ropshell> use 1ff0163f62112cb49e9000e0bc8c0e86 (download) name : vuln.exe (x86_64/PE) base address : 0x140001000 total gadgets: 1233
ropshell> suggest call > 0x140001e06 : call rax > 0x14000145a : call rbx > 0x14000e027 : call rdx > 0x14000261c : call rsi > 0x140001b1b : call rdi jmp > 0x140010a94 : jmp rax > 0x14000212c : jmp rcx > 0x140002c95 : jmp rdx > 0x14000212b : jmp r9 > 0x1400121af : push rsp; and al, 8; ret load mem > 0x1400075c2 : movzx ecx, [rdx]; sub eax, ecx; ret > 0x140002858 : mov rcx, [rdx]; mov [rax], rcx; ret > 0x14000b46e : mov eax, [rcx + 0x18]; add rsp, 0x28; ret > 0x14000e8a1 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret > 0x14000b446 : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret load reg > 0x140010a37 : pop rax; ret > 0x14000134b : pop rbx; ret > 0x1400010f1 : pop rsi; ret > 0x1400014e9 : pop rdi; ret > 0x14000167e : pop rbp; ret pop pop ret > 0x1400047d3 : pop r12; ret > 0x1400060ec : pop r12; pop rbp; ret > 0x140004cb3 : pop r12; pop rdi; pop rsi; ret > 0x140004eea : pop r12; pop rdi; pop rsi; pop rbp; ret > 0x1400100f5 : pop r12; pop rdi; pop rsi; pop rbx; pop rbp; ret sp lifting > 0x140001720 : add rsp, 0x18; ret > 0x140001720 : add rsp, 0x18; ret > 0x14000136f : add rsp, 0x28; ret > 0x140001195 : add rsp, 0x38; ret > 0x1400126c2 : add rsp, 0x48; ret stack pivoting > 0x140001a13 : xchg eax, esp; ret > 0x1400097c5 : mov rsp, r11; pop r14; ret > 0x1400097c6 : mov esp, ebx; pop r14; ret > 0x14000e7e4 : lea rsp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret > 0x14000e7e5 : lea esp, [rbp + 0x10]; pop r15; pop r14; pop r13; pop r12; pop rbp; ret write mem > 0x140002baf : adc [rcx], eax; mov rax, r11; ret > 0x140007a97 : adc [rdi + 6], esi; mov eax, 0xd; ret > 0x1400027ae : add [rdi], ecx; sub [rbx + 0x49000001], -0x75; ret > 0x140002bac : adc [rbx], ecx; movups xmm[rcx], xmm0; mov rax, r11; ret > 0x1400027db : add [rdx + 0xf], eax; adc [rcx + rax - 0x10], ecx; mov rax, rcx; ret