Module: Msf::ReflectiveDLLLoader

Included in:: Payload::Windows::MeterpreterLoader, Payload::Windows::MeterpreterLoader_x64, Payload::Windows::ReflectiveDllInject, Payload::Windows::ReflectiveDllInject_x64, Post::Windows::ReflectiveDLLInjection, Rex::Payloads::Meterpreter::Config

Defined in:: lib/msf/core/reflective_dll_loader.rb

Constant Summary collapse

EXPORT_REFLECTIVELOADER = This is the ordinal of the reflective loader by default In new RDI DLLs that come with MSF

Instance Method Summary collapse

#load_rdi_dll(dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Array

Load a reflectively-injectable DLL from disk and find the offset to the ReflectiveLoader function inside the DLL.
#load_rdi_dll_from_data(dll_data, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ Integer

Load a reflectively-injectable DLL from a string and find the offset to the ReflectiveLoader function inside the DLL.

Instance Method Details

#load_rdi_dll(dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ `Array`

Load a reflectively-injectable DLL from disk and find the offset to the ReflectiveLoader function inside the DLL.

Parameters:

dll_path (String) —

Path to the DLL to load.

Returns:

(Array) —

Tuple of DLL contents and offset to the ReflectiveLoader function within the DLL.

# File 'lib/msf/core/reflective_dll_loader.rb', line 26

def load_rdi_dll(dll_path, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER)
  dll = ''
  ::File.open(dll_path, 'rb') { |f| dll = f.read }

  offset = parse_pe(dll, loader_name: loader_name, loader_ordinal: loader_ordinal)

  unless offset
    raise "Cannot find the ReflectiveLoader entry point in #{dll_path}"
  end

  return dll, offset
end

#load_rdi_dll_from_data(dll_data, loader_name: 'ReflectiveLoader', loader_ordinal: EXPORT_REFLECTIVELOADER) ⇒ `Integer`

Load a reflectively-injectable DLL from a string and find the offset to the ReflectiveLoader function inside the DLL.