Scribd Logo
Upload

Welcome to Scribd!

  • Findjmp

    Uploaded by

    Edna BV Damaceno
    128 views18 pages
    sdsad

    Original Title

    findjmp

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    sdsad

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    128 views18 pages

    Findjmp

    Uploaded by

    Edna BV Damaceno
    sdsad

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB

    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7C836A78
    call esp
    0x7C91FCD8
    jmp esp
    0x7C932BDE
    push esp - ret
    0x7C95D003
    call esp
    0x7C96A312
    pop esp - pop - retbis
    0x7C96C099
    push esp - ret
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the esp register
    Found 6 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning Secur32 for code useable with the edi register
    ---------------------------------------------------------------------------0x77F22366
    pop edi - pop - ret
    0x77F227B2
    call edi
    0x77F2283E
    pop edi - pop - retbis
    0x77F23245
    pop edi - pop - retbis
    0x77F239E4
    call edi
    0x77F239F0
    call edi
    0x77F241E9
    call edi
    0x77F24224
    call edi
    0x77F2425F
    call edi
    0x77F2429A
    call edi
    0x77F242DC
    call edi
    0x77F2430B
    call edi
    0x77F2433C
    call edi
    0x77F2436D
    call edi
    0x77F2439C
    call edi
    0x77F2440C
    call edi
    0x77F2444E
    call edi
    0x77F24663
    call edi
    0x77F246A9
    call edi
    0x77F248AB
    call edi
    0x77F248C6
    call edi
    0x77F24D5E
    call edi
    0x77F24E42
    call edi
    0x77F272F0
    call edi
    0x77F272F5
    call edi
    0x77F277BC
    call edi
    0x77F277D7
    call edi
    0x77F29C0C
    call edi
    0x77F29C25
    call edi
    0x77F2A00F
    pop edi - pop - retbis
    0x77F2B355
    call edi
    0x77F2B358
    call edi
    ---------------------------------------------------------------------------Finished Scanning Secur32 for code useable with the edi register
    Found 32 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning IMM32 for code useable with the edi register
    ---------------------------------------------------------------------------0x763629B3
    pop edi - pop - ret
    0x76362BED
    call edi
    0x76362BFE
    call edi
    0x763679AC
    call edi
    0x763679FB
    call edi
    0x76367BEE
    call edi
    0x76367C0E
    call edi
    0x76368863
    call edi
    0x7636886B
    call edi
    0x76369116
    call edi
    0x76369143
    call edi
    0x763691A5
    call edi
    0x76369297
    call edi
    0x7636949F
    call edi
    0x763695E8
    call edi
    0x763696B7
    call edi
    0x763696C7
    call edi
    0x7636A0D6
    call edi
    0x7636A286
    pop edi - pop - retbis
    0x7636A3AD
    call edi
    0x7636A3BB
    call edi
    0x7636A620
    call edi
    0x7636A62E
    call edi
    0x7636AA14
    call edi
    0x7636AA22
    call edi
    0x7636AC70
    call edi
    0x7636AC7E
    call edi
    0x7636AEF0
    call edi
    0x7636AEFA
    call edi
    0x7636AF25
    call edi
    0x7636AF67
    call edi
    0x7636B0E9
    call edi
    0x7636B131
    call edi
    0x7636B160
    call edi
    0x7636B171
    call edi
    0x7636B5AB
    call edi
    0x7636B5F0
    call edi
    0x7636B6DA
    call edi
    0x7636B6E5
    call edi
    0x7636BA52
    call edi
    0x7636BA75
    call edi
    0x7636BC87
    call edi
    0x7636BCE0
    call edi
    0x7636BE38
    call edi
    0x7636BE5B
    call edi
    0x7636BE69
    call edi
    0x7636BE79
    call edi
    0x7636BED4
    call edi
    0x7636BF39
    call edi
    0x7636BFF2
    pop edi - pop - retbis
    0x7636C570
    call edi
    0x7636C580
    call edi
    0x7636C70F
    call edi

