ropshell> use ddfdc0ca6fbb9372402f9e6cb0ed1097 (download) name : ntdll.dll (x86_64/PE) base address : 0x78e51000 total gadgets: 12000
ropshell> suggest call > 0x78e64121 : call rax > 0x78e9ad81 : call rbx > 0x78e92e9e : call rcx > 0x78e6bc52 : call rdx > 0x78e5515a : call rsi jmp > 0x78eadb67 : push rsp; ret > 0x78e9b76e : jmp rax > 0x78ecf42d : jmp rbx > 0x78e57064 : jmp rcx > 0x78e85a4a : jmp rdx load mem > 0x78e631e1 : mov eax, [rcx]; ret > 0x78f1150c : mov rax, [r8 + 0x20]; ret > 0x78eee116 : mov eax, [rcx + 0x18]; ret > 0x78efa72e : mov eax, [rdx + 0x38]; ret > 0x78e75365 : movzx ecx, [rdx]; sub eax, ecx; ret load reg > 0x78e54301 : pop rax; ret > 0x78e51db8 : pop rbx; ret > 0x78ec4a4c : pop rcx; ret > 0x78eeb3c8 : pop rdx; ret > 0x78e511de : pop rsi; ret pop pop ret > 0x78e541b7 : pop r12; ret > 0x78e56008 : pop r12; pop rbp; ret > 0x78e7f2a5 : pop r12; pop rbp; pop rbx; ret > 0x78e52c38 : pop r12; pop rdi; pop rsi; pop rbp; ret > 0x78e53083 : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret sp lifting > 0x78e8032a : add rsp, 0x108; ret > 0x78e8032a : add rsp, 0x108; ret > 0x78e907cf : add rsp, 0x268; ret > 0x78e51c20 : add rsp, 0x38; ret > 0x78e8d40e : add rsp, 0x438; ret stack pivoting > 0x78ee150a : xchg eax, esp; ret > 0x78e62ad8 : mov rsp, r11; pop r12; ret > 0x78e62ad9 : mov esp, ebx; pop r12; ret > 0x78f0278e : lea rsp, [rbp + 0x10]; pop rbp; ret > 0x78eb2179 : push rcx; pop rsp; call rax syscall > 0x78e9bb68 : syscall ; ret write mem > 0x78ecabef : add [rbx], edi; ret > 0x78e60fb1 : add [rcx], eax; ret > 0x78eee89e : add [rdx], rcx; ret > 0x78eee89f : add [rdx], ecx; ret > 0x78f149a0 : add [rdx], edi; ret