ropshell> use aeb31909457a3a05613ab5bf72df745f (download)
name         : ntdll.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 6203
ropshell> suggest "load mem"
> 0x18005d560 : movzx eax, [rcx]; ret
> 0x180089a53 : mov rax, [rcx + 0x24]; ret
> 0x180081945 : mov eax, [rcx + 0x16b0]; ret
> 0x1800f1919 : mov eax, [r8 + 0x38]; ret
> 0x18009bd86 : movzx ecx, [rdx]; sub eax, ecx; ret
> 0x180079480 : mov rax, [rdx]; mov [rcx], rax; ret
> 0x180079481 : mov eax, [rdx]; mov [rcx], rax; ret
> 0x1800da31d : mov rbx, [r11 + 0x20]; mov rsp, r11; pop rbp; ret
> 0x180007dda : mov rsi, [r11 + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800031ed : mov rdi, [r11 + 0x20]; mov rsp, r11; pop r14; ret
> 0x180002302 : mov rbp, [r11 + 0x28]; mov rsp, r11; pop rdi; ret
> 0x180010cb8 : mov r14, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x1800d9229 : mov r15, [r11 + 0x28]; mov rsp, r11; pop rbp; ret
> 0x180007ddb : mov esi, [rbx + 0x18]; mov rsp, r11; pop rdi; ret
> 0x1800031ee : mov edi, [rbx + 0x20]; mov rsp, r11; pop r14; ret
> 0x180002303 : mov ebp, [rbx + 0x28]; mov rsp, r11; pop rdi; ret
> 0x18006a3a8 : mov rax, [rdx + 0x30]; mov [rdx + 0x30], rcx; ret
> 0x1800ec37e : mov rax, [r9 + 0x378]; mov [rdx + 0x378], rax; ret
> 0x18006a3a9 : mov eax, [rdx + 0x30]; mov [rdx + 0x30], rcx; ret
> 0x1800ec167 : mov eax, [r9 + 0x194]; mov [rdx + 0x194], eax; ret
> 0x1800ed341 : mov rcx, [r8]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x1800ed342 : mov ecx, [rax]; mov [r11 + 0x4e8], rcx; mov eax, r10d; ret
> 0x1800e964d : mov rcx, [r10 + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x180012059 : mov r12, [r11 + 0x38]; mov rsp, r11; pop r15; pop r14; pop r13; ret
> 0x1800838a5 : mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800aa40f : mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800e964e : mov ecx, [rdx + 0x18]; mov [r9], rcx; mov rax, r11; ret
> 0x1800838a6 : mov esi, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800aa410 : mov edi, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800f18f2 : movzx ecx, [r9]; add r8d, ecx; mov [rdx], r9; mov eax, r8d; ret
> 0x1800abf39 : mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800aa5a3 : mov edx, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800abf3a : mov ebp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800ed545 : mov rcx, [rax]; cmp [rcx + 0x10], rax; cmove rdx, rcx; mov rax, rdx; ret
> 0x1800a9357 : mov edx, [rcx]; mov rcx, [rcx + 8]; mov eax, 1; int 0x2d; int3 ; ret
> 0x18007debf : mov rax, [rbx + 0x20]; mov r8, [rip + 0xe9136]; call r8
> 0x18008b59d : mov rax, [r14 + 8]; mov r8, [rip + 0xdba58]; call r8
> 0x180047f8a : mov rcx, [rax + 0x2b8]; xor eax, eax; mov [r8], rcx; add rsp, 0x38; ret
> 0x180062aee : mov rcx, [rdi + 0x58]; mov r8, [rip + 0x104507]; call r8
> 0x18006ce4e : mov rsi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r14; pop rdi; pop rbp; ret
> 0x18007dec0 : mov eax, [rbx + 0x20]; mov r8, [rip + 0xe9136]; call r8
