Topic created on: August 11, 2007 08:57 CDT by Faithless .
Findtrampoline.py is a simple Immunity Debugger 'PyCommand' script. It finds a suitable trampoline to the chosen register. These could be suitable addresses to use in overwriting the saved return address, when exploiting a classic stack overflow.
This is similar functionality to eEye's findjmp and Metasploit's msfpescan tools.
Install by copying this file into the PyCommands\ folder, and from within the running debugger issue the !findtrampoline <register> command. It will search for the basic jmp, call and push/ret combinations to direct execution into a register which points to our shellcode.