ropshell> use 79d35f7e0c03f572c4f76e065f0f4c06 (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6381
ropshell> suggest
call
    > 0x1800214ee : call rax
    > 0x1800043e1 : call rbx
    > 0x18001f88d : call rdi
    > 0x18008f5c6 : call rsp
    > 0x18008bc0f : call r8
jmp
    > 0x18001c92d : jmp rax
    > 0x180039b07 : jmp rcx
    > 0x180020a6d : jmp rdx
    > 0x1800ac39d : jmp rdi
    > 0x1800d3f4d : jmp rbp
load mem
    > 0x18006d2b0 : movzx eax, [rcx]; ret
    > 0x1800ff3ae : mov rax, [r10 + 0x38]; ret
    > 0x180063466 : mov eax, [rcx + 0x16b0]; ret
    > 0x1800ff3af : mov eax, [rdx + 0x38]; ret
    > 0x180091257 : movzx ecx, [rdx]; sub eax, ecx; ret
load reg
    > 0x180005f44 : pop rax; ret
    > 0x18000137d : pop rbx; ret
    > 0x18008df3f : pop rcx; ret
    > 0x18001ff72 : pop rdx; ret 0x14
    > 0x18000132d : pop rsi; ret
pop pop ret
    > 0x18008b8f8 : pop r11; ret
    > 0x18008b8f6 : pop r10; pop r11; ret
    > 0x18001eaa1 : pop r12; pop rbp; pop rbx; ret
    > 0x180022452 : pop r12; pop rdi; pop rbp; pop rbx; ret
    > 0x180003103 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1800a1238 : add rsp, 0x10; ret
    > 0x1800a1238 : add rsp, 0x10; ret
    > 0x18006d1f7 : add rsp, 0x238; ret
    > 0x18000144b : add rsp, 0x38; ret
    > 0x18007139a : add rsp, 0x438; ret
stack pivoting
    > 0x1800492d6 : xchg eax, esp; ret
    > 0x18003823d : xchg esp, edx; ret 7
    > 0x180022275 : mov rsp, r11; pop r14; ret
    > 0x180022276 : mov esp, ebx; pop r14; ret
    > 0x180110972 : lea rsp, [rbp + 0x10]; pop rbp; ret
syscall
    > 0x18009bfb2 : syscall ; ret
write mem
    > 0x18007e3f7 : add [rbx], edi; ret
    > 0x1800772bd : add [rdi], ecx; ret
    > 0x1800772bc : add [r15], ecx; ret
    > 0x18007041a : add [rax + 1], edi; ret
    > 0x18006d2c6 : add [rbx + 0x27401f8], eax; ret