> 0x18008b59e : mov eax, [rsi + 8]; mov r8, [rip + 0xdba58]; call r8
> 0x1800968c1 : mov ebx, [rax + 0xb]; add [rdi], cl; mov bh, 4; and rax, 2; ret
> 0x180047f8b : mov ecx, [rax + 0x2b8]; xor eax, eax; mov [r8], rcx; add rsp, 0x38; ret
> 0x180062aef : mov ecx, [rdi + 0x58]; mov r8, [rip + 0x104507]; call r8
> 0x1800f2574 : mov rax, [r10 + 0x50]; add r9w, r8w; movzx ecx, r9w; movzx eax, [rax + rcx*2]; ret
> 0x1800838a1 : mov rdi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x180076df1 : mov r8, [rdx + 8]; sub r8, [rcx + 0x18]; xor eax, eax; test r8, r8; sete al; ret
> 0x1800aa40b : mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800aa40c : mov esi, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800838a2 : mov edi, [rbp + 0x40]; mov r14, [rbp + 0x48]; lea rsp, [rbp + 0x20]; pop rbp; ret
> 0x1800abf35 : mov rdx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x1800abf36 : mov edx, [rcx + 0x50]; mov rbp, [rcx + 0x18]; mov rsp, [rcx + 0x10]; jmp rdx
> 0x18006ce4a : mov rbx, [rbp + 0x38]; mov rsi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r14; pop rdi; pop rbp; ret
> 0x18007debb : mov rcx, [rbx + 0x28]; mov rax, [rbx + 0x20]; mov r8, [rip + 0xe9136]; call r8
> 0x18008b599 : mov rcx, [r14 + 0x10]; mov rax, [r14 + 8]; mov r8, [rip + 0xdba58]; call r8
> 0x18006ce4b : mov ebx, [rbp + 0x38]; mov rsi, [rbp + 0x40]; lea rsp, [rbp + 0x10]; pop r14; pop rdi; pop rbp; ret
> 0x18007debc : mov ecx, [rbx + 0x28]; mov rax, [rbx + 0x20]; mov r8, [rip + 0xe9136]; call r8
> 0x18008b59a : mov ecx, [rsi + 0x10]; mov rax, [r14 + 8]; mov r8, [rip + 0xdba58]; call r8
> 0x180064e72 : mov edx, [rdi + 0x10]; mov rcx, rbx; mov rax, r12; mov r10, [rip + 0x10217e]; call r10
> 0x180064e71 : mov edx, [r15 + 0x10]; mov rcx, rbx; mov rax, r12; mov r10, [rip + 0x10217e]; call r10
> 0x1800aa407 : mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x1800ae080 : mov rcx, [rbp + 0x20]; mov rax, [rcx + 8]; mov rax, [rax]; mov rdx, [rip + 0xb8f6e]; call rdx
> 0x1800aa59a : mov r10, [rax + 0x40]; mov [r9 + 0x40], r10; mov r10d, [rax + 0x48]; mov [r9 + 0x48], r10d; mov eax, 3; ret
> 0x1800ae081 : mov ecx, [rbp + 0x20]; mov rax, [rcx + 8]; mov rax, [rax]; mov rdx, [rip + 0xb8f6e]; call rdx
> 0x180062ae2 : mov rax, [rdi + 0x18]; mov rdx, r12; mov rdi, [rsp + 0x20]; mov rcx, [rdi + 0x58]; mov r8, [rip + 0x104507]; call r8
> 0x1800aa403 : mov r12, [rcx + 0x18]; mov r13, [rcx + 0x20]; mov r14, [rcx + 0x28]; mov r15, [rcx + 0x30]; mov rbp, [rcx - 8]; add rsp, 0x138; ret
> 0x180062ae3 : mov eax, [rdi + 0x18]; mov rdx, r12; mov rdi, [rsp + 0x20]; mov rcx, [rdi + 0x58]; mov r8, [rip + 0x104507]; call r8
> 0x1800ae3ef : mov rax, [rbp + 0x58]; lea rax, [rax + rax*4]; lea rcx, [rip + 0x5ab82]; mov rax, [rcx + rax*8 + 0x20]; mov rcx, [rip + 0xb8bf6]; call rcx
> 0x1800ae3f0 : mov eax, [rbp + 0x58]; lea rax, [rax + rax*4]; lea rcx, [rip + 0x5ab82]; mov rax, [rcx + rax*8 + 0x20]; mov rcx, [rip + 0xb8bf6]; call rcx