ropshell> use eea9a33878d43970747c24ed9c7801cb (download) name : ntdll.dll (x86_64/PE) base address : 0x180001000 total gadgets: 6376
ropshell> suggest "load reg" > 0x180006794 : pop rax; ret > 0x18000137d : pop rbx; ret > 0x18001a853 : pop rcx; ret > 0x18000132d : pop rsi; ret > 0x1800010df : pop rdi; ret > 0x1800011eb : pop rbp; ret > 0x180001d94 : pop rsp; ret > 0x180007223 : pop r8; ret > 0x18008c7e8 : pop r11; ret > 0x180001d93 : pop r12; ret > 0x180012d11 : pop r13; ret > 0x180002cb5 : pop r14; ret > 0x18001102c : pop r15; ret > 0x18008c7e7 : pop rdx; pop r11; ret > 0x18008c7e6 : pop r10; pop r11; ret > 0x18008c7e4 : pop r9; pop r10; pop r11; ret > 0x18000fd8e : mov rbx, [rsp + 0x10]; ret > 0x180052679 : mov rsi, [rsp + 0x10]; ret > 0x18002066d : mov rdi, [rsp + 0x10]; ret > 0x18000fd8f : mov ebx, [rsp + 0x10]; ret > 0x18005267a : mov esi, [rsp + 0x10]; ret > 0x18002066e : mov edi, [rsp + 0x10]; ret > 0x1800a3ed8 : mov eax, [rsp]; add rsp, 8; ret > 0x180035bee : mov rax, [rsp + 0x38]; add rsp, 0x28; ret > 0x1800a23a3 : mov r11, [rsp + 8]; add rsp, 0x10; ret > 0x1800d3677 : mov rcx, [rsp + 0x108]; call rax > 0x1800756ca : mov r12, [rsp + 0x38]; pop r15; pop r14; pop r13; ret > 0x1800d3678 : mov ecx, [rsp + 0x108]; call rax > 0x1800756cb : mov esp, [rsp + 0x38]; pop r15; pop r14; pop r13; ret > 0x18008597f : mov rbp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret > 0x1800a0dd6 : mov r9, [rsp + 0x38]; add rsp, 0x48; jmp rax > 0x180085980 : mov ebp, [rsp + 0x10]; mov rdi, [rsp + 0x18]; ret > 0x180058a4f : mov rdx, [rsp + 8]; mov [rcx], rdx; add rsp, 0x18; ret > 0x1800a239f : mov r10, [rsp]; mov r11, [rsp + 8]; add rsp, 0x10; ret > 0x180058a50 : mov edx, [rsp + 8]; mov [rcx], rdx; add rsp, 0x18; ret > 0x1800a0dd1 : mov r8, [rsp + 0x30]; mov r9, [rsp + 0x38]; add rsp, 0x48; jmp rax