X86RetSpoof
Invoke functions with a spoofed return address. For 32-bit Windows binaries. Supports __fastcall, __thiscall, __stdcall and __cdecl calling conventions. Written in C++17.
Install / Use
/learn @danielkrupinski/X86RetSpoofREADME
x86RetSpoof 
Invoke functions with a spoofed return address. For 32-bit Windows binaries.
How to use
- Include x86RetSpoof.h in your project.
- Find
FF 23byte sequence (gadget, machine code equivalent ofjmp dword ptr [ebx]) in the executable code section of the module you want the spoofed return address to appear in. The address of it will be thegadgetAddressand the invoked function will see it as the return address. - Call the function with
x86RetSpoof::invoke...()matching the calling convention of the target function.
Example
Calling MessageBoxW function:
x86RetSpoof::invokeStdcall<int>(std::uintptr_t(&MessageBoxW), std::uintptr_t(gadgetAddress), nullptr, L"text", L"title", MB_OK);
Related Skills
openhue
349.7kControl Philips Hue lights and scenes via the OpenHue CLI.
sag
349.7kElevenLabs text-to-speech with mac-style say UX.
weather
349.7kGet current weather and forecasts via wttr.in or Open-Meteo
casdoor
13.3kAn open-source AI-first Identity and Access Management (IAM) /AI MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
