Why does the ROP chain include 'filler' values like 0x41414141 and how are they compensated?

The filler values (0x41414141) are used to adjust the stack pointer after certain instructions that skip extra bytes (e.g., `RETN 0x10` or `RETN 0x04`). They act as padding to ensure the ROP chain stays aligned and the next gadget address is correctly reached. The number of filler entries corresponds to the offset compensation required by the preceding `RETN` with a non-zero argument, as seen in the article's mona-generated chain.