ropshell> use 6e572f16276e144e5fe337ecbb804908 (download)
name         : comctl32.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2330

ropshell> suggest
call
    > 0x18008233e : call rax
    > 0x180052c15 : call rcx
    > 0x180081399 : call rdx
    > 0x18002b381 : call rbp
    > 0x180082458 : call r8
jmp
    > 0x18000b926 : jmp rax
    > 0x180018540 : jmp rcx
    > 0x18005fff1 : jmp rsp
    > 0x18008ab1c : push rsp; add eax, edi; ret
    > 0x1800162e7 : jmp [rax]
load mem
    > 0x18006b749 : mov eax, [rcx + 0x84]; ret
    > 0x18007a902 : mov eax, [r8]; xor eax, [r8 + 4]; ret
    > 0x180083d02 : mov rax, [rcx + 0x158];  inc [rax + 0x160]; ret
    > 0x180005ecf : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
    > 0x18006f45f : mov rdi, [r11 + 0x18]; mov rsp, r11; pop rbp; ret
load reg
    > 0x180004657 : pop rax; ret
    > 0x1800012ad : pop rbx; ret
    > 0x18000284c : pop rsi; ret
    > 0x180001d2e : pop rdi; ret
    > 0x180001c55 : pop rbp; ret
pop pop ret
    > 0x180002d96 : pop r12; ret
    > 0x18000aa9a : pop r12; pop rbp; ret
    > 0x180016359 : pop r12; pop rdi; pop rbp; ret
    > 0x1800024b4 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x180002107 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x18008aaa8 : add rsp, 0x10; ret
    > 0x18008aaa8 : add rsp, 0x10; ret
    > 0x180005476 : add rsp, 0x238; ret
    > 0x18000669f : add rsp, 0x38; ret
    > 0x180005cba : add rsp, 0x48; ret
stack pivoting
    > 0x18005e27a : push rax; pop rsp; ret
    > 0x180012942 : xchg eax, esp; ret
    > 0x180016b43 : mov rsp, r11; pop r14; ret
    > 0x180016b44 : mov esp, ebx; pop r14; ret
    > 0x180089b0d : lea rsp, [rbp + 0x70]; pop r15; pop r14; pop rbp; ret
write mem
    > 0x18008afc8 : adc [rdx], eax; ret
    > 0x18008afe2 : adc [rcx + 0x10], eax; ret
    > 0x18007d36c : add [rbp + 0x3b], eax; ret
    > 0x18007a266 : add [r8], eax; add rsp, 0x38; ret
    > 0x18008ac63 : adc [rbx], ecx; movaps xmm[rcx - 0x10], xmm0; ret