Try prefixing a stub that clears some stack space -- many of the encoders assume eip != esp and run into trouble if thats the case. A nice add esp,-3500 (or the 'StackAdjustment' => -3500 line in the Payload info hash of the module) will solve this. -HD On Friday 18 May 2007 00:26, Whit wrote: > Any thoughts?