Free Online ROP Gadgets Search

ropshell> use 1750752e88087e169b97ae8e4052abb5 (download)
name         : EScript_180020038.api (i386/PE)
base address : 0x23801000
total gadgets: 21964

ropshell> suggest "load mem"
> 0x23811767 : mov eax, [ecx]; ret
> 0x238c6e73 : mov eax, [ecx + 0x10]; ret
> 0x2388aaf3 : mov ebp, [ecx + 0x28682388]; ret
> 0x2381088a : mov eax, [esi]; pop ecx; pop esi; ret
> 0x2383d8f5 : mov eax, [edx + 4]; pop ebp; ret
> 0x2395f3d2 : mov eax, [esi + 0x1c]; pop esi; ret
> 0x23878d67 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x23879aee : mov edx, [ebp + 0xc]; pop ebp; ret
> 0x238c5fa5 : movsx eax, [edi]; push eax; call ebx
> 0x2393ab26 : mov eax, [ebx]; call [eax + 0x5c]
> 0x2387a6e8 : mov eax, [edx]; mov edx, [edx + 4]; pop ebp; ret
> 0x2384f827 : mov ecx, [esi]; pop esi; mov [eax], ecx; pop ebp; ret 8
> 0x2396511c : mov edx, [esi]; call [edx]
> 0x238d1f81 : mov esi, [edi]; call [eax + 0x54]
> 0x238ed28f : mov ecx, [ebp + 0x10]; mov [ecx], eax; pop ebp; ret
> 0x23846c7f : mov esi, [ebp + 8]; push esi; call eax
> 0x23860dcb : mov ecx, [eax]; push eax; call [ecx + 0x78]
> 0x23881ae1 : mov edx, [eax]; push ebx; call [edx + 0x1c]
> 0x238caf5a : mov edx, [ecx]; push ecx; call [edx + 8]
> 0x238da22a : mov esi, [ecx]; push ecx; call [eax + 0xc]
> 0x23873f88 : mov ebx, [ebp + 0x10]; call [eax + 0x14]
> 0x238ec50d : mov ecx, [eax + 0xc]; call [ecx + 0x10]
> 0x238fb7aa : mov ecx, [edx + 4]; mov [eax + 4], ecx; pop ebp; ret
> 0x238ffb2c : mov ecx, [esi + 0x1c]; pop esi; mov [eax], ecx; pop ebp; ret
> 0x2381d5b6 : mov edx, [eax + 0x10]; mov [ebx + 4], edx; pop ebx; ret
> 0x2389609f : mov esi, [eax + 0x30]; call [eax + 0x28]
> 0x238b2b73 : mov ecx, [ebx]; push [ebp - 0x14]; call [ecx + 0x1c]
> 0x238ece9e : mov ecx, [edx]; cmp ecx, [ebp + 0x10]; cmove eax, edx; pop ebp; ret
> 0x23882999 : mov edx, [edi]; mov ecx, edi; call [edx]
> 0x238a0ed2 : mov ebx, [ecx + 0x58858d23]; idiv edi; call [eax - 0x73]
> 0x238ecfbd : mov edx, [ecx + 8]; mov eax, [ecx]; mov [edx], eax; ret
> 0x23845881 : mov ecx, [edi + 4]; mov [ecx], edi; pop edi; pop esi; pop ebx; pop ebp; ret 8
> 0x238e35ba : mov ecx, [ebx + 0x1c]; mov eax, [ecx]; call [eax + 0x18]
> 0x238d5390 : mov edi, [ebp + 8]; mov eax, [esi]; call [eax + 8]
> 0x238dbfaa : mov edx, [ebx]; mov esi, eax; pop ecx; mov ecx, ebx; call [edx + 0x4c]
> 0x23811d98 : mov eax, [edi + 0x10]; mov [esi], eax; and [edi + 0x14], 0; pop edi; pop esi; ret 4
> 0x23864351 : mov eax, [ebx + 0x9d0]; push [eax + esi*8 + 4]; push edi; call [eax + esi*8]
> 0x238ec4be : mov esi, [eax]; mov eax, [eax + 4]; push eax; mov ecx, [eax + 0xc]; call [ecx + 0xc]
> 0x23839896 : mov esi, [ecx + 4]; movsd es:[edi], [esi]; movsd es:[edi], [esi]; movsd es:[edi], [esi]; pop esi; pop edi; ret