ropshell> use b45cd437b8cf1335baff2f4508f4cde1 (download)
name         : babywin_level3.exe (x86_64/PE)
base address : 0x140001000
total gadgets: 5125

ropshell> suggest
call
    > 0x1400084e4 : call rax
    > 0x1400789ec : call rbx
    > 0x140066460 : call rdx
    > 0x140008bbf : call r8
    > 0x14006d3bf : call [rax]
jmp
    > 0x14001ac8b : jmp rax
    > 0x14001b6b3 : jmp rbx
    > 0x14001b48c : jmp rcx
    > 0x1400090e5 : jmp rdx
    > 0x140009d35 : jmp rsi
load mem
    > 0x14000845c : mov rax, [rcx]; ret
    > 0x14000845d : mov eax, [rcx]; ret
    > 0x140009474 : mov rax, [rcx + 0x10]; ret
    > 0x140009475 : mov eax, [rcx + 0x10]; ret
    > 0x14001a8f8 : mov eax, [rdx + 4]; ret
load reg
    > 0x14006ecb5 : pop rax; ret
    > 0x14000768d : pop rbx; ret
    > 0x1400077fa : pop rcx; ret
    > 0x140009f2b : pop rsi; ret
    > 0x140007869 : pop rdi; ret
pop pop ret
    > 0x1400153b6 : pop r12; ret
    > 0x14000e2cd : pop r12; pop rbp; ret
    > 0x140025a37 : pop r12; pop rdi; pop rbp; ret
    > 0x14000bf69 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x14005ce04 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x140078539 : add rsp, 0x10; ret
    > 0x140078539 : add rsp, 0x10; ret
    > 0x1400076d3 : add rsp, 0x28; ret
    > 0x14000738d : add rsp, 0x38; ret
    > 0x1400075bf : add rsp, 0x48; ret
stack pivoting
    > 0x140011449 : xchg eax, esp; ret
    > 0x140014a83 : mov rsp, r11; pop r14; ret
    > 0x140014a84 : mov esp, ebx; pop r14; ret
    > 0x14006e360 : lea rsp, [rbp + 0x10]; pop rbp; ret
    > 0x14006e361 : lea esp, [rbp + 0x10]; pop rbp; ret
write mem
    > 0x14001c6ba : adc [rcx], eax; ret
    > 0x140023279 : adc [rdx], eax; ret
    > 0x140019447 : adc [rcx + 0x18], eax; ret
    > 0x1400197a8 : adc [rdx + 0x20], eax; ret
    > 0x14001972c : adc [rdx + 0x10], ecx; ret