    0x7636C754
    call edi
    0x7636CC12
    pop edi - pop - retbis
    0x7636CD9B
    pop edi - pop - retbis
    0x7636D22B
    call edi
    0x7636D274
    call edi
    0x7636DA8E
    call edi
    0x7636DAA9
    call edi
    0x7636DAB2
    call edi
    0x7636DAB9
    call edi
    0x7636DAC2
    call edi
    0x7636DACB
    pop edi - pop - retbis
    0x7636E71E
    call edi
    0x7636E736
    call edi
    0x7636ED98
    call edi
    0x7636EDAC
    call edi
    0x7636EDD0
    call edi
    0x7636EDE4
    call edi
    0x7636EE17
    call edi
    0x7636EE26
    call edi
    0x7636F77E
    call edi
    0x7636F815
    call edi
    0x7636F821
    call edi
    0x7636F855
    call edi
    0x76370B08
    call edi
    0x76371403
    call edi
    0x7637142A
    call edi
    0x7637143A
    call edi
    0x7637365E
    pop edi - pop - retbis
    0x76373F03
    pop edi - pop - ret
    ---------------------------------------------------------------------------Finished Scanning IMM32 for code useable with the edi register
    Found 82 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning user32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7E379353
    jmp esp
    0x7E3956F7
    jmp esp
    0x7E3A5AF7
    jmp esp
    0x7E3AB310
    jmp esp
    0x7E3CBAEB
    call esp
    0x7E3CCEFF
    call esp
    0x7E3CD5FB
    jmp esp
    0x7E3CD60B
    jmp esp
    0x7E3CD617
    jmp esp
    0x7E3D3AC8
    jmp esp
    0x7E3D4938
    jmp esp
    0x7E3D4A68
    jmp esp
    0x7E3D508C
    jmp esp
    0x7E3D6197
    jmp esp
    0x7E3D619F
    call esp
    0x7E3D625F
    jmp esp
    0x7E3D6504
    jmp esp
    0x7E3D650C
    jmp esp
    0x7E3D6510
    jmp esp

    0x7E3D6773
    0x7E3D67BF
    0x7E3D6924
    0x7E3D6928
    0x7E3D692C
    0x7E3D69BB
    0x7E3D69F0
    0x7E3D69F8
    0x7E3D6A7F
    0x7E3D6E2B
    0x7E3D6F43
    0x7E3D75EB
    0x7E3D7E8B
    0x7E3D818C
    0x7E3D81E8
    0x7E3D81F4
    0x7E3D8284
    0x7E3D83A0
    0x7E3D83A4
    0x7E3D83A8
    0x7E3D8927
    0x7E3D8C8F
    0x7E3D8CD7
    0x7E3D8D98
    0x7E3DC7DF
    0x7E3DC9FB
    0x7E3DCACB
    0x7E3DCB87
    0x7E3DEA6F
    0x7E3DF434
    0x7E3E02C4
    0x7E3E03F8
    0x7E3E1AF7
    0x7E3E1AFF
    0x7E3E1BBF
    0x7E3E1E64
    0x7E3E1E6C
    0x7E3E1E70
    0x7E3E211F
    0x7E3E2284
    0x7E3E2288
    0x7E3E228C
    0x7E3E2350
    0x7E3E2358
    0x7E3E28A3
    0x7E3E2F4B
    0x7E3E37EB
    0x7E3E38EF
    0x7E3E39C8
    0x7E3E3A44
    0x7E3E3A87
    0x7E3E3AC4
    0x7E3E3AC8
    0x7E3E3ACC
    0x7E3E3AF0
    0x7E3E3B4C
    0x7E3E3B93
    0x7E3E3C08
    0x7E3E3C78
    0x7E3E3C7C

    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    jmp esp
    call esp
    jmp esp
    jmp esp
    jmp esp

