Fixes #457. Oddly enough, it was the nop sled garbling registers
git-svn-id: file:///home/svn/framework3/trunk@7342 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
bcc8d5d8ca
commit
58ac7efcfa
Binary file not shown.
|
@ -146,7 +146,6 @@ require 'rex/pescan'
|
||||||
entry = generate_nops(framework, [ARCH_X86], rand(200)+51)
|
entry = generate_nops(framework, [ARCH_X86], rand(200)+51)
|
||||||
|
|
||||||
# Pick an offset to store the new entry point
|
# Pick an offset to store the new entry point
|
||||||
eloc = 0
|
|
||||||
if(eloc == 0) # place the entry point before the payload
|
if(eloc == 0) # place the entry point before the payload
|
||||||
poff += 256
|
poff += 256
|
||||||
eidx = rand(poff-(entry.length + 5))
|
eidx = rand(poff-(entry.length + 5))
|
||||||
|
@ -475,12 +474,15 @@ require 'rex/pescan'
|
||||||
nil
|
nil
|
||||||
end
|
end
|
||||||
|
|
||||||
def self.generate_nops(framework, arch, len)
|
def self.generate_nops(framework, arch, len, opts={})
|
||||||
|
opts['BadChars'] ||= ''
|
||||||
|
opts['SaveRegisters'] ||= [ 'esp', 'ebp', 'esi', 'edi' ]
|
||||||
|
|
||||||
return code if not framework.nops
|
return code if not framework.nops
|
||||||
framework.nops.each_module_ranked('Arch' => arch) do |name, mod|
|
framework.nops.each_module_ranked('Arch' => arch) do |name, mod|
|
||||||
begin
|
begin
|
||||||
nop = framework.nops.create(name)
|
nop = framework.nops.create(name)
|
||||||
raw = nop.generate_sled(len, '')
|
raw = nop.generate_sled(len, opts)
|
||||||
return raw if raw
|
return raw if raw
|
||||||
rescue
|
rescue
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue