ropshell> use 2a003eca609be390f13cb47a10f0c966 (download)
name         : offsecsrv.exe (i386/PE)
base address : 0x401000
total gadgets: 3926
ropshell> suggest "stack pivoting"
> 0x0040e701 : xchg eax, esp; ret
> 0x004025e9 : mov esp, ebp; pop ebp; ret
> 0x0040231f : lea esp, [ebp - 0xc]; pop ebx; pop esi; pop edi; pop ebp; ret
> 0x0040eef4 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; jmp eax
> 0x0043a567 : lea esp, [eax - 0x76000002]; inc ecx; xor [ebx - 0x1676b], cl; dec [ebx + 0x24148902]; call [eax + 0x28]
> 0x0041e4aa : lea esp, [esi + edi*8 + 0x108bffff]; mov [esp + 8], esi; mov [esp + 4], ecx; mov [esp], eax; call [edx + 0x30]
> 0x0040138e : leave ; ret