Free Online ROP Gadgets Search

ropshell> use 7f2a49d0fdae805a08ee3b36ca235903 (download)
name         : libc.so.6 (i386/ELF)
base address : 0x177f0
total gadgets: 18590

ropshell> suggest "stack pivoting"
> 0x00018af7 : xchg eax, esp; ret
> 0x0002bc0d : mov esp, ecx; jmp edx
> 0x0003e557 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x00041027 : xchg esp, ecx; fsqrt ; call [eax + 0x68]
> 0x000ce654 : xchg esp, esi; idiv edx; call [eax - 0x18]
> 0x0001c4ea : xchg esp, esp; sar edx, cl; call [eax - 0x73]
> 0x0001c4ea : xchg esp, esp; sar edx, cl; call [eax - 0x73]
> 0x00074ecf : lea esp, [eax - 0x76000001]; inc esp; and al, 0xc; call [ecx]
> 0x000d0d4e : lea esp, [ebx + edi*8 - 1]; dec [ebp - 0x507277f]; call [eax - 0x73]
> 0x000a9dd7 : lea esp, [edi + edi*8 - 1]; dec [ecx - 0x8b6b]; call [edi + 0x6a]
> 0x00066306 : push ebp; or [ebx - 0x3b7eef3c], al; pop esp; add [eax], eax; add [ecx + 0x5f5e5bf8], cl; pop ebp; ret
> 0x0004f3cd : lea esp, [edx + edi*8 - 0x49f00001]; ror [ebx + 0x3cbc81b4], -6; inc [ecx]; into ; jmp esi
> 0x0004f608 : xchg esp, edx; adc al, 0; add [ebx - 0x55b7b], cl; dec [edi]; mov dh, -0x2e; add eax, [eax + edx*4 - 0x5c288]; jmp eax
> 0x000f7df5 : mov esp, edi; mov ebx, [ecx]; mov esi, [ecx + 4]; mov edi, [ecx + 8]; mov ebp, [ecx + 0xc]; jmp edx
> 0x000375b7 : leave ; ret