ropshell> use 79d35f7e0c03f572c4f76e065f0f4c06 (download) name : ntdll.dll (x86_64/PE) base address : 0x180001000 total gadgets: 6381
ropshell> suggest call > 0x1800214ee : call rax > 0x1800043e1 : call rbx > 0x18001f88d : call rdi > 0x18008f5c6 : call rsp > 0x18008bc0f : call r8 jmp > 0x18001c92d : jmp rax > 0x180039b07 : jmp rcx > 0x180020a6d : jmp rdx > 0x1800ac39d : jmp rdi > 0x1800d3f4d : jmp rbp load mem > 0x18006d2b0 : movzx eax, [rcx]; ret > 0x1800ff3ae : mov rax, [r10 + 0x38]; ret > 0x180063466 : mov eax, [rcx + 0x16b0]; ret > 0x1800ff3af : mov eax, [rdx + 0x38]; ret > 0x180091257 : movzx ecx, [rdx]; sub eax, ecx; ret load reg > 0x180005f44 : pop rax; ret > 0x18000137d : pop rbx; ret > 0x18008df3f : pop rcx; ret > 0x18001ff72 : pop rdx; ret 0x14 > 0x18000132d : pop rsi; ret pop pop ret > 0x18008b8f8 : pop r11; ret > 0x18008b8f6 : pop r10; pop r11; ret > 0x18001eaa1 : pop r12; pop rbp; pop rbx; ret > 0x180022452 : pop r12; pop rdi; pop rbp; pop rbx; ret > 0x180003103 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret sp lifting > 0x1800a1238 : add rsp, 0x10; ret > 0x1800a1238 : add rsp, 0x10; ret > 0x18006d1f7 : add rsp, 0x238; ret > 0x18000144b : add rsp, 0x38; ret > 0x18007139a : add rsp, 0x438; ret stack pivoting > 0x1800492d6 : xchg eax, esp; ret > 0x18003823d : xchg esp, edx; ret 7 > 0x180022275 : mov rsp, r11; pop r14; ret > 0x180022276 : mov esp, ebx; pop r14; ret > 0x180110972 : lea rsp, [rbp + 0x10]; pop rbp; ret syscall > 0x18009bfb2 : syscall ; ret write mem > 0x18007e3f7 : add [rbx], edi; ret > 0x1800772bd : add [rdi], ecx; ret > 0x1800772bc : add [r15], ecx; ret > 0x18007041a : add [rax + 1], edi; ret > 0x18006d2c6 : add [rbx + 0x27401f8], eax; ret