[framework] IIS 5.0 .printer exploit fix

[Rob]

Hey all,

I noticed that the IIS 5.0 .printer exploit was using the EBX register
and yet it was occasionally being used by the nops generator. That and
I figured changing the return address to something inside of ntdll
would also make it a little more reliable. Here's my fix:

#add this
       'Nop' =>
           {
                 'SaveRegs' => ['ebx'],
           },

#change return address
       'Targets' => [['Windows 2000 SP0/SP1', 0x77f8948b]],

    Cheers,
    Rob Palmer