Free Online ROP Gadgets Search

ropshell> use da630a8a6bbc5fce09f3356cb8b148f8 (download)
name         : libc-2.24.so (i386/RAW)
base address : 0x0
total gadgets: 29589

ropshell> suggest "stack pivoting"
> 0x00018af7 : xchg eax, esp; ret
> 0x0001e961 : xchg esp, ecx; ret
> 0x0002bbed : mov esp, ecx; jmp edx
> 0x00166d85 : mov esp, ebp; call esp
> 0x0003e847 : lea esp, [ebp - 8]; pop ebx; pop esi; pop ebp; ret
> 0x001657f1 : mov esp, edi; inc [eax]; mov edi, esp; jmp [eax - 0x74]
> 0x00074f7f : lea esp, [eax - 0x76000001]; inc esp; and al, 0xc; call [ecx]
> 0x000a9e57 : lea esp, [edi + edi*8 - 1]; dec [ecx - 0x8b6b]; call [edi + 0x6a]
> 0x000662c6 : push ebp; or [ebx - 0x3b7eef3c], al; pop esp; add [eax], eax; add [ecx + 0x5f5e5bf8], cl; pop ebp; ret
> 0x0002eb0c : xchg esp, esp; add ss:[eax], al; mov [esp + 0xc], eax; push 0; push ecx; call edx
> 0x0002eb0c : xchg esp, esp; add ss:[eax], al; mov [esp + 0xc], eax; push 0; push ecx; call edx
> 0x0004f3dd : lea esp, [edx + edi*8 - 0x49f00001]; ror [ebx + 0x2dbc81b4], -6; inc [ecx]; into ; jmp esi
> 0x0004f618 : xchg esp, edx; adc al, 0; add [ebx - 0x55b7b], cl; dec [edi]; mov dh, -0x2e; add eax, [eax + edx*4 - 0x5d188]; jmp eax
> 0x000376f8 : leave ; ret