Free Online ROP Gadgets Search

ropshell> use 30730a50b95125d8b809d9116dd12973 (download)
name         : steamclient_short.dll (i386/PE)
base address : 0x38001000
total gadgets: 66153

ropshell> suggest "load mem"
> 0x380979f6 : mov eax, [ecx]; ret
> 0x38091bf2 : mov eax, [ebx]; pop ebx; ret
> 0x3809e2e7 : mov eax, [esi]; pop esi; ret
> 0x3821b640 : mov eax, [ecx + 0x114]; ret
> 0x38379268 : mov ebx, [esi + 0x5d]; ret
> 0x383a63c3 : mov edx, [ecx + 0x34]; ret
> 0x383912f9 : mov eax, [edx]; jmp eax
> 0x380e01a8 : mov esi, [ecx]; add dh, dh; ret
> 0x380d0185 : mov esi, [edx]; add dh, dh; ret
> 0x38360f65 : mov eax, [ebx + 0x131c]; pop ebx; ret
> 0x3818a830 : mov eax, [edx + 0x40]; pop ebp; ret 8
> 0x380d7655 : mov eax, [esi + 0x10]; pop esi; ret
> 0x3810e6ca : mov eax, [edi + 0x10]; pop edi; ret
> 0x3815df91 : mov eax, [ebp + 0x10]; pop ebp; ret 0xc
> 0x383541a6 : mov ebx, [edx]; add [esi - 0x76], bl; ret
> 0x3829ec6e : mov edx, [ecx]; call [edx + 0x17c]; ret
> 0x3815e9cb : mov edx, [esi + 0x1c]; pop esi; pop ebp; ret
> 0x3813dbd6 : mov ebx, [edi]; add [ebx + 0x5e5f04c4], al; ret
> 0x383b02d8 : mov ecx, [eax]; pop edi; pop esi; pop ebx; pop ebp; ret 0xc
> 0x38188040 : mov edx, [eax]; call [edx + 0x10]; pop ebp; ret
> 0x382b8311 : mov ecx, [edx + 0x24]; add [esi - 0x76], bl; ret
> 0x38355593 : mov ecx, [esi + 0x20]; call ebx
> 0x3808d0b3 : mov ecx, [ebp + 8]; call ebx
> 0x380a8a9f : mov eax, [edi]; call [eax + 0x10]
> 0x3819dba6 : mov ebx, [ecx]; add [ebx - 0x3974fb3c], al; pop esi; pop ebp; ret 4
> 0x381bcc88 : mov edx, [ebx]; call [edx + 0x20]
> 0x381c5fcd : mov edx, [esi]; call [edx + 0x54]
> 0x3818c386 : mov edx, [edi]; call [edx + 4]
> 0x381bccd0 : mov esi, [eax]; call [esi + 0x20]
> 0x3820055f : mov esi, [edi]; call [esi + 0x1a8]; pop edi; pop esi; ret
> 0x3823117b : mov edi, [esi]; call [edi + 0x68]
> 0x3836b18d : mov edx, [edi + 0x1b00138]; pop edi; mov esp, ebp; pop ebp; ret
> 0x3815ddfd : mov edx, [ebp + 0x18]; pop esi; mov esp, ebp; pop ebp; ret 0x14
> 0x3817a460 : mov esi, [ebp + 0x14]; push esi; call ebx
> 0x381b0310 : mov edi, [edx + 0x38]; push eax; call esi
> 0x3834a6ac : mov ecx, [edx]; push edx; call [ecx + 8]
> 0x380b8182 : mov ecx, [esi]; pop esi; pop edi; mov [eax], ecx; pop ebp; ret 0x10
> 0x38089822 : mov ecx, [edi]; push eax; call [esi + 0x28]
> 0x381a041e : movzx ebx, [ecx + 0x14]; call [eax]
> 0x38189ef8 : mov ebx, [edi + 0x14]; call [eax + 0x18]
> 0x3806fd28 : mov ecx, [eax + 0x168]; push esi; push eax; call ecx
> 0x38070791 : mov ecx, [ebx + 0x150]; push esi; push ebx; call ecx
> 0x3806fd4c : mov edx, [eax + 0x16c]; push esi; push eax; call edx
> 0x3806e777 : mov edx, [ebx + 0x14c]; push edi; push ebx; call edx
> 0x380d5b3c : mov esi, [eax + eax]; add esp, 8; pop edi; pop esi; pop ebp; ret 4
> 0x381e5632 : mov esi, [ebx + 0x40]; call [eax + 0x34]
> 0x3819fb68 : mov esi, [ecx + 0x10]; call [eax]
> 0x3838da41 : mov esi, [edi + 0x26e0]; call [eax + 0x28]
> 0x382481ef : mov ecx, [ebx]; pop edi; pop esi; mov [edx], ecx; pop ebx; pop ebp; ret 8
> 0x381bc930 : mov ebx, [ebp + 8]; mov eax, ebx; pop ebx; pop edi; pop esi; pop ebp; ret 0xc
> 0x38236627 : mov ecx, [edi + 0x17c]; push eax; call [esi + 0x34]
> 0x3829f969 : mov edi, [ebp + 0x38]; mov [eax + 4], esi; pop esi; pop ebp; ret
> 0x38149f20 : mov ebp, [eax + eax]; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret 4
> 0x3821a302 : mov esi, [ebx]; mov eax, [ecx]; call [eax + 0xc]
> 0x38215857 : mov edi, [ebx]; mov eax, [ecx]; call [eax + 0xc]
> 0x38242b28 : mov edi, [ecx + eax]; add [ebx + 0x14408b01], cl; call eax
> 0x381c1976 : mov edi, [esi + 0x178]; mov ecx, ebx; call [eax + 0x20]
> 0x3806eba0 : mov ebp, [ecx + eax]; add [esi + 0x53], dl; call ecx
> 0x38244814 : mov ebx, [eax + 0x14]; mov eax, [edi]; call [eax + 0x34]
> 0x3821e531 : mov edi, [eax]; mov eax, [ecx]; mov eax, [eax + 0x84]; call eax
> 0x38340b7c : mov edi, [ecx]; push [eax + edx*8 + 8]; call [edi + 0x1c]
> 0x38384b99 : mov ebx, [eax]; sbb [eax], al; add [edx], ch; call [eax + 0x14]
> 0x382328f2 : mov ebp, [eax]; add [eax], eax; add [ebp - 0xa37b], cl; call [eax - 0x73]
> 0x38245e9e : mov edi, [eax + 4]; mov eax, [ecx]; mov eax, [eax + 0x4c]; call eax
> 0x383cb3b1 : mov ebp, [ebx]; add [ecx + 0x38767728], ah; push 0; push esi; mov ecx, [eax]; mov eax, [ecx]; call [eax + 0x1c]