Free Online ROP Gadgets Search

ropshell> use cd889d78b8b5a30624126f9e7e16834b (download)
name         : rop2 (i386/ELF)
base address : 0x80490a0
total gadgets: 6669

ropshell> suggest "stack pivoting"
> 0x0804a8a0 : xchg eax, esp; ret
> 0x080a55e6 : mov esp, ecx; jmp edx
> 0x080ad92b : xchg esp, edi; call [eax - 0x73]
> 0x0804b41a : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x0809411d : xchg esp, eax; and al, 0xfe; call [eax + 0x68]
> 0x08056d49 : lea esp, [ebx + edi*8 - 1]; call [eax + 0x56]
> 0x08053f7b : lea esp, [edi + esi*8 - 1]; call [eax + 0x53]
> 0x08052d69 : lea esp, [eax]; idiv edi; dec [ebx - 0x8af7b]; call [edx - 0x75]
> 0x08086949 : xchg edi, esp; add [eax], al; add [ebx + 0x3ac0b3ac], cl; std ; inc [ecx]; fnstsw [esi]; jmp ebp
> 0x0805194c : xchg esp, esp; pop ds; add [eax], al; push ebx; add ebx, 0x34; call [eax + ecx*4]
> 0x0805194c : xchg esp, esp; pop ds; add [eax], al; push ebx; add ebx, 0x34; call [eax + ecx*4]
> 0x08049be5 : leave ; ret