Free Online ROP Gadgets Search

ropshell> use 2e92b666a7cc8af174d4445be8fdb0ed (download)
name         : ntdll.dll (i386/PE)
base address : 0x77ec1000
total gadgets: 10918

ropshell> suggest "load mem"
> 0x77f86e16 : mov eax, [ecx + 0x10]; ret
> 0x77f05e44 : mov eax, [edx + 4]; ret
> 0x77f17867 : mov edx, [ecx + 4]; ret
> 0x77ec6b25 : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x77f1f115 : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x77f7c34f : mov eax, [esi + 0x38]; pop esi; pop ebp; ret 4
> 0x77f17865 : mov eax, [ecx]; mov edx, [ecx + 4]; ret
> 0x77ec78e3 : mov ebp, [edx]; add al, [eax]; pop ebp; ret 0xc
> 0x77f06294 : mov ecx, [ebp + 0x18]; call ecx
> 0x77f8ef13 : mov edx, [ecx]; mov [ecx + 4], edx; pop ebp; ret 4
> 0x77eec4a7 : movzx ecx, [eax]; lea eax, [eax + ecx*8 - 8]; pop ebp; ret 4
> 0x77f6f056 : mov ecx, [esi]; sub ecx, eax; mov eax, ecx; pop esi; pop ebp; ret 4
> 0x77ec7f8c : mov ecx, [eax + 0x34]; push [ebp + 0xc]; call ecx; pop ebp; ret 8
> 0x77f1b292 : mov edx, [ebp + 8]; xor ecx, ecx; call eax
> 0x77f91888 : mov eax, [edx]; add [eax], al; push ebx; call eax
> 0x77ecb023 : mov eax, [ebx + 4]; push ebx; call [eax]
> 0x77ede51a : mov eax, [edi + 4]; push edi; call [eax]
> 0x77f83031 : mov esi, [ebp + 8]; push esi; call [ebp + 0x10]
> 0x77f7d7be : mov edi, [ebp + 0xc]; push edi; call [esi + 0x3c]
> 0x77f5d86c : mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4
> 0x77f2ad4d : mov ecx, [edi]; movzx eax, ax; mov [eax + ecx], 0; pop edi; pop esi; pop ebp; ret 0x14
> 0x77ed88e6 : movzx edx, [esi + 2]; sub edx, ecx; mov [eax + 8], edx; xor eax, eax; pop esi; pop ebp; ret 0x10
> 0x77f2acec : mov ecx, [esi + 4]; shr eax, 1; xor edx, edx; mov [ecx + eax*2], dx; pop esi; pop ebp; ret 8
> 0x77f33f65 : mov esi, [eax + 0xf28]; mov [ecx], esi; pop esi; mov [eax + 0xf28], edx; xor eax, eax; pop ebp; ret 8
> 0x77f25210 : mov esi, [ecx + 8]; mov [ecx + esi*4 + 0x10], edx; inc [ecx + 8]; pop esi; pop ebp; ret 0xc
> 0x77ed764b : mov edx, [eax + 0xc]; mov [ecx + 0xa], dx; mov ax, [eax + 0xe]; mov [ecx + 0xc], ax; pop ebp; ret 8
> 0x77f23b9e : mov esi, [edi + 8]; lea eax, [esi + 0x10]; push eax; push [ebp + 0xc]; push edi; call [edi + 0x28]