Module: Msf::Payload::Windows::SendUUID_x64

Included in:

BindNamedPipe_x64, BindTcp_x64, ReverseNamedPipe_x64, ReverseTcp_x64

Defined in:

lib/msf/core/payload/windows/x64/send_uuid_x64.rb

Overview

Basic send_uuid stub for Windows ARCH_X64 payloads

Instance Method Summary

• #asm_send_uuid(uuid = nil) ⇒ Object

  Generate assembly code that writes the UUID to the socket.

• #uuid_required_size ⇒ Object

Instance Method Details

#asm_send_uuid(uuid = nil) ⇒ Object

Generate assembly code that writes the UUID to the socket.

This code assumes that the block API pointer is in rbp, and the communications socket handle is in rdi.

# File 'lib/msf/core/payload/windows/x64/send_uuid_x64.rb', line 19

def asm_send_uuid(uuid=nil)
  uuid ||= generate_payload_uuid
  uuid_raw = uuid.to_raw

  asm =%Q^
    send_uuid:
      xor r9, r9              ; flags
      push #{uuid_raw.length} ; length of the UUID
      pop r8
      call get_uuid_address  ; put uuid buffer on the stack
      db #{raw_to_db(uuid_raw)}  ; UUID
    get_uuid_address:
      pop rdx                ; UUID address
      mov rcx, rdi           ; Socket handle
      mov r10, #{Rex::Text.block_api_hash('ws2_32.dll', 'send')}
      call rbp               ; call send
  ^

  asm
end

#uuid_required_size ⇒ Object

# File 'lib/msf/core/payload/windows/x64/send_uuid_x64.rb', line 40

def uuid_required_size
  # Start with the number of bytes required for the instructions
  space = 25

  # a UUID is 16 bytes
  space += 16

  space
end