    0x7E3E3CFC
    jmp esp
    0x7E3E3D93
    jmp esp
    0x7E3E3E13
    jmp esp
    0x7E3E4167
    call esp
    0x7E3E4703
    jmp esp
    0x7E3E8803
    call esp
    0x7E3E9C17
    call esp
    0x7E3EA313
    jmp esp
    0x7E3EA323
    jmp esp
    0x7E3EA32F
    jmp esp
    ---------------------------------------------------------------------------Finished Scanning user32.dll for code useable with the esp register
    Found 89 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning user32.dll for code useable with the edi register
    ---------------------------------------------------------------------------0x7E3610A0
    jmp edi
    0x7E3610B1
    jmp edi
    0x7E369E2C
    pop edi - pop - retbis
    0x7E369E89
    pop edi - pop - retbis
    0x7E36C891
    call edi
    0x7E36C8AC
    call edi
    0x7E36E3EC
    call edi
    0x7E36F8ED
    pop edi - pop - retbis
    0x7E36FE66
    pop edi - pop - ret
    0x7E370D11
    call edi
    0x7E370D21
    call edi
    0x7E370D54
    call edi
    0x7E370D80
    call edi
    0x7E370DC4
    call edi
    0x7E37132B
    call edi
    0x7E371641
    call edi
    0x7E37164B
    call edi
    0x7E372457
    call edi
    0x7E372496
    call edi
    0x7E372602
    call edi
    0x7E37264B
    call edi
    0x7E372671
    call edi
    0x7E372E60
    call edi
    0x7E372E97
    call edi
    0x7E372EE3
    call edi
    0x7E373AA7
    pop edi - pop - retbis
    0x7E37512C
    call edi
    0x7E375156
    call edi
    0x7E37572C
    call edi
    0x7E375805
    call edi
    0x7E376735
    pop edi - pop - retbis
    0x7E377F04
    call edi
    0x7E378F98
    pop edi - pop - retbis
    0x7E379CD0
    pop edi - pop - retbis
    0x7E379F42
    pop edi - pop - retbis
    0x7E37A05F
    pop edi - pop - retbis
    0x7E37A0DB
    pop edi - pop - ret
    0x7E37A18E
    pop edi - pop - retbis

    0x7E37A8FC
    0x7E37DD92
    0x7E37DDC8
    0x7E37FB53
    0x7E381425
    0x7E38144B
    0x7E381888
    0x7E3818A0
    0x7E382F81
    0x7E38700A
    0x7E387066
    0x7E3875C8
    0x7E3875E9
    0x7E387790
    0x7E3877C8
    0x7E3877FC
    0x7E387F7C
    0x7E3883C2
    0x7E389EF6
    0x7E38C5D4
    0x7E38C63F
    0x7E38CF0E
    0x7E38DCCB
    0x7E38E1B3
    0x7E38E9CF
    0x7E38EA1A
    0x7E38EA90
    0x7E38F29B
    0x7E38F2CE
    0x7E391691
    0x7E3916BB
    0x7E392739
    0x7E3932E8
    0x7E3932F7
    0x7E393306
    0x7E393A0D
    0x7E393A21
    0x7E39522A
    0x7E39523C
    0x7E396CF5
    0x7E396D1F
    0x7E3994EA
    0x7E3994F7
    0x7E39962E
    0x7E399648
    0x7E39970F
    0x7E399719
    0x7E39986D
    0x7E399876
    0x7E39A6F0
    0x7E39ABA2
    0x7E39ACBD
    0x7E39BF4D
    0x7E39BF57
    0x7E39BFB1
    0x7E39BFBB
    0x7E39CE15
    0x7E39CE3E
    0x7E39CE75
    0x7E39DE73

    pop edi call edi


    call edi
    pop edi call edi
    call edi
    call edi
    call edi
    pop edi call edi
    call edi
    call edi
    call edi
    pop edi call edi
    call edi
    jmp edi
    call edi
    pop edi call edi
    call edi
    call edi
    pop edi call edi
    pop edi call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi

