Enable rwx exec thread method to generate jump offset off end. (for multipayload)
git-svn-id: file:///home/svn/framework3/trunk@13056 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
a98602ed8d
commit
078d5d7790
|
@ -1358,7 +1358,7 @@ require 'digest/sha1'
|
|||
# starting the code in a new thread, and finally jumping back to the next
|
||||
# code to execute. block_offset is the offset of the next code from
|
||||
# the start of this code
|
||||
def self.win32_rwx_exec_thread(code, block_offset)
|
||||
def self.win32_rwx_exec_thread(code, block_offset, which_offset='start')
|
||||
|
||||
stub_block = %Q^
|
||||
; Input: The hash of the API to call and all its parameters must be pushed onto stack.
|
||||
|
@ -1576,7 +1576,13 @@ require 'digest/sha1'
|
|||
res = enc.data + code
|
||||
|
||||
res[off,4] = [code.length].pack('V')
|
||||
if which_offset == 'start'
|
||||
res[soff,4] = [block_offset - (soff + 4)].pack('V')
|
||||
elsif which_offset == 'end'
|
||||
res[soff,4] = [res.length - (soff + 4) + block_offset].pack('V')
|
||||
else
|
||||
raise RuntimeError, 'Blast! Msf::Util::EXE.rwx_exec_thread called with invalid offset!'
|
||||
end
|
||||
res
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue