ropshell> use e5411df154e4129318d2091bb5580a42 (download)
name         : kernel32.dll (x86_64/PE)
base address : 0x180001000
total gadgets: 2707

ropshell> suggest
call
    > 0x180033711 : call rcx
    > 0x180014110 : call rdi
    > 0x1800303e5 : call [rax]
    > 0x1800751f7 : call [rbx]
    > 0x18007510a : call [rcx]
jmp
    > 0x18002585f : jmp rax
    > 0x1800019e7 : jmp rcx
    > 0x180002931 : jmp rdi
    > 0x18000fb4b : jmp [rax]
    > 0x18003e549 : jmp [rbx]
load mem
    > 0x180021400 : mov eax, [rcx + 0x10]; ret
    > 0x18000ccf8 : mov rcx, [rdx]; sub eax, ecx; ret
    > 0x18000ccf9 : mov ecx, [rdx]; sub eax, ecx; ret
    > 0x180077e02 : mov rax, [rdx + 0x18]; add rax, rcx; ret
    > 0x180077e03 : mov eax, [rdx + 0x18]; add rax, rcx; ret
load reg
    > 0x18000a5c2 : pop rax; ret
    > 0x180001398 : pop rbx; ret
    > 0x180046f13 : pop rcx; ret 3
    > 0x180024ea2 : pop rdx; ret
    > 0x1800090ed : pop rsi; ret
pop pop ret
    > 0x1800123f7 : pop r12; ret
    > 0x18000d13b : pop r12; pop rbp; ret
    > 0x180007398 : pop r12; pop rdi; pop rbp; ret
    > 0x18006a260 : pop r12; pop rdi; pop rbx; pop rbp; ret
    > 0x180003fac : pop r12; pop rdi; pop rsi; pop rbp; pop rbx; ret
sp lifting
    > 0x180026a87 : add rsp, 0x118; ret
    > 0x180026a87 : add rsp, 0x118; ret
    > 0x1800071e5 : add rsp, 0x28; ret
    > 0x180007644 : add rsp, 0x38; ret
    > 0x18000104d : add rsp, 0x48; ret
stack pivoting
    > 0x18002188a : xchg eax, esp; ret
    > 0x180013373 : mov rsp, r11; pop r14; ret
    > 0x180013374 : mov esp, ebx; pop r14; ret
    > 0x180055d22 : push rbx; add cl, [rax - 0x75]; pop rsp; and al, 8; ret
    > 0x180032133 : push rcx; sub cl, ch; pop rsp; xor edi, esi; jmp [rbp + 0x48]
syscall
    > 0x180026374 : int 0x80; adc al, 0; add [rbp + 0x2e], dh; ret
write mem
    > 0x18006a3bc : add [rax + 0xf], ecx; ret
    > 0x18007b8c6 : add [rax + 1], edi; ret
    > 0x1800075e8 : adc [rcx + 0x20], eax; ret
    > 0x18006a3bb : add [r8 + 0xf], ecx; ret
    > 0x180067791 : add [rdi], ecx; xchg eax, ebp; ret