ropshell> use 911ddf2e16761643a47225f654d811e5 (download) name : ntdll.dll (i386/PE) base address : 0x7c901000 total gadgets: 6968
ropshell> suggest "write mem" > 0x7c91bb9b : add [edx], eax; pop ebp; ret > 0x7c939b13 : adc [eax + 0xc1d8036b], edx; ret > 0x7c939a20 : adc [ebx + 0x33f703c7], ecx; ret > 0x7c9746c7 : add [esi + 0xffffff8a], ebx; ret > 0x7c957792 : add [edi + 0xffffffc9], ebx; ret 8 > 0x7c922037 : add [ebp + 0x8350f845], ecx; ret > 0x7c9695e4 : add [eax + 0x1c], ecx; pop ebp; ret 8 > 0x7c923281 : add [esi], ebx; pop esi; pop ebx; pop ebp; ret 0x10 > 0x7c95ced4 : add [eax + 0x8000001a], edi; pop esi; pop ebp; ret 0xc > 0x7c92060c : add [ebx], esi; rcr [edi + 0x5e], 0x5d; ret 0xc > 0x7c91866a : add [ecx], eax; xor eax, eax; pop edi; pop ebp; ret 8 > 0x7c95f87e : add [esi], edi; xor eax, eax; pop edi; pop esi; pop ebp; ret 8 > 0x7c915e06 : add [edi], ecx; test edx, esi; push 0; add dh, dh; ret > 0x7c968cd1 : add [eax + 0x3202eb01], esi; rcr [edi + 0x5e], 0x5d; ret 8 > 0x7c90fec1 : add [ebx + 0x896602c0], eax; inc ecx; add cl, [ecx + 0xc0330471]; pop esi; pop ebp; ret 8 > 0x7c91ec08 : add [ecx + 0xc], eax; mov esi, [ecx + 8]; mov [ecx + esi*4 + 0x10], edx; inc [ecx + 8]; pop esi; pop ebp; ret 0xc