    pop - retbis
    pop - retbis

    pop - retbis

    pop - retbis

    pop - retbis

    pop - retbis
    pop - retbis

    0x7E39DE7D
    0x7E39E3A6
    0x7E39E3C7
    0x7E39F15E
    0x7E3A2148
    0x7E3A21B5
    0x7E3A2F98
    0x7E3A2FD9
    0x7E3A36B3
    0x7E3A36C1
    0x7E3A3A70
    0x7E3A3A86
    0x7E3A3B01
    0x7E3A3B5F
    0x7E3A3BB5
    0x7E3A3BFD
    0x7E3A4045
    0x7E3A4050
    0x7E3A4C0E
    0x7E3A4C17
    0x7E3A4DF0
    0x7E3A4DF9
    0x7E3A4FB2
    0x7E3A4FBB
    0x7E3A5159
    0x7E3A5162
    0x7E3A547F
    0x7E3A54D8
    0x7E3A5A42
    0x7E3A5AA1
    0x7E3A5E66
    0x7E3A5E8F
    0x7E3A680E
    0x7E3A702A
    0x7E3A7034
    0x7E3AAE56
    0x7E3AB21F
    0x7E3AB237
    0x7E3AB3C7
    0x7E3AB3E7
    0x7E3AB503
    0x7E3AB51C
    0x7E3AB6DE
    0x7E3AB70B
    0x7E3AB759
    0x7E3AB957
    0x7E3ABB9C
    0x7E3ABBA8
    0x7E3ADAA7
    0x7E3B0944
    0x7E3B0949
    0x7E3B094E
    0x7E3B0953
    0x7E3B099E
    0x7E3B0B06
    0x7E3B0B10
    0x7E3B0B98
    0x7E3B0B9F
    0x7E3B13F6
    0x7E3B1490

    call edi
    call edi
    call edi
    pop edi call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    pop edi call edi
    call edi
    jmp edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    pop edi call edi
    call edi
    pop edi call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi

    pop - retbis

    pop - ret

    pop - retbis
    pop - retbis

    0x7E3B171E
    0x7E3B1738
    0x7E3B1754
    0x7E3B1759
    0x7E3B1988
    0x7E3B19BC
    0x7E3B19C7
    0x7E3B19D2
    0x7E3B3FE3
    0x7E3B5A11
    0x7E3B5A1A
    0x7E3B5A1F
    0x7E3B5B01
    0x7E3B5B0A
    0x7E3B5BDD
    0x7E3B5BEE
    0x7E3B627E
    0x7E3B62BC
    0x7E3B6305
    0x7E3B664E
    0x7E3B665F
    0x7E3B819E
    0x7E3B81C4
    0x7E3B81F1
    0x7E3B81FB
    0x7E3B839F
    0x7E3B8DCE
    0x7E3B8E7A
    0x7E3B98D2
    0x7E3B9A9E
    0x7E3B9AA7
    0x7E3B9EE6
    0x7E3B9EF7
    0x7E3BA80F
    0x7E3BA846
    0x7E3C51EF
    0x7E3C531B
    0x7E3CBC73
    0x7E3CBC77
    0x7E3CBC9F
    0x7E3CBCA3
    0x7E3CBCA7
    0x7E3CBCAB
    0x7E3CBCAF
    0x7E3CBCB3
    0x7E3CBCB7
    0x7E3CBCBB
    0x7E3CBCBF
    0x7E3CBCC3
    0x7E3CBCC7
    0x7E3CBCCB
    0x7E3CBCCF
    0x7E3CBCD3
    0x7E3CBCD7
    0x7E3CBD13
    0x7E3CCAFF
    0x7E3CCE7F
    0x7E3CD623
    0x7E3CDA9E
    0x7E3D368D

    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    pop edi - pop - retbis
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    pop edi - pop - retbis
    call edi
    call edi
    pop edi - pop - retbis
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    jmp edi
    jmp edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi

