Hey all, bghn> DIGRESSION: bghn> Dave Litchfield says you can call esp. I don't know Dave's bghn> relationships with his registers but this doesn't work if I want bghn> to get my eip on top of my shellcode. Always starts executing a bghn> memory address for me. Maybe if I took esp out to dinner more bghn> often then I could call it instead of having to jump on top of it. bghn> Dave, any suggestions for the wine list? bghn> END DIGRESSION. Problem here is Intel ignoring it's own standards. The standard says to first transfer control, then push the old EIP on the stack -- but Intel CPU's since Pentium have done it the other way around, first pushing EIP (and decreasing ESP), then setting EIP=ESP. Cheers, Thomas
