ropshell> use efcd27d53abd0eb504910c86672c0bd1 (download)
name         : product_metainfo.dll (i386/PE)
base address : 0x6adb1000
total gadgets: 17759

ropshell> suggest "stack pivoting"
> 0x6adc45ce : xchg eax, esp; ret
> 0x6adcc16f : mov esp, ebp; pop ebp; ret
> 0x6ae633bf : xchg esp, ebx; idiv bh; pop ecx; ret
> 0x6ae643bf : xchg esp, ecx; idiv bh; pop ecx; ret
> 0x6adfc409 : xchg ebp, esp; sbb eax, [eax]; ret 4
> 0x6aeaf334 : mov esp, esi; jmp [esi - 0x75]
> 0x6afb8e61 : xchg ecx, esp; call [edi - 0x39]
> 0x6af53d92 : xchg edi, esp; call [ebp - 0x75]
> 0x6af88e0d : xchg esp, esp; call [edi - 0x39]
> 0x6aeaee31 : xchg esp, esi; lcall [edi + 0x5e]; pop ebx; pop ebp; ret
> 0x6af08df3 : xchg esp, ebp; call [edi - 0x39]
> 0x6af88e0d : xchg esp, esp; call [edi - 0x39]
> 0x6afb8a04 : mov esp, ecx; call [edi - 0x39]
> 0x6afa8a6c : mov esp, edx; call [edi - 0x39]
> 0x6af889b7 : mov esp, esp; call [edi - 0x39]
> 0x6af73f68 : push eax; pop esp; add al, 0; mov esp, ebp; pop ebp; ret 0xc
> 0x6af17368 : xchg esp, eax; add [eax], al; mov esp, ebp; pop ebp; ret
> 0x6adcdcf1 : lea esp, [edi + edi*8 - 1]; call [ecx - 0x75]
> 0x6ae176f4 : lea esp, [ebp + edi*8 - 1]; call [ecx - 0x75]
> 0x6af1cd93 : xchg esp, edi; add [eax], al; add [ebx - 0x241f1739], cl; or [eax], eax; ret 4
> 0x6af72f5f : lea esp, [eax - 0x74000003]; inc ebp; or [ecx - 0xb77b], cl; jmp [esi - 0x75]
> 0x6af7cbf9 : lea esp, [ebx - 0x1e]; mov eax, [eax + 4]; push eax; mov ecx, [eax]; call [ecx + 0xc]
> 0x6ae56ea5 : xchg esp, edx; add [eax], al; add [edi - 0x77], bl; xchg ah, dl; add [eax], al; add [esi + 0x5d], bl; ret
> 0x6afbac8a : leave ; ret