ropshell> use d7c7e50f2d5d32b260ed380c475fc37f (download)
name         : ntdll.dll (i386/PE)
base address : 0x4b281000
total gadgets: 12633
ropshell> suggest
call
    > 0x4b29fb06 : call eax
    > 0x4b2a6397 : call ebx
    > 0x4b2b07ed : call ecx
    > 0x4b2a125e : call edx
    > 0x4b2a6672 : call esi
jmp
    > 0x4b29b2b8 : push esp; ret
    > 0x4b2a20dd : jmp eax
    > 0x4b297c24 : jmp ebx
    > 0x4b2ea5bd : jmp ecx
    > 0x4b3198ad : jmp edx
load mem
    > 0x4b29ed35 : mov edx, [ebx]; ret
    > 0x4b29b6c0 : mov ebp, [eax]; ret
    > 0x4b2f9c64 : mov eax, [edx + 4]; ret
    > 0x4b366e09 : mov eax, [esi + 0x20]; pop esi; ret
    > 0x4b2f57bd : mov eax, [ebp + 0x10]; pop ebp; ret
load reg
    > 0x4b2ec4d2 : pop eax; ret
    > 0x4b2a7df8 : pop ebx; ret
    > 0x4b29d281 : pop ecx; ret
    > 0x4b29dc29 : pop edx; ret
    > 0x4b2a824d : pop esi; ret
pop pop ret
    > 0x4b2ec4d2 : pop eax; ret
    > 0x4b2f6892 : pop eax; pop ebp; ret
    > 0x4b2fe722 : pop eax; pop esi; pop ebp; ret
    > 0x4b2f682c : pop eax; pop edi; pop esi; pop ebp; ret
    > 0x4b2fee7f : pop eax; pop edi; pop esi; pop ebx; pop ebp; ret
sp lifting
    > 0x4b2f4927 : add esp, 0x14; ret
    > 0x4b2f4927 : add esp, 0x14; ret
stack pivoting
    > 0x4b2cd8f8 : xchg eax, esp; ret
    > 0x4b2ac768 : mov esp, ebx; pop ebx; ret
    > 0x4b2a66b1 : mov esp, ebp; pop ebp; ret
    > 0x4b2b9877 : lea esp, [eax - 0x74000003]; ret
    > 0x4b3070a8 : lea esp, [esp + 0x80]; pop ecx; ret
write mem
    > 0x4b2a86bd : add [ebx], eax; ret
    > 0x4b3199a6 : add [ebx], esi; ret
    > 0x4b2e596d : add [ebx], edi; ret
    > 0x4b2ad3a4 : add [ecx], eax; pop edi; ret
    > 0x4b29e135 : adc [edx], ebp; lahf ; ret