ropshell> use c5ad2e079913ee2159f22ba3407ced8a (download)
name         : libc-2.24.so (i386/RAW)
base address : 0x0
total gadgets: 29470

ropshell> suggest "stack pivoting"
> 0x00018b07 : xchg eax, esp; ret
> 0x0002bbfd : mov esp, ecx; jmp edx
> 0x0019549d : xchg esp, esi; jmp [ebp]
> 0x0003e857 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x000ccaac : xchg esp, eax; idiv dl; call [eax - 0x73]
> 0x0003448a : xchg esp, ebx; fdivr st(2); call [eax - 0x18]
> 0x0004133a : xchg esp, ecx; fsqrt ; call [eax - 0x18]
> 0x000ce618 : xchg esp, edx; idiv edx; call [eax - 0x18]
> 0x00042165 : xchg esp, edi; fsqrt ; call [eax - 0x18]
> 0x0005dc4f : lea esp, [edi + 9]; add [ebp - 0x37760b9b], cl; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x00171691 : push ecx; add [eax], al; pop esp; shr ebx, 1; jmp [ecx]
> 0x000662d6 : push ebp; or [ebx - 0x3b7eef3c], al; pop esp; add [eax], eax; add [ecx + 0x5f5e5bf8], cl; pop ebp; ret
> 0x0002eb1c : xchg esp, esp; add ss:[eax], al; mov [esp + 0xc], eax; push 0; push ecx; call edx
> 0x0002eb1c : xchg esp, esp; add ss:[eax], al; mov [esp + 0xc], eax; push 0; push ecx; call edx
> 0x0004f3ed : lea esp, [edx + edi*8 - 0x49f00001]; ror [ebx + 0x3d3c81b4], -6; inc [ecx]; into ; jmp esi
> 0x000f7db5 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x00037708 : leave ; ret