ropshell> use f503e4ae1d2faf5a499a8119610ab505 (download)
name         : BNUpdate.exe (i386/PE)
base address : 0x401000
total gadgets: 4767

ropshell> suggest "stack pivoting"
> 0x0040b7cd : mov esp, ebp; pop ebp; ret
> 0x00414017 : xchg eax, esp; add al, 0; ret 0xc
> 0x0041112c : lea esp, [esp]; push esi; call ebx
> 0x0040ba66 : lea esp, [ebp - 0x120]; pop edi; pop esi; pop ebx; mov esp, ebp; pop ebp; ret 4
> 0x00424fc6 : mov esp, ecx; mov ecx, [eax]; mov eax, [eax + 4]; push eax; ret
> 0x00406603 : leave ; ret