ropshell> use ee570d67dee756672c70a13e2e2099dd (download)
name         : poc-64 (x86_64/ELF)
base address : 0x4003b0
total gadgets: 7845
ropshell> suggest "load reg"
> 0x0043318c : pop rax; ret
> 0x00400f25 : pop rbx; ret
> 0x00434df5 : pop rdx; ret
> 0x004016c7 : pop rsi; ret
> 0x004005c5 : pop rdi; ret
> 0x00400a20 : pop rbp; ret
> 0x00400523 : pop rsp; ret
> 0x00434df4 : pop r10; ret
> 0x00400522 : pop r12; ret
> 0x00401b5d : pop r13; ret
> 0x004016c6 : pop r14; ret
> 0x004005c4 : pop r15; ret
> 0x00428e22 : pop rcx; jmp [rdx - 0x2f]
> 0x00413a10 : mov rsi, [rsp]; jmp rax
> 0x00413a11 : mov esi, [rsp]; jmp rax
> 0x00486eb5 : mov rax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x00486eb6 : mov eax, [rsp + 0x10]; add rsp, 0x28; ret
> 0x00406874 : mov edi, [rsp]; call r13
> 0x0040f11e : pop r8; or eax, 1; mov [rdi + 4], eax; ret
> 0x00440de2 : mov rdi, [rsp + 0x10]; call rbp
> 0x0046667c : mov r9, [rsp + 0x20]; call r9
> 0x0046667d : mov ecx, [rsp + 0x20]; call r9
> 0x00486a79 : mov edx, [rsp]; mov edi, 1; call rax
> 0x00466066 : mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00406975 : mov rdx, [rsp]; mov rsi, r14; mov rdi, r12; call r13
> 0x0046605c : mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x0046605d : mov ebx, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]
> 0x00466057 : mov r10, [rsp + 0x28]; mov r11, [rsp + 0x30]; mov rdx, [rsp + 0x38]; mov rcx, [rsp + 0x40]; add rsp, 0x48; jmp [rax]