Free Online ROP Gadgets Search

ropshell> use bb5cbffc096497506167bce1d9690ef2 (download)
name         : ntdll.dll (i386/PE)
base address : 0x7c901000
total gadgets: 6382

ropshell> suggest "load mem"
> 0x7c939d3c : mov eax, [edx + 4]; ret
> 0x7c96ff7f : mov eax, [ebp + 0x10]; pop ebp; ret
> 0x7c9273e0 : movzx ecx, [edx]; sub eax, ecx; pop ebp; ret
> 0x7c9361fc : mov eax, [ecx]; add [eax + 0x5d5e5f01], dh; ret 4
> 0x7c913309 : mov eax, [esi + 0x20]; pop esi; pop ebx; pop ebp; ret 0x10
> 0x7c92350e : mov ebx, [edx + 1]; add [ebx], bh; ret
> 0x7c9037ba : mov ecx, [ebp + 0x18]; call ecx
> 0x7c901a3f : mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x7c9037f2 : mov eax, [ecx + 8]; mov [edx], eax; mov eax, 2; ret 0x10
> 0x7c9624ce : mov ecx, [esi]; mov [eax], ecx; pop edi; pop esi; pop ebx; pop ebp; ret 8
> 0x7c964f78 : mov edi, [ebp + 0xc]; push edi; call [esi + 0x3c]
> 0x7c902fa0 : mov eax, [edx]; mov edx, [edx + 4];  cmpxchg8b [ebp]; pop ebp; pop ebx; ret 4
> 0x7c92744f : mov eax, [esi]; mov [edi], ax; xor eax, eax; pop edi; pop esi; pop ebp; ret 0xc
> 0x7c91a1f3 : mov edx, [eax]; mov [ecx + 4], edx; mov [eax], ecx; pop ebp; ret 4
> 0x7c920752 : mov ecx, [edi]; movzx eax, ax; mov [eax + ecx], 0; pop edi; pop esi; pop ebp; ret 0x14
> 0x7c91c914 : mov eax, [ebx + 0xc]; mov ecx, [ebp - 0x34]; mov [eax + 0x24], ecx; xor ecx, ecx; ret
> 0x7c9700de : mov ebx, [ebp + 0xc]; push ebx; push [ebp + 8]; call [ebp + 0x18]
> 0x7c9206f2 : mov ecx, [esi + 4]; shr eax, 1; and [ecx + eax*2], 0; pop esi; pop ebp; ret 8
> 0x7c91c248 : mov edx, [ecx]; mov ax, [ebp + 8]; mov [edx], ax; add [ecx], 2; pop ebp; ret
> 0x7c967db6 : mov edx, [ecx + 8]; sub [eax + 0x3c], edx; and [ecx + 0x24], 0; pop esi; pop ebp; ret 0xc
> 0x7c92e176 : movzx edx, [esi + 2]; sub edx, ecx; mov [eax + 8], edx; xor eax, eax; pop esi; pop ebp; ret 0x10
> 0x7c952021 : mov edi, [eax]; lea ebx, [ebp - 4]; push ebx; push edx; push ecx; push eax; call [edi + 0x10]
> 0x7c91ec3a : mov esi, [ecx + 8]; mov [ecx + esi*4 + 0x10], edx; inc [ecx + 8]; pop esi; pop ebp; ret 0xc
> 0x7c924e05 : mov esi, [ebp + 8]; lea eax, [edi + 0x18]; push eax; push esi; call [esi + 0x1c]
> 0x7c9038f0 : mov eax, [ebp]; mov [ebx + 0xb4], eax; lea eax, [ebp + 8]; mov [ebx + 0xc4], eax; pop ebx; ret 4
> 0x7c910935 : mov ecx, [eax + 0x20]; mov [ebp - 0x1c], ecx; and [ebp - 4], 0; push [eax + 0x1c]; call [ebp - 0x1c]
> 0x7c9629ce : mov esi, [edi + 8]; lea eax, [esi + 0x10]; push eax; push [ebp + 0xc]; push edi; call [edi + 0x28]