rax, rdx; pop rbx; ret
> 0x002062e1 : push rbp; add [rax - 0x3b7cb7e8], cl; adc [rcx + 0x415d5bd8], cl; pop rsp; ret
> 0x0005c0c8 : mov esp, edi; mov edi, 0x1000; call [rax]
> 0x00290ddf : lea esp, [rsp + 0x20]; mov rdi, r12; call rax
> 0x001be478 : movsxd rsp, eax; push rsp; add [rcx], dh; shr al, 0x2d; jmp rbx
> 0x0026b030 : mov esp, esi; movsxd rax, [rdx + rax*4]; add rdx, rax; jmp rdx
> 0x001b8b67 : mov esp, esp; mov rax, [rdi + 0x48]; call [rax + 0x10]
> 0x002062dd : push rax; add [rax - 0x77], ecx; push rbp; add [rax - 0x3b7cb7e8], cl; adc [rcx + 0x415d5bd8], cl; pop rsp; ret
> 0x0013eb6b : lea esp, [rdi + 0x18]; mov rdi, rbp; mov [rsp + 0x20], rax; call [rbx]
> 0x00018d13 : xchg ebp, esp; sbb [rax], al; add [rdi], cl; mov dh, 3; movsxd rax, [r13 + rax*4]; add rax, r13; jmp rax
> 0x0003f740 : xchg esp, esi; add [rax], al; movzx esi, cl; lea rcx, [rip + 0x3b7945]; movsxd rsi, [rcx + rsi*4]; add rcx, rsi; jmp rcx
> 0x002addd6 : mov esp, edx; movzx edx, [rsi + 8]; lea rax, [rip + 0x49ccc9]; mov rbp, rdi; movsxd rdx, [rax + rdx*4]; add rax, rdx; jmp rax
> 0x0011e0d3 : leave ; ret