problem in rewrite RET address in Buffer OverFlow

[Mani.682001 () gmail com]

hi list
i Work for writing one local exploit so i want to rewrite RET address with EIP(some where My NOP and Shellcode is 
there) but i have a problem in this.
the EIP address is 002F77E1 if you pay some attension you can see first byte is "00" and if i put it in my String in my 
exploit C/C++ think its end of String so what can i do? i ask this Question from my friend he answered use User32.dll 
but i opened it by debugger and searched "jmp eip" i found some address without any 00 byte but it's not work correctly 
my Question is what we use user32.dll and what does it do and is there any other DLL for jumping in EIP address?