Free Online ROP Gadgets Search

ropshell> use 10f6cd85d683ae08273ef4f3d0a297de (download)
name         : libc.so.6 (i386/ELF)
base address : 0x18690
total gadgets: 16559

ropshell> suggest "stack pivoting"
> 0x0003e71a : xchg eax, esp; ret
> 0x0002d7ef : mov esp, ecx; jmp edx
> 0x00041418 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x000bba15 : xchg esp, esp; mov bh, 0xfa; call [eax - 0x73]
> 0x000bba15 : xchg esp, esp; mov bh, 0xfa; call [eax - 0x73]
> 0x000c371f : lea esp, [ebx + edi*8 - 1]; call [ebx - 0x18]
> 0x00059eaf : lea esp, [edx + edi*8 - 1]; call [esi - 0x18]
> 0x000c7eef : lea esp, [edi + edx*8 - 1]; call [esi - 0x73]
> 0x000b6b3d : xchg ebp, esp; sbb eax, [eax]; add [ebx - 0x877b], cl; inc [ebx]; test [eax - 0x5dbc8], bl; jmp eax
> 0x0005db75 : xchg esp, ebx; sbb al, [eax]; add [ebx - 0x4e37b], cl; inc [ebx]; test [eax - 0x5f89c], bl; jmp eax
> 0x00058077 : xchg esi, esp; sldt [eax]; mov eax, [ebp - 0x590]; movzx edx, dl; add eax, [eax + edx*4 - 0x5faa8]; jmp eax
> 0x00109ac9 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; nop ; jmp edx
> 0x00106b42 : leave ; ret