Source: Python “Grey Hat”
After you have obtained EIP control, you have to transfer execution to your shellcode. Typically, you will have a register or an offset from a register that points to your shellcode, and it’s your job to find an instruction somewhere in the executable or one of its loaded modules that will transfer control to that address.
========
from immlib import *
def main(args):
imm = Debugger()
search_code = “”.join(args)
search_bytes = imm.Assemble( search_code)
search_results= imm.Search( search_bytes )
for hit in search_results:
# Retrieve the memory page where this hit exists
# and make sure it’s executable
code_page = imm.getMemoryPagebyAddress( hit )
access = code_page.getAccess( human = True )
if “execute” in access.lower():
imm.log( “[*] Found: %s (0x%08x)” % ( search_code, hit ),
address = hit )
return “[*] Finished searching for instructions, check the Log window.”
========
Reverse Engineering, Malware Deep Insight 