add egg override param for egghunter

git-svn-id: file:///home/svn/framework3/trunk@10098 4d416f70-5f16-0410-b530-b9f4589650da

lib/msf/core/exploit/egghunter.rb

@@ -22,7 +22,7 @@ module Exploit::Egghunter
 	# Generates an egghunter stub based on the current target's architecture
 	# and operating system.
 	#
-	def generate_egghunter
+	def generate_egghunter(marker = nil)
 		# Prefer the target's platform/architecture information, but use
 		# the module's if no target specific information exists
 		los   = target_platform
@@ -39,7 +39,7 @@ module Exploit::Egghunter
 		end
 		
 		egg   = Rex::Exploitation::Egghunter.new(los, larch)
-		bunny = egg.generate(payload_badchars)
+		bunny = egg.generate(payload_badchars, marker)
 		
 		if (bunny.nil?)
 			print_error("The egghunter could not be generated")
@@ -51,4 +51,4 @@ module Exploit::Egghunter
 
 end
 
-end
+end

lib/rex/exploitation/egghunter.rb

@@ -115,13 +115,17 @@ class Egghunter
 	#
 	# This method generates an egghunter using the derived hunter stub.
 	#
-	def generate(badchars = '')
+	def generate(badchars = '', marker = nil)
 		return nil if ((opts = hunter_stub) == nil)
 
 		stub  = opts['Stub'].dup
 		esize = opts['EggSize']
 		eoff  = opts['EggOffset']
-		egg   = Rex::Text.rand_text(esize, badchars)
+
+		egg   = marker
+		# NOTE: there is no guarentee this wont exist in memory, even when doubled
+		egg ||= Rex::Text.rand_text(esize, badchars)
+		raise RuntimeError, "Invalid egg string! Need #{esize~p} bytes." if egg.length != esize
 
 		stub[eoff, esize] = egg
 
@@ -140,4 +144,4 @@ protected
 end
 
 end
-end
+end