Free Online ROP Gadgets Search

ropshell> use 5efa4121a76c377005e2f75c65ead6c4 (download)
name         : bf_libc.so (i386/ELF)
base address : 0x17750
total gadgets: 16814

ropshell> suggest "write mem"
> 0x000f7b3c : add [eax], ecx; ret
> 0x0008fcfc : add [eax], edx; ret
> 0x0008fd1c : add [eax], esi; ret
> 0x0007a3a8 : add [eax], edi; ret
> 0x00052aac : add [ecx], eax; ret
> 0x000c10d8 : adc [ecx], edi; ret
> 0x00040f68 : add [ecx], ebp; ret
> 0x000534ae : add [edi], ecx; inc esp; ret
> 0x00083ef1 : add [eax + 0x5f028d02], ecx; ret
> 0x00085a05 : add [ebx + 0x5b5fffd8], eax; ret
> 0x0008fed5 : add [esi + 0x5f], ebx; ret
> 0x000bc601 : add [edi + 0x5d], ebx; ret 8
> 0x00101ca3 : add [ebp + 0x39023044], ecx; ret
> 0x0007e404 : add [ecx], esi; idiv [eax]; ret
> 0x0007a122 : add [ebp + 0xfd089c0], eax; inc esp; ret
> 0x0010e871 : add [ecx], ebx; rol [ebx - 0x3b7cfd40], 0xc; ret
> 0x00115ba8 : add [eax + 0x14], edx; mov eax, 1; ret
> 0x00114cee : add [eax + 1], edi; add esp, 0x1c; ret
> 0x0002caee : adc [ebx + 0x74c98508], ecx; xor eax, eax; ret
> 0x00074cd2 : adc [ebx], eax; mov eax, [esp + 8]; pop edi; ret
> 0x000bc1fd : add [edx], edi; pop ebx; pop esi; pop edi; cmovne eax, edx; ret
> 0x000e346d : add [edi], esi; xor eax, eax; pop ebx; pop esi; pop edi; ret
> 0x00142665 : add [ebp + 0x18], esi; lea eax, [ecx + 4]; ret
> 0x000d10f7 : add [eax + 0x3c3474df], ebp; cmp cl, [edi]; xchg eax, esp; ret
> 0x0006a0cd : add [edx], ebp; push 0; push ebx; call [eax + 0x24]
> 0x000f4076 : adc [ecx + 0x102cc4], eax; add [ebx + 0x5e], bl; pop edi; pop ebp; ret
> 0x00120c81 : add [ecx + 0x438b5052], ebx; dec esp; push ebx; call [eax + 0x40]
> 0x0005ea6b : add [ecx + 9], edx; add [ebp - 0x37760b9b], cl; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x00115c9d : add [esi + 0x14], edi; mov [esi + 0x10], edi; pop ebx; pop esi; pop edi; ret
> 0x0005c46b : add [edi + 9], esi; add [ebp - 0x37760b9b], cl; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x0010aa9e : adc [edx + 0x2f], esi; cmp eax, 2; sete al; movzx eax, al; add esp, 8; pop ebx; ret
> 0x00133291 : adc [edx], ebx; add eax, [eax]; add ebx, [ebx + ecx*4]; jmp ebx
> 0x0007fcd3 : add [edx + 0xf660841], ecx; adc eax, [edx]; mov [edx + 8], al; mov eax, edx; ret
> 0x0011105a : add [eax + 0x5a], ebx; mov eax, [edi + 0x3c]; lea ecx, [esp + 0x10c]; push ecx; push ebp; call [eax + 4]