#!/usr/bin/env python
"""
jc    : (Jmp/Call) return address finder for overflows
usage : !jc <reg>
ex    : !jc ESP
(C) 2007, Hessam Salehi (kernex)
    malcode.analyzer[@]gmail.com
"""

import immlib
DESC="""return address (JMP/CALL) finder for overflows"""
def usage(imm):
    imm.Log("usage : !jc <reg>")
    imm.Log("ex    : !jc ESP", focus=1)

def main(args):
    imm = immlib.Debugger()
    imm.Log("** !jc , Return address finder for overflows **")
    if not args:
        usage(imm)
        return "[-] Wrong Arguments  (ex : !jc ESP)"
    arg = args[0]
    cmd=["jmp %s" %arg, "call %s" %arg ,"push %s\nret" % arg, "push %s\nretn" % arg]
    for cm in cmd:
        res=imm.searchCommands(cm)
        for addy in res:
            imm.Log("found %s on %s" %(addy[1],addy[2]),addy[0])