Comment on page
Find Instructions & Gadgets
You can either use mona or windbg script (or ropper/ropgadget if you want to do it outside windbg). The following looks for pop pop ret gadgets for SEH overwrites:
.block
{
.for (r $t0 = 0x58; $t0 < 0x5F; r $t0 = $t0 + 0x01)
{
.for (r $t1 = 0x58; $t1 < 0x5F; r $t1 = $t1 + 0x01)
{
s-[1]b startAddr endAddr $t0 $t1 c3
}
}
}
Load via: `$><path`
Last modified 9mo ago