[framework] Egghunter

[Krpata, Tyler]

Hi all,

Hope I'm not spamming the list too much with questions... I'm trying to
figure out how to properly use the Egghunter class. It looks like
generate_egghunter returns 2 items, the "tag" used to identify the
actual payload, and the code that does the hunting. As far as I can
tell, the steps are: 
1. prepend the tag to my encoded payload
2. send the tag+encoded payload to target's memory
3. send the egghunter code to be executed 
4. egghunter code searches process address space for tag
5. if found, encoded payload is executed

I think I must be missing something, because the egghunter code seems to
be entering an infinite loop where it never finds the tag or payload,
even though I can verify that both are in memory.

Any suggestions?

Thanks,
Tyler