Buffer Overflow EIP Offset String Generator

This tool is used to find/calculate the offset in an exploit string where your address to overwrite EIP should be. This is the same as the Metasploit, pvefindaddr, and Mona scripts: pattern_create and pattern_offset.

Step 1


Step 2

EIP Value:


First Set
Second Set
Third Set


After proving that a program is exploitable(typically with "AAAAA...", etc), use Step 1 to create a string where every set of 4 consecutive characters are unique. Use this string in place of the "AAAAA..." or such overflow string, and (using a debugger) copy the value of EIP (ex. "0x61433861") after it fails (segmentation fault, etc). Paste this 4-byte value into Step 2, and push the button to find the offset where the shellcode/NOP slide address should appear in the overflow string.

NOTE: If the "extended" string set, or a custom string set is used in Step 1, then the identical string set must be used in Step 2 to get the correct offset.

To Do This currently only supports printable-ascii characters, but I will be adding support for non-printable-ascii characters in the format \xNN as time allows. Could also use more error checking to prevent accidental mistakes.