A system and method for identifying exploitable code sequences. In one implementation, a first processing device identifies an executable portion of a program and a set of registers of a second processing device, and stores a set of addresses in the set of registers. The first processing device allocates a region of memory populated with a set of values, and sets a stack pointer of the second processing device to point to a first location within the region of memory. The first processing device emulates an execution by the second processing device of an instruction at a first address of the executable portion. In response to determining that, after the emulating of the instruction at the first address, an address of a next instruction to execute after the instruction at the first address is in the set of addresses or the set of values, a signal is generated that indicates a potential exploitable code sequence.