ropshell> use 36354d9b5b0a58a4b9a19103852c00a2 (download)
name         : msvcrt.dll (x86_64/PE)
base address : 0x110101000
total gadgets: 2579
ropshell> suggest
call
    > 0x11010edbd : call rax
    > 0x11016bf16 : call rbx
    > 0x11010e70d : call rcx
    > 0x110112a6d : call rdx
    > 0x11012fb3b : call rsp
jmp
    > 0x11016c8c4 : push rsp; ret
    > 0x1101135ef : jmp rax
    > 0x1101310dd : jmp rcx
    > 0x11010ab79 : jmp rdx
    > 0x110113604 : jmp r10
load mem
    > 0x110112790 : mov eax, [rcx + 0x14]; ret
    > 0x11015e436 : movzx ecx, [rdx]; sub eax, ecx; ret
    > 0x11013dd7c : mov rax, [rcx]; mov rax, [rax - 8]; ret
    > 0x11013dd7d : mov eax, [rcx]; mov rax, [rax - 8]; ret
    > 0x110114260 : mov rax, [rdx]; cmp [rcx], rax; sete al; ret
load reg
    > 0x1101068fb : pop rax; ret
    > 0x11010110e : pop rbx; ret
    > 0x1101698b8 : pop rcx; ret
    > 0x110169687 : pop rdx; ret
    > 0x11010244a : pop rsi; ret
pop pop ret
    > 0x11010313e : pop r12; ret
    > 0x1101061c7 : pop r12; pop rbp; ret
    > 0x110111ca0 : pop r12; pop rdi; pop rbp; ret
    > 0x110105151 : pop r12; pop rdi; pop rsi; pop rbp; ret
    > 0x11010bafb : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x1101732c8 : add rsp, 0x10; ret
    > 0x1101732c8 : add rsp, 0x10; ret
    > 0x11010211a : add rsp, 0x28; ret
    > 0x110102a9e : add rsp, 0x38; ret
    > 0x11010bb1e : add rsp, 0x48; ret
stack pivoting
    > 0x11016982d : mov rsp, r11; ret
    > 0x110102375 : xchg eax, esp; ret
    > 0x11016982e : mov esp, ebx; ret
    > 0x1101153ad : lea rsp, [rbp + 0xd0]; pop rbp; ret
    > 0x1101153ae : lea esp, [rbp + 0xd0]; pop rbp; ret
write mem
    > 0x11014e05d : add [rdi], ecx; ret
    > 0x11014e05c : add [r15], ecx; ret
    > 0x110155c54 : add [rax + 0xf], ecx; ret
    > 0x110168607 : add [rcx + 0x23], eax; ret
    > 0x110155c53 : add [r8 + 0xf], ecx; ret