From 5f35f33cd10e77d791fdf5a8061b812a2453c06d Mon Sep 17 00:00:00 2001
From: Stephen Fewer <stephen_fewer@harmonysecurity.com>
Date: Fri, 26 Feb 2010 14:27:13 +0000
Subject: [PATCH] Forgot the updated build.py, also add in a link to a blog
 post I wrote for this shellcode.

git-svn-id: file:///home/svn/framework3/trunk@8657 4d416f70-5f16-0410-b530-b9f4589650da
---
 external/source/shellcode/windows/x86/build.py               | 3 +++
 .../windows/x86/src/kernel/stager_sysenter_hook.asm          | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/external/source/shellcode/windows/x86/build.py b/external/source/shellcode/windows/x86/build.py
index ad8ef97384..4380f4b382 100644
--- a/external/source/shellcode/windows/x86/build.py
+++ b/external/source/shellcode/windows/x86/build.py
@@ -104,6 +104,9 @@ def main( argv=None ):
         for root, dirs, files in os.walk( "./src/stager/" ):
           for name in files:
             build( name[:-4] )
+        for root, dirs, files in os.walk( "./src/kernel/" ):
+          for name in files:
+            build( name[:-4] )
       else:
         build( argv[1] )
   except Exception, e:
diff --git a/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm b/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm
index 49122edc2a..ad4e7957ca 100644
--- a/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm
+++ b/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm
@@ -3,8 +3,13 @@
 ; Compatible: Windows 7, 2008, Vista (Possibly 2003, XP)
 ; Size: 202 bytes
 ; Build: >build.py stager_sysenter_hook
+;
 ; Recommended Reading: Kernel-mode Payloads on Windows, 2005, bugcheck & skape.
 ;                      http://www.uninformed.org/?v=3&a=4&t=sumry
+;
+; Description of the implementation of this stager_sysenter_hook shellcode:
+;     http://www.harmonysecurity.com/blog/2009/11/implementing-win32-kernel-shellcode.html
+;
 ;-----------------------------------------------------------------------------;
 [bits 32]
 [org 0]