I am working on an SEH exploit. the problem I am facing here that all POP/POP/RETN addresses end with null bytes, so everything placed after it gets corrupted.
Is it possible to use Metasploit Msfencode to encode the address of the POP/POP/RETN instructions its self to get over the problem of the null byte ?
The exploit structure is: (300 bytes of junk + nseh + seh + 3000 bytes of junk)