Too early in the morning for me, ignore the "jmb [ebx+4]" calls, they won't actually work. -HD On Wednesday 04 April 2007 08:41, H D Moore wrote: > $ msf3/tools/nasm_shell.rb > nasm > jmp [ebx+4] > 00000000 FF6304 jmp near [ebx+0x4]