    0x7E3D3BAC
    0x7E3D4954
    0x7E3D4A6C
    0x7E3D5130
    0x7E3D51B0
    0x7E3D5C3B
    0x7E3D5FEF
    0x7E3D60CB
    0x7E3D61FF
    0x7E3D6437
    0x7E3D65AB
    0x7E3D667C
    0x7E3D6680
    0x7E3D672B
    0x7E3D6750
    0x7E3D6758
    0x7E3D6820
    0x7E3D6824
    0x7E3D6828
    0x7E3D682C
    0x7E3D687B
    0x7E3D68A7
    0x7E3D6943
    0x7E3D69C4
    0x7E3D69C8
    0x7E3D69CC
    0x7E3D69D4
    0x7E3D6A90
    0x7E3D6A94
    0x7E3D6A98
    0x7E3D6A9C
    0x7E3D6AA0
    0x7E3D6AA4
    0x7E3D6AB8
    0x7E3D6B6C
    0x7E3D6B70
    0x7E3D6C07
    0x7E3D6CC7
    0x7E3D6CFF
    0x7E3D6D07
    0x7E3D6E23
    0x7E3D6F67
    0x7E3D6FFF
    0x7E3D70BF
    0x7E3D726F
    0x7E3D7473
    0x7E3D7EFF
    0x7E3D7FE3
    0x7E3D80A3
    0x7E3D8174
    0x7E3D81D8
    0x7E3D822F
    0x7E3D824B
    0x7E3D825C
    0x7E3D8260
    0x7E3D8264
    0x7E3D8268
    0x7E3D82F4
    0x7E3D8407
    0x7E3D8414

    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    call edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    call edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi

    0x7E3D8418
    0x7E3D841C
    0x7E3D8420
    0x7E3D84A8
    0x7E3D8533
    0x7E3D8C8C
    0x7E3D8D94
    0x7E3DDD47
    0x7E3DE97F
    0x7E3DEEC5
    0x7E3DF450
    0x7E3DF510
    0x7E3E01E8
    0x7E3E038C
    0x7E3E086D
    0x7E3E0A3C
    0x7E3E0AA8
    0x7E3E0AD8
    0x7E3E159B
    0x7E3E194F
    0x7E3E1A2B
    0x7E3E1B5F
    0x7E3E1C5B
    0x7E3E1D97
    0x7E3E1F0B
    0x7E3E1FDC
    0x7E3E1FE0
    0x7E3E208B
    0x7E3E20B0
    0x7E3E20B8
    0x7E3E2180
    0x7E3E2184
    0x7E3E21DB
    0x7E3E2207
    0x7E3E22A3
    0x7E3E2324
    0x7E3E2328
    0x7E3E232C
    0x7E3E2334
    0x7E3E23F0
    0x7E3E23F4
    0x7E3E23F8
    0x7E3E23FC
    0x7E3E2400
    0x7E3E2404
    0x7E3E2418
    0x7E3E24CC
    0x7E3E24D0
    0x7E3E265F
    0x7E3E2667
    0x7E3E28C7
    0x7E3E295F
    0x7E3E2A1F
    0x7E3E2BCF
    0x7E3E2DD3
    0x7E3E2FCF
    0x7E3E36EB
    0x7E3E385F
    0x7E3E38E4
    0x7E3E38F3

    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    call edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    jmp edi
    call edi
    jmp edi
    jmp edi
    call edi

    0x7E3E39F4
    jmp edi
    0x7E3E3A40
    jmp edi
    0x7E3E3B8B
    jmp edi
    0x7E3E3B8F
    call edi
    0x7E3E3BC8
    jmp edi
    0x7E3E3BCC
    jmp edi
    0x7E3E3C48
    jmp edi
    0x7E3E3C70
    jmp edi
    0x7E3E3CF4
    jmp edi
    0x7E3E3D84
    jmp edi
    0x7E3E3D88
    jmp edi
    0x7E3E3E08
    jmp edi
    0x7E3E3E17
    jmp edi
    0x7E3E3F17
    jmp edi
    0x7E3E45DF
    jmp edi
    0x7E3E4634
    jmp edi
    0x7E3E463B
    call edi
    0x7E3E4678
    jmp edi
    0x7E3E469C
    jmp edi
    0x7E3E46B4
    jmp edi
    0x7E3E4863
    call edi
    0x7E3E898B
    call edi
    0x7E3E898F
    call edi
    0x7E3E89B7
    call edi
    0x7E3E89BB
    call edi
    0x7E3E89BF
    call edi
    0x7E3E89C3
    call edi
    0x7E3E89C7
    call edi
    0x7E3E89CB
    call edi
    0x7E3E89CF
    call edi
    0x7E3E89D3
    call edi
    0x7E3E89D7
    call edi
    0x7E3E89DB
    call edi
    0x7E3E89DF
    call edi
    0x7E3E89E3
    call edi
    0x7E3E89E7
    call edi
    0x7E3E89EB
    call edi
    0x7E3E89EF
    call edi
    0x7E3E8A2B
    call edi
    0x7E3E9817
    call edi
    0x7E3E9B97
    jmp edi
    0x7E3EA33B
    jmp edi
    ---------------------------------------------------------------------------Finished Scanning user32.dll for code useable with the edi register
    Found 380 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7C836A78
    call esp
    0x7C91FCD8
    jmp esp
    0x7C932BDE
    push esp - ret
    0x7C95D003
    call esp
    0x7C96A312
    pop esp - pop - retbis
    0x7C96C099
    push esp - ret

