ropshell> use d7c7e50f2d5d32b260ed380c475fc37f (download) name : ntdll.dll (i386/PE) base address : 0x4b281000 total gadgets: 12633
ropshell> suggest call > 0x4b29fb06 : call eax > 0x4b2a6397 : call ebx > 0x4b2b07ed : call ecx > 0x4b2a125e : call edx > 0x4b2a6672 : call esi jmp > 0x4b29b2b8 : push esp; ret > 0x4b2a20dd : jmp eax > 0x4b297c24 : jmp ebx > 0x4b2ea5bd : jmp ecx > 0x4b3198ad : jmp edx load mem > 0x4b29ed35 : mov edx, [ebx]; ret > 0x4b29b6c0 : mov ebp, [eax]; ret > 0x4b2f9c64 : mov eax, [edx + 4]; ret > 0x4b366e09 : mov eax, [esi + 0x20]; pop esi; ret > 0x4b2f57bd : mov eax, [ebp + 0x10]; pop ebp; ret load reg > 0x4b2ec4d2 : pop eax; ret > 0x4b2a7df8 : pop ebx; ret > 0x4b29d281 : pop ecx; ret > 0x4b29dc29 : pop edx; ret > 0x4b2a824d : pop esi; ret pop pop ret > 0x4b2ec4d2 : pop eax; ret > 0x4b2f6892 : pop eax; pop ebp; ret > 0x4b2fe722 : pop eax; pop esi; pop ebp; ret > 0x4b2f682c : pop eax; pop edi; pop esi; pop ebp; ret > 0x4b2fee7f : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret sp lifting > 0x4b2f4927 : add esp, 0x14; ret > 0x4b2f4927 : add esp, 0x14; ret stack pivoting > 0x4b2cd8f8 : xchg eax, esp; ret > 0x4b2ac768 : mov esp, ebx; pop ebx; ret > 0x4b2a66b1 : mov esp, ebp; pop ebp; ret > 0x4b2b9877 : lea esp, [eax - 0x74000003]; ret > 0x4b3070a8 : lea esp, [esp + 0x80]; pop ecx; ret write mem > 0x4b2a86bd : add [ebx], eax; ret > 0x4b3199a6 : add [ebx], esi; ret > 0x4b2e596d : add [ebx], edi; ret > 0x4b2ad3a4 : add [ecx], eax; pop edi; ret > 0x4b29e135 : adc [edx], ebp; lahf ; ret