ropshell> use 2d16e455648f41e816d1951ab7d09667 (download) name : ch72.exe (i386/PE) base address : 0x401000 total gadgets: 1567
ropshell> suggest "stack pivoting" > 0x00411dfc : mov esp, ebx; pop ebx; ret > 0x0040108d : mov esp, ebp; pop ebp; ret > 0x00411539 : lea esp, [esp]; ret > 0x0040ce12 : lea esp, [eax + 0xbfffff8]; ret > 0x00404520 : xchg eax, esp; inc ebp; call ecx > 0x0040ef7e : leave ; ret