ropshell> use 1c600d7b58a2e9bf6e2c37d6274180c3 (download)
name         : kernel32.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2763

ropshell> suggest
call
    > 0x18003272d : call rax
    > 0x180035db1 : call rcx
    > 0x180046b07 : call [rax]
    > 0x18000c5de : call [rsi]
jmp
    > 0x18003a0f0 : push rsp; ret
    > 0x180025bff : jmp rax
    > 0x1800019e7 : jmp rcx
    > 0x180002931 : jmp rdi
    > 0x18000fbcb : jmp [rax]
load mem
    > 0x1800217a0 : mov eax, [rcx + 0x10]; ret
    > 0x18000ccf8 : mov rcx, [rdx]; sub eax, ecx; ret
    > 0x18000ccf9 : mov ecx, [rdx]; sub eax, ecx; ret
    > 0x18001c4c3 : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
    > 0x18001893d : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
load reg
    > 0x18000a5c2 : pop rax; ret
    > 0x180001398 : pop rbx; ret
    > 0x1800090ed : pop rsi; ret
    > 0x1800011a4 : pop rdi; ret
    > 0x180002cc3 : pop rbp; ret
pop pop ret
    > 0x180012487 : pop r12; ret
    > 0x18000d239 : pop r12; pop rbp; ret
    > 0x180007398 : pop r12; pop rdi; pop rbp; ret
    > 0x18006cac0 : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x180003fac : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800297a7 : add rsp, 0x118; ret
    > 0x1800297a7 : add rsp, 0x118; ret
    > 0x1800071e5 : add rsp, 0x28; ret
    > 0x180007644 : add rsp, 0x38; ret
    > 0x18000104d : add rsp, 0x48; ret
stack pivoting
    > 0x180021c2a : xchg eax, esp; ret
    > 0x180013403 : mov rsp, r11; pop r14; ret
    > 0x180013404 : mov esp, ebx; pop r14; ret
    > 0x1800583c2 : push rbx; add cl, [rax - 0x75]; pop rsp; and al, 8; ret
    > 0x1800347d3 : push rcx; sub cl, ch; pop rsp; adc dh, bh; jmp [rbp + 0x48]
syscall
    > 0x180029094 : int 0x80; adc al, 0; add [rbp + 0x2e], dh; ret
write mem
    > 0x180026c67 : add [rbx], edi; ret
    > 0x18006cc1c : add [rax + 0xf], ecx; ret
    > 0x18007e436 : add [rax + 1], edi; ret
    > 0x1800075e8 : adc [rcx + 0x20], eax; ret
    > 0x18006cc1b : add [r8 + 0xf], ecx; ret