I wanted to find jmp address of several machines however as we all know that opcode database is down , I need to do it manually .

One way is by using EEREAP from Eye Digital security , but they arnt good at Microsoft addresses .

Second way could be by using msfpescan -f ......

Third way where I can get old exploits and copy and paste their jmp addresses.


Now coming back to the second way , which attracts me the most , I would say that msf requires a DLL for that purpose . In one case I can copy and paste a kernal32.dll or user32.dll from a windows xp sp2 eng. box to it and then take out its jmp addresses. but if the case is not the same and the victim machine has to be a french version or a german version , or its xp sp1 , it wont be easy to get a dll . the only option which comes to my mind is that I will have to install a simillar operating system in my vmware and then get the dll and then get the jmp register . this sounds prety crazy . If there is a Linux victim and then I would need those DLLs . Is there a way where I can get a bunch of DLLs ( i mean from a website or so ) .


Is there someother way to find out the jmp esp/eax etc values of different operating systems ??

There are couple of sites providing DLL for free if you google up . I did downloaded them and put it in msf directory and did a msfpescan -f but it shows nothing , smillar is the case when i copied the same dll from my windows xp vm and it gave no result . I think there could be a problem with msf and bt3 vm image . I will download bt vm4 and update what happens next on that ...


can you try the msfpescan -f command and let me know whats ur results