Free Online ROP Gadgets Search

ropshell> use ca340a2a594352105b120027f64359ea (download)
name         : avpmain.dll (i386/PE)
base address : 0x67111000
total gadgets: 10618

ropshell> suggest "load mem"
> 0x67170b9c : mov eax, [esi]; pop esi; ret 4
> 0x67127dca : mov eax, [ecx + 0x140]; ret
> 0x6714b827 : mov ebp, [eax + 0x5de58b00]; ret 4
> 0x6712909b : mov eax, [ebp + 8]; pop ebp; ret 4
> 0x671327be : mov eax, [ecx]; push 1; call [eax]; ret
> 0x67164ad1 : mov eax, [edx]; push edx; call [eax + 8]; ret
> 0x67179050 : mov eax, [ebx]; call [eax + 0x18]
> 0x6717aad1 : mov eax, [edi]; call [eax + 0x18]
> 0x6712a1bf : mov ecx, [eax]; call [ecx + 0x10]
> 0x67135fc6 : mov ecx, [ebx]; call [ecx]
> 0x6712fe17 : mov ecx, [edx]; call [ecx + 0x10]
> 0x67122fd5 : mov ecx, [esi]; call [ecx]
> 0x67122f08 : mov ecx, [edi]; call [ecx]
> 0x67124ada : mov edx, [eax]; call [edx + 0x10]
> 0x6716aa0f : mov edx, [ecx]; call [edx + 0x10]
> 0x6712eed5 : mov esi, [ecx]; call [esi + 0x14]
> 0x671573c5 : mov eax, [edi + 4]; pop edi; pop esi; mov esp, ebp; pop ebp; ret
> 0x6713cf5c : mov ecx, [edx + 8]; mov [eax + 8], ecx; pop ebp; ret 4
> 0x6712f91f : mov ecx, [esi + 0x170]; pop esi; mov [eax], ecx; pop ebp; ret 8
> 0x67122e5f : mov edx, [esi]; push edi; push esi; call [edx + 0x10]
> 0x671178bc : mov ecx, [ebp + 0xc]; mov [eax], ecx; mov esp, ebp; pop ebp; ret 8
> 0x6712fc34 : mov esi, [ebx]; mov ecx, ebx; push 1; call [esi + 0x48]
> 0x6712f6a4 : mov esi, [edi]; mov ecx, edi; push 0; call [esi + 0x48]
> 0x6718219c : mov eax, [edx + 0x30]; mov [ecx + 4], eax; xor eax, eax; pop ebp; ret
> 0x6719f2b5 : mov ecx, [eax + 4]; or [eax], 2; mov [eax + 4], ecx; ret
> 0x671376da : mov edx, [eax + 4]; lea eax, [edx - 8]; mov [edx + ecx - 0xc], eax; ret
> 0x6711607f : mov edx, [edi]; mov ecx, edi; mov esi, eax; call [edx + 4]
> 0x6715efda : mov ebx, [esi + 0xc]; mov [ebp - 0x18], 0x20; call [eax + 4]
> 0x6715c526 : mov ecx, [ebx + 0x18]; mov eax, [ecx]; call [eax + 0x14]
> 0x6712eecf : mov ecx, [edi + 0x288]; mov esi, [ecx]; call [esi + 0x14]
> 0x6712b965 : mov esi, [ebp + 8]; mov [ebp - 0x2c], esi; call [eax + 0x2c]
> 0x67124974 : mov edi, [esi]; push edx; push [ebp + 8]; push esi; call [edi + 0xc]
> 0x67146ef1 : mov eax, [esi + 0x10]; push eax; mov ecx, [eax]; call [ecx + 0xc]
> 0x6712c3ea : mov ebx, [ebp + 8]; push 1; push [edi + 0x78]; call [eax + 0x70]
> 0x67199cfc : mov edx, [ecx + 0xb8]; add edx, 4; mov ecx, [ebp - 0x20]; mov [ecx + 0xb8], edx; ret
> 0x671427c8 : mov edi, [ebp + 8]; push edi; mov eax, [edi]; call [eax]
> 0x671427ef : mov eax, [ebx + 0x10]; push edi; push eax; mov ecx, [eax]; call [ecx + 8]
> 0x671427c5 : mov esi, [eax]; push edi; mov edi, [ebp + 8]; push edi; mov eax, [edi]; call [eax]
> 0x6712fe0b : mov edx, [esi + 0x250]; movzx eax, [esi + 0x20]; push eax; push edx; mov ecx, [edx]; call [ecx + 0x10]
> 0x67124970 : mov edx, [ebp + 0x10]; push eax; mov edi, [esi]; push edx; push [ebp + 8]; push esi; call [edi + 0xc]
> 0x67138466 : mov edi, [eax + 4]; add edi, esi; push [ecx + 0xc]; push [ecx + 8]; push edi; call [ecx]
> 0x671427e8 : mov esi, [edi + 4]; and [edi + 4], 0; mov eax, [ebx + 0x10]; push edi; push eax; mov ecx, [eax]; call [ecx + 8]
> 0x67167c6b : mov esi, [ecx + 0x75]; adc cl, [ebx - 0x74a9f78b]; push es; call [eax]