Free Online ROP Gadgets Search

ropshell> use 7eef6f7895500f017d1f080e77b73233 (download)
name         : lib32-libc.so.6 (i386/ELF)
base address : 0x20290
total gadgets: 18126

ropshell> suggest "load mem"
> 0x000739db : mov eax, [edx]; ret
> 0x00179b8b : mov edi, [esi]; jmp ebx
> 0x0007ffd0 : mov eax, [ecx]; mov [edx], eax; ret
> 0x0008001d : mov eax, [ecx + 8]; sub eax, edx; ret
> 0x00080dd8 : mov eax, [edx + 0x18]; jmp eax
> 0x0004a6a1 : mov ebx, [eax + 0x34]; xor eax, eax; ret
> 0x00130e76 : mov ebp, [ecx + 0xc]; jmp edx
> 0x00184dc2 : mov ecx, [eax]; mov [edx], ecx; pop ebx; ret
> 0x0013bca9 : mov ebx, [eax]; mov eax, 6; call gs:[0x10]; pop ebx; ret
> 0x000f5da8 : mov edx, [eax]; mov [eax], ecx; mov eax, edx; ret
> 0x00127ed7 : mov edx, [esi]; pop ebx; pop esi; pop edi; mov eax, edx; ret
> 0x0007c1f3 : mov eax, [esi + 0x10]; pop esi; pop edi; jmp eax
> 0x000756c9 : mov eax, [edi + 0x10]; pop esi; pop edi; jmp eax
> 0x00070e23 : mov ecx, [eax + 0x58]; mov [ecx + 0x88], edx; ret
> 0x0018e269 : movzx ecx, [esi + ecx]; sub eax, ecx; pop esi; pop edi; ret
> 0x00146918 : mov esi, [eax + 0x1fff90d]; fidivr [esi]; jmp edx
> 0x0004a7a3 : mov esi, [edi + 0x3c]; mov edi, [edi + 0x38]; ret
> 0x00170845 : mov eax, [ebx]; add esp, 4; pop ebx; pop esi; jmp eax
> 0x00185f56 : movzx eax, [esi]; mov [edi], al; pop esi; pop edi; pop ebx; ret
> 0x000dbfd4 : mov edx, [ebx + 0xc]; mov [ebx + 0xc], edx; pop ebx; ret
> 0x00124e90 : mov edx, [ecx + 0x4628]; add [edx + eax*2], 1; ret
> 0x0008ed90 : mov esi, [ebx + 0x22c]; pop ebx; mov eax, esi; pop esi; pop edi; ret
> 0x0015527e : mov eax, [ebx + 0x10]; push esi; call [eax + 0x10]
> 0x0015dc22 : mov eax, [ebp + 0x3c]; push ebx; call [eax + 0x10]
> 0x0015e957 : mov ecx, [edx + 4]; push edx; call [ecx + 0x10]
> 0x0015e75f : mov edx, [eax + 0x20]; push eax; call [edx + 0x10]
> 0x00130e73 : mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x0004a69e : mov ebp, [eax + 0x2c]; mov ebx, [eax + 0x34]; xor eax, eax; ret
> 0x0013cb53 : mov eax, [edi]; pop ebx; add esi, eax; mov [edi], esi; pop esi; pop edi; ret
> 0x0007bad2 : mov edx, [esi + 0x58]; mov [edx + 0x88], ecx; add esp, 4; pop ebx; pop esi; ret
> 0x001130e9 : mov ebp, [edi + 8]; mov edi, [edi + 4]; call gs:[0x10]; pop ebp; pop edi; pop ebx; ret
> 0x00130e70 : mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x000aec40 : mov ecx, [esi]; mov [eax + 4], dh; mov [eax], ecx; mov eax, [esp + 8]; pop esi; ret
> 0x00155249 : mov eax, [ebp]; sub esp, 8; mov edx, [eax + 0x20]; push esi; push eax; call [edx + 4]
> 0x000686d6 : mov edx, [ebx]; add [eax], al; sub esp, 4; push ebx; push ebp; push edi; call [eax + 0x1c]
> 0x00037337 : mov edi, [eax + 8]; mov ebp, [eax + 0xc]; mov eax, [esp + 8]; mov esp, ecx; jmp edx
> 0x00130e6e : mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x000765de : mov edx, [edi + 8]; mov [ebp - 0x44], eax; sub eax, edx; push eax; push edx; push edi; call [ebx + 0x38]
> 0x00160f3a : mov ebp, [esi + 0x30]; mov eax, [ebp + 0xc]; lea edi, [ebp + 8]; mov [ebp + 8], 0; push 0; push edi; call [eax + 0x14]