Fixes #457. Oddly enough, it was the nop sled garbling registers

git-svn-id: file:///home/svn/framework3/trunk@7342 4d416f70-5f16-0410-b530-b9f4589650da
2009-11-03 23:50:32 +00:00 · 2009-11-03 23:50:32 +00:00 · 58ac7efcfa
parent bcc8d5d8ca
commit 58ac7efcfa
2 changed files with 5 additions and 3 deletions
--- a/data/templates/template.exe
+++ b/data/templates/template.exe
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@ -146,7 +146,6 @@ require 'rex/pescan'
 		entry = generate_nops(framework, [ARCH_X86], rand(200)+51)

 		# Pick an offset to store the new entry point
-		eloc = 0
 		if(eloc == 0) # place the entry point before the payload
 			poff += 256
 			eidx = rand(poff-(entry.length + 5))
@ -475,12 +474,15 @@ require 'rex/pescan'
 		nil
 	end

-	def self.generate_nops(framework, arch, len)
+	def self.generate_nops(framework, arch, len, opts={})
+		opts['BadChars'] ||= ''
+		opts['SaveRegisters'] ||= [ 'esp', 'ebp', 'esi', 'edi' ]
+
 		return code if not framework.nops
 		framework.nops.each_module_ranked('Arch' => arch) do |name, mod|
 			begin
 				nop = framework.nops.create(name)
-				raw = nop.generate_sled(len, '')
+				raw = nop.generate_sled(len, opts)
 				return raw if raw
 			rescue
 			end