ropshell> use 10d17f21b7a9c89374106b43be117dcf (download)
name         : cave-pwn (x86_64/ELF)
base address : 0x4011c0
total gadgets: 7726

ropshell> suggest
call
    > 0x00401cf8 : call rax
    > 0x0041453f : call rbx
    > 0x00453e96 : call rcx
    > 0x0041aaaf : call rdx
    > 0x0045714a : call rsi
jmp
    > 0x0041ec62 : push rsp; ret
    > 0x004016ec : jmp rax
    > 0x00484c0b : jmp rbx
    > 0x0040c767 : jmp rcx
    > 0x00403ef6 : jmp rdx
load mem
    > 0x00480972 : mov eax, [rcx]; ret
    > 0x00419d94 : mov rax, [rdi + 0x68]; ret
    > 0x00419d95 : mov eax, [rdi + 0x68]; ret
    > 0x00424623 : movzx eax, [rdi]; sub eax, ecx; ret
    > 0x0042b0f8 : movzx ecx, [rsi]; sub eax, ecx; ret
load reg
    > 0x0044ff07 : pop rax; ret
    > 0x004019a0 : pop rbx; ret
    > 0x00409fde : pop rsi; ret
    > 0x00401f6f : pop rdi; ret
    > 0x00401771 : pop rbp; ret
pop pop ret
    > 0x004023cd : pop r12; ret
    > 0x0040ba7e : pop r12; pop r13; ret
    > 0x00409fd9 : pop r12; pop r13; pop r14; ret
    > 0x00401f68 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x00404a4d : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x004517db : add rsp, 0x1018; ret
    > 0x004517db : add rsp, 0x1018; ret
    > 0x0044f2ad : add rsp, 0x28; ret
    > 0x00484cf4 : add rsp, 0x30; ret
    > 0x0044ff04 : add rsp, 0x58; ret
stack pivoting
    > 0x00401947 : xchg eax, esp; ret
    > 0x00493999 : mov rsp, rcx; pop rcx; jmp rcx
    > 0x0049399a : mov esp, ecx; pop rcx; jmp rcx
    > 0x00484ced : mov rsp, rbx; mov rbx, [rsp]; add rsp, 0x30; ret
    > 0x0046419b : mov rsp, r8; mov rbp, r9; nop ; jmp rdx
syscall
    > 0x0041a9e6 : syscall ; ret
write mem
    > 0x00472518 : adc [rax], ecx; ret
    > 0x00445f0c : adc [rcx], eax; ret
    > 0x00447332 : adc [rdi], eax; ret
    > 0x0047a53e : adc [rbx], eax; pop rbx; ret
    > 0x0046b837 : adc [rax + 0x39], ecx; ret