    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the esp register
    Found 6 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the eax register
    ---------------------------------------------------------------------------0x7C817F0D
    call eax
    0x7C81ED99
    pop eax - pop - retbis
    0x7C8209D0
    pop eax - pop - retbis
    0x7C837B46
    call eax
    0x7C839A2F
    push eax - ret
    0x7C839BA7
    call eax
    0x7C839BEF
    call eax
    0x7C839DF7
    pop eax - pop - ret
    0x7C83AC6C
    call eax
    0x7C83AF51
    call eax
    0x7C83B65F
    call eax
    0x7C83B6C7
    call eax
    0x7C83B6D3
    call eax
    0x7C83B6E8
    call eax
    0x7C83C152
    call eax
    0x7C83C3A2
    call eax
    0x7C83CE9D
    call eax
    0x7C83CF33
    call eax
    0x7C83D760
    call eax
    0x7C83D789
    call eax
    0x7C83F3FB
    call eax
    0x7C83F5BB
    call eax
    0x7C840535
    call eax
    0x7C8405C5
    call eax
    0x7C8414FE
    call eax
    0x7C841963
    call eax
    0x7C841E86
    call eax
    0x7C8442BF
    call eax
    0x7C8442FB
    call eax
    0x7C84433B
    call eax
    0x7C844377
    call eax
    0x7C8443B7
    call eax
    0x7C84452D
    call eax
    0x7C8449BA
    call eax
    0x7C844A5C
    call eax
    0x7C844B9B
    call eax
    0x7C84C40C
    call eax
    0x7C84C5DB
    call eax
    0x7C858135
    call eax
    0x7C858796
    call eax
    0x7C85886C
    call eax
    0x7C859182
    jmp eax
    0x7C85E4B1
    call eax
    0x7C85F084
    jmp eax
    0x7C86103B
    jmp eax
    0x7C862BE3
    pop eax - pop - retbis
    0x7C8632DE
    call eax
    0x7C8634C7
    call eax

    0x7C868646
    0x7C868812
    0x7C8689E2
    0x7C8740D7
    0x7C88018B
    0x7C880A02
    0x7C880FCB
    0x7C8812B9
    0x7C8812D4
    0x7C8812EF
    0x7C88130A
    0x7C881325
    0x7C88136C
    0x7C881388
    0x7C8813A3
    0x7C8813FD
    0x7C881423
    0x7C881644
    0x7C88165F
    0x7C881684
    0x7C88169F
    0x7C90160B
    0x7C901633
    0x7C90E455
    0x7C90E97F
    0x7C90E9C7
    0x7C913B06
    0x7C914988
    0x7C9162CC
    0x7C91730A
    0x7C917C36
    0x7C91D2B2
    0x7C91FC01
    0x7C9225F6
    0x7C923099
    0x7C939418
    0x7C939491
    0x7C9422BC
    0x7C944306
    0x7C956667
    0x7C9572D8
    0x7C957311
    0x7C95732C
    0x7C9573AC
    0x7C9573E5
    0x7C957400
    0x7C9574F4
    0x7C95834C
    0x7C958645
    0x7C95A197
    0x7C95A22C
    0x7C95A2C4
    0x7C96A1AC
    0x7C96A1D4
    0x7C96BE0B
    0x7C96D10B
    0x7C973962
    0x7C973BC5
    0x7C974E2C
    0x7C977B66

    call eax
    call eax
    call eax
    call eax
    pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop pop eax - pop push eax - ret
    push eax - ret
    call eax
    call eax
    call eax
    pop eax - pop pop eax - pop call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    jmp eax
    jmp eax
    call eax
    jmp eax
    jmp eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    call eax
    pop eax - pop pop eax - pop call eax
    call eax
    pop eax - pop pop eax - pop pop eax - pop call eax

    ret
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis

    retbis
    retbis

    retbis
    retbis
    ret
    ret
    ret

    0x7C9782C3
    call eax
    0x7C9792DF
    jmp eax
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the eax register
    Found 110 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7C836A78
    call esp
    0x7C91FCD8
    jmp esp
    0x7C932BDE
    push esp - ret
    0x7C95D003
    call esp
    0x7C96A312
    pop esp - pop - retbis
    0x7C96C099
    push esp - ret
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the esp register
    Found 6 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the EAX register
    ---------------------------------------------------------------------------0x7C817F0D
    call EAX
    0x7C81ED99
    pop EAX - pop - retbis
    0x7C8209D0
    pop EAX - pop - retbis
    0x7C837B46
    call EAX
    0x7C839A2F
    push EAX - ret
    0x7C839BA7
    call EAX
    0x7C839BEF
    call EAX
    0x7C839DF7
    pop EAX - pop - ret
    0x7C83AC6C
    call EAX
    0x7C83AF51
    call EAX
    0x7C83B65F
    call EAX
    0x7C83B6C7
    call EAX
    0x7C83B6D3
    call EAX
    0x7C83B6E8
    call EAX
    0x7C83C152
    call EAX
    0x7C83C3A2
    call EAX
    0x7C83CE9D
    call EAX
    0x7C83CF33
    call EAX
    0x7C83D760
    call EAX
    0x7C83D789
    call EAX
    0x7C83F3FB
    call EAX
    0x7C83F5BB
    call EAX
    0x7C840535
    call EAX
    0x7C8405C5
    call EAX
    0x7C8414FE
    call EAX
    0x7C841963
    call EAX
    0x7C841E86
    call EAX
    0x7C8442BF
    call EAX

    0x7C8442FB
    0x7C84433B
    0x7C844377
    0x7C8443B7
    0x7C84452D
    0x7C8449BA
    0x7C844A5C
    0x7C844B9B
    0x7C84C40C
    0x7C84C5DB
    0x7C858135
    0x7C858796
    0x7C85886C
    0x7C859182
    0x7C85E4B1
    0x7C85F084
    0x7C86103B
    0x7C862BE3
    0x7C8632DE
    0x7C8634C7
    0x7C868646
    0x7C868812
    0x7C8689E2
    0x7C8740D7
    0x7C88018B
    0x7C880A02
    0x7C880FCB
    0x7C8812B9
    0x7C8812D4
    0x7C8812EF
    0x7C88130A
    0x7C881325
    0x7C88136C
    0x7C881388
    0x7C8813A3
    0x7C8813FD
    0x7C881423
    0x7C881644
    0x7C88165F
    0x7C881684
    0x7C88169F
    0x7C90160B
    0x7C901633
    0x7C90E455
    0x7C90E97F
    0x7C90E9C7
    0x7C913B06
    0x7C914988
    0x7C9162CC
    0x7C91730A
    0x7C917C36
    0x7C91D2B2
    0x7C91FC01
    0x7C9225F6
    0x7C923099
    0x7C939418
    0x7C939491
    0x7C9422BC
    0x7C944306
    0x7C956667

