ropshell> use 1dc9600ec5690505e753df767b96b109 (download)
name         : challenge (x86_64/ELF)
base address : 0x400ff0
total gadgets: 407
ropshell> suggest
call
    > 0x0040239e : call rax
    > 0x00401428 : call rbx
    > 0x00400ff3 : call rcx
    > 0x00401138 : call [rax + rcx*2]
    > 0x0040b569 : call [rbx + 0x48]
jmp
    > 0x00402305 : jmp rax
    > 0x004023a5 : jmp [rsi + 0x2e]
load mem
    > 0x0041016a : mov eax, [rdi + 0x568]; ret
    > 0x00408958 : movzx ebp, [rax]; add rsp, 8; pop rbx; mov eax, ebp; pop rbp; ret
    > 0x00412a08 : mov eax, [rbx]; pxor xmm1, xmm1; pop rbx; cvtsi2ss xmm1, rax; divss xmm0, xmm1; ret
    > 0x00408d46 : movzx ecx, [rsi]; sub edx, ecx; mov [rbx + 0x6e0], edx; add rsp, 8; pop rbx; pop rbp; ret
load reg
    > 0x004010d2 : pop rax; ret
    > 0x004018b9 : pop rbx; ret
    > 0x004029be : pop rsi; ret
    > 0x0040144a : pop rdi; ret
    > 0x00402310 : pop rbp; ret
pop pop ret
    > 0x0040168d : pop r12; ret
    > 0x00402632 : pop r12; pop r13; ret
    > 0x004029b9 : pop r12; pop r13; pop r14; ret
    > 0x00401443 : pop r12; pop r13; pop r14; pop r15; ret
    > 0x0040c75f : pop r12; pop r13; pop r14; pop r15; pop rbp; ret
sp lifting
    > 0x00404cce : add rsp, 0x158; ret
    > 0x00404cce : add rsp, 0x158; ret
stack pivoting
    > 0x00412a0d : leave ; pop rbx; cvtsi2ss xmm1, rax; divss xmm0, xmm1; ret