ropeme Start the tool python3 ropshell.py # look for rops in a .so that gets loaded at a static address generate /lib/lib.so load /lib/lib.so.ggt Search for a specific gadget ROPeMe> search xor eax, eax ROPeMe> search pop ecx % pop edx REPeMe> search int 0x80 %