ropshell> use 1c600d7b58a2e9bf6e2c37d6274180c3 (download) name : kernel32.dll (x86_64/PE) base address : 0x180001000 total gadgets: 2763
ropshell> suggest "load reg" > 0x18000a5c2 : pop rax; ret > 0x180001398 : pop rbx; ret > 0x1800090ed : pop rsi; ret > 0x1800011a4 : pop rdi; ret > 0x180002cc3 : pop rbp; ret > 0x180012488 : pop rsp; ret > 0x180012487 : pop r12; ret > 0x180006e8f : pop r13; ret > 0x1800090ec : pop r14; ret > 0x18000f6cc : pop r15; ret > 0x18001bde9 : mov rax, [rsp + 8]; ret > 0x18000b245 : mov rbx, [rsp + 8]; ret > 0x18007a504 : mov rdi, [rsp + 0x10]; ret > 0x18001bdea : mov eax, [rsp + 8]; ret > 0x18000b246 : mov ebx, [rsp + 8]; ret > 0x18007a505 : mov edi, [rsp + 0x10]; ret > 0x18000b810 : pop rcx; add al, [rax]; mov eax, 1; ret > 0x18002e7fa : pop rdx; std ; jmp [rsi - 0x7b] > 0x180028c72 : mov rsi, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret > 0x180028c73 : mov esi, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret > 0x180009c8d : movzx edx, [rsp + 0x68]; mov [rcx], edx; add rsp, 0x48; ret > 0x180026d07 : mov rbp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; mov [r9], r8d; ret > 0x18000903c : movzx ecx, [rsp + 0x60]; mov [rax], ecx; xor eax, eax; add rsp, 0x48; ret > 0x180026d08 : mov ebp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; mov [r9], r8d; ret > 0x180060d43 : mov rcx, [rsp + 0x30]; call [rip + 0x24c31]; nop [rax + rax]; add rsp, 0x28; ret