infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add support for heap-only search in regular egghunter

bug/bundler_fix
sgabe 2015-01-13 21:31:13 +01:00
parent ac4eb3bb90
commit 95eab85df4
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/rex/exploitation/egghunter.rb
View File

@ -23,6 +23,7 @@ module Exploitation
# Startreg code added by corelanc0d3r
# Added routine to disable DEP for discovered egg (for win, added by corelanc0d3r)
# Added support for searchforward option (true or false)
# Added support for heap-only search option (true or false)
#
###
class Egghunter
@ -58,6 +59,11 @@ class Egghunter
else
startstub = "\n\tjmp next_addr"
end
# search only in heap?
elsif opts[:heaponly]
startstub = "\n\tpush 0x30\n\tpop edx\n\tmov edx,fs:[edx]"
startstub << "\n\tadd dl,0x90\n\tmov edx,[edx]"
startstub << "\n\tmov edx,[edx]\n\tjmp next_addr"
end
startstub << "\n\t" if startstub.length > 0