ropshell> use c0b86652995f86fa7bf131547f8105c5 (download)
name         : libc.so.6 (x86_64/ELF)
base address : 0x28800
total gadgets: 15755
ropshell> suggest "stack pivoting"
> 0x0005ef5f : mov rsp, rdx; ret
> 0x00047ccf : xchg eax, esp; ret
> 0x0005ef60 : mov esp, edx; ret
> 0x00068abe : lea esp, [rax - 0x7600000a]; ret
> 0x00078543 : mov esp, esi; jmp rdx
> 0x00078731 : mov esp, edi; jmp rdx
> 0x0008cd35 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x00077879 : mov esp, ecx; mov eax, 1; jmp rdx
> 0x0008cd36 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000450f9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x00091604 : mov esp, eax; mov rax, r12; pop r12; pop r13; pop rbp; ret
> 0x00091615 : mov esp, ebp; pop rbx; mov rax, r12; pop r12; pop r13; pop rbp; ret
> 0x0016bdb0 : push rax; pop rsp; lea rsi, [rax + 0x48]; mov rax, [rdi + 8]; jmp [rax + 0x18]
> 0x00093a8f : xchg esp, ecx; add [rax], eax; add [rsi - 1], bh; mov rdi, rbx; call [rax + 0x18]
> 0x000f771a : lea esp, [rsi*8]; mov rsi, r13; mov rdi, [rax + r14*8]; call [r15 + 0x40]
> 0x000862da : xchg ecx, esp; add [rax], al; add [rcx + rcx*4 - 0x16], cl; mov rsi, r12; mov rdi, rbx; call [r14 + 0x38]
> 0x000299d2 : leave ; ret