    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    jmp EAX
    call EAX
    jmp EAX
    jmp EAX
    pop EAX - pop call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop pop EAX - pop push EAX - ret
    push EAX - ret
    call EAX
    call EAX
    call EAX
    pop EAX - pop pop EAX - pop call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX
    call EAX

    retbis

    ret
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis
    retbis

    retbis
    retbis

    0x7C9572D8
    jmp EAX
    0x7C957311
    jmp EAX
    0x7C95732C
    call EAX
    0x7C9573AC
    jmp EAX
    0x7C9573E5
    jmp EAX
    0x7C957400
    call EAX
    0x7C9574F4
    call EAX
    0x7C95834C
    call EAX
    0x7C958645
    call EAX
    0x7C95A197
    call EAX
    0x7C95A22C
    call EAX
    0x7C95A2C4
    call EAX
    0x7C96A1AC
    pop EAX - pop - retbis
    0x7C96A1D4
    pop EAX - pop - retbis
    0x7C96BE0B
    call EAX
    0x7C96D10B
    call EAX
    0x7C973962
    pop EAX - pop - ret
    0x7C973BC5
    pop EAX - pop - ret
    0x7C974E2C
    pop EAX - pop - ret
    0x7C977B66
    call EAX
    0x7C9782C3
    call EAX
    0x7C9792DF
    jmp EAX
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the EAX register
    Found 110 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7C836A78
    call esp
    0x7C91FCD8
    jmp esp
    0x7C932BDE
    push esp - ret
    0x7C95D003
    call esp
    0x7C96A312
    pop esp - pop - retbis
    0x7C96C099
    push esp - ret
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the esp register
    Found 6 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning kernel32.dll for code useable with the esp register
    ---------------------------------------------------------------------------0x7C836A78
    call esp
    0x7C91FCD8
    jmp esp
    0x7C932BDE
    push esp - ret
    0x7C95D003
    call esp
    0x7C96A312
    pop esp - pop - retbis
    0x7C96C099
    push esp - ret
    ---------------------------------------------------------------------------Finished Scanning kernel32.dll for code useable with the esp register

    Found 6 usable addresses


    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning zlib1.dll for code useable with the ESP register
    ------------------------------------------------------------------------------------------------------------------------------------------------------Finished Scanning zlib1.dll for code useable with the ESP register
    Found 0 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning zlib1.dll for code useable with the EAX register
    ---------------------------------------------------------------------------0x100036DF
    pop EAX - pop - ret
    0x100055AC
    call EAX
    0x100075F8
    call EAX
    0x10009773
    push EAX - ret
    0x1000979B
    push EAX - ret
    0x10009881
    call EAX
    0x100098DD
    call EAX
    ---------------------------------------------------------------------------Finished Scanning zlib1.dll for code useable with the EAX register
    Found 7 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning zlib1.dll for code useable with the EDI register
    ---------------------------------------------------------------------------0x10003523
    pop EDI - pop - ret
    0x100037ED
    call EDI
    0x1000384B
    call EDI
    0x10003858
    call EDI
    0x10003865
    call EDI
    0x1000386B
    call EDI
    0x10003919
    call EDI
    0x10003BFD
    pop EDI - pop - ret
    0x10003CA5
    pop EDI - pop - ret
    0x1000435D
    pop EDI - pop - ret
    0x100044F7
    pop EDI - pop - ret
    0x10004546
    pop EDI - pop - ret
    0x100045DA
    pop EDI - pop - ret
    0x1000A369
    call EDI
    ---------------------------------------------------------------------------Finished Scanning zlib1.dll for code useable with the EDI register
    Found 14 usable addresses
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------Findjmp, Eeye, I2S-LaB


    Findjmp2, Hat-Squad
    Scanning zlib1.dll for code useable with the ESI register
    ---------------------------------------------------------------------------0x10003B3C
    pop ESI - pop - ret
    0x10003B46
    pop ESI - pop - ret
    0x100041C9
    call ESI
    0x10005B47
    pop ESI - pop - ret
    0x10008E1F
    pop ESI - pop - ret
    0x10009927
    pop ESI - pop - ret
    ---------------------------------------------------------------------------Finished Scanning zlib1.dll for code useable with the ESI register
    Found 6 usable addresses
    ----------------------------------------------------------------------------

    You might also like