ropshell> use d443f227870b9c29182cc7a7a007d881 (download)
name         : libc-2.23-2.so (x86_64/ELF)
base address : 0x1f8b0
total gadgets: 19488
ropshell> suggest "stack pivoting"
> 0x0004723e : xchg eax, esp; ret
> 0x000398b1 : lea rsp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000398b2 : lea esp, [rbp - 0x10]; pop rbx; pop r12; pop rbp; ret
> 0x000352d9 : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
> 0x000352da : mov esp, eax; mov rbp, r9; nop ; jmp rdx
> 0x00101f74 : mov esp, edx; mov rbp, rax; call rax
> 0x001017ec : xchg edi, esp; add [rax], al; add [rax - 0x7d], cl; ret
> 0x0006d0cd : mov rsp, rbx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x0006d0ce : mov esp, ebx; lea rsp, [rbp - 0x18]; pop rbx; pop r12; pop r13; pop rbp; ret
> 0x000e11d5 : mov esp, esi; mov [rsp + 0x40], rdi; add rax, rdx; jmp rax
> 0x000372f3 : lea esp, [rsi + rax]; mov rbx, rax; mov rdi, r12; call r15
> 0x0012af9d : push rdi; pop rsp; lea rsi, [rdi + 0x48]; mov rdi, rax; mov rcx, [rcx + 0x18]; jmp rcx
> 0x0013927f : lea esp, [rbx + 0x10]; mov [rbx + 0x10], 0; mov rdi, r12; call [rax + 0x28]
> 0x00134a1c : lea esp, [rax - 1]; mov rax, [rbx + 0x70]; mov [rbx + 0x48], r12d; bswap r12d; call [rax + 0x18]
> 0x00042341 : leave ; ret