One way is by using EEREAP from Eye Digital security , but they arnt good at Microsoft addresses .
Second way could be by using msfpescan -f ......
Third way where I can get old exploits and copy and paste their jmp addresses.
Now coming back to the second way , which attracts me the most , I would say that msf requires a DLL for that purpose . In one case I can copy and paste a kernal32.dll or user32.dll from a windows xp sp2 eng. box to it and then take out its jmp addresses. but if the case is not the same and the victim machine has to be a french version or a german version , or its xp sp1 , it wont be easy to get a dll . the only option which comes to my mind is that I will have to install a simillar operating system in my vmware and then get the dll and then get the jmp register . this sounds prety crazy . If there is a Linux victim and then I would need those DLLs . Is there a way where I can get a bunch of DLLs ( i mean from a website or so ) .
Is there someother way to find out the jmp esp/eax etc values of different operating systems ??