Exploit Dev — ROP

ret2libc calls one whole function — ROP generalises that to arbitrary computation built from borrowed scraps. A gadget is a few instructions ending in ret; chain enough and you have a Turing-complete program made of code already in memory. We cover gadget anatomy and categories, finding them with ROPgadget/ropper, building chains with pwntools ROP(), write-what-where to plant data, a pure-syscall execve chain, and stack pivoting for tiny buffers.