Let us try to locate a gadget that may leak the handle of the stack (which we will will need later to return gracefully right after our ROP chain finishes).We previously understand what the First eax value might be at time of calling the gadget (through the partial-pointer-overwrite leak explained previously mentioned), so we can easily just subtra