I'm pretty new to developing exploits and I'm trying the awbo exercises, which can be found at snort.org/vrt/tools/awbo.html ... I've successfully triggered the vulnerability (on the first exercise), which is a SEH overflow...

At my current level of knowledge I'm stuck on 3 points:

1 - The payload I need to jump to is before the SEH overflow
2 - The opcodes to a JUMP SHORT do not work (bad chars I believe...), another problem is that I need to jump over 128 bytes before, so a SHORT won't work
3 - Required opcodes to decode the payload seem to be blocked (x86/alpha_upper), I've also tested the x86/alpha_mixed...

Is there any tool which generates a list of opcodes that I may insert as a payload and analise what are the bad chars?
What about the other issues I've mentioned?

Any help is appreciated! Thank you.