L-codes
diff --git a/‎lib/msf/core/payload/windows.rb‎
Lines changed: 5 additions & 5 deletions b/‎lib/msf/core/payload/windows.rb‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎lib/msf/core/payload/windows/exitfunk.rb‎
Lines changed: 2 additions & 2 deletions b/‎lib/msf/core/payload/windows/exitfunk.rb‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎lib/msf/core/payload/windows/prepend_migrate.rb‎
Lines changed: 56 additions & 196 deletions b/‎lib/msf/core/payload/windows/prepend_migrate.rb‎
Lines changed: 56 additions & 196 deletions
diff --git a/‎lib/msf/core/payload/windows/reverse_http.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_http.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/reverse_named_pipe.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_named_pipe.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/reverse_tcp.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_tcp.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/reverse_tcp_dns.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_tcp_dns.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/reverse_udp.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_udp.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/reverse_win_http.rb‎
Lines changed: 1 addition & 1 deletion b/‎lib/msf/core/payload/windows/reverse_win_http.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/msf/core/payload/windows/x64/reverse_named_pipe_x64.rb‎
Lines changed: 3 additions & 3 deletions b/‎lib/msf/core/payload/windows/x64/reverse_named_pipe_x64.rb‎
Lines changed: 3 additions & 3 deletions
@@ -21,15 +21,15 @@ module Msf::Payload::Windows
 
   #
   # ROR hash associations for some of the exit technique routines.
-  #
+
@@exit_types =
     {
       nil       => 0,          # Default to nothing
       ''        => 0,          # Default to nothing
-      'seh'     => 0xEA320EFE, # SetUnhandledExceptionFilter
-      'thread'  => 0x0A2A1DE0, # ExitThread
-      'process' => 0x56A2B5F0, # ExitProcess
-      'none'    => 0x5DE2C5AA  # GetLastError
+      'seh'     => Rex::Text.block_api_hash("kernel32.dll", "SetUnhandledExceptionFilter").to_i(16), # SetUnhandledExceptionFilter
+      'thread'  => Rex::Text.block_api_hash("kernel32.dll", "ExitThread").to_i(16), # ExitThread
+      'process' => Rex::Text.block_api_hash("kernel32.dll", "ExitProcess").to_i(16), # ExitProcess
+      'none'    => Rex::Text.block_api_hash("kernel32.dll", "GetLastError").to_i(16)  # GetLastError
     }
 
   #
 
@@ -33,13 +33,13 @@ def asm_exitfunk(opts={})
     when 'thread'
       asm << %Q^
         mov ebx, 0x#{Msf::Payload::Windows.exit_types['thread'].to_s(16)}
-        push 0x9DBD95A6        ; hash( "kernel32.dll", "GetVersion" )
+        push #{Rex::Text.block_api_hash("kernel32.dll", "GetVersion")}        ; hash( "kernel32.dll", "GetVersion" )
         call ebp               ; GetVersion(); (AL will = major version and AH will = minor version)
         cmp al, 6              ; If we are not running on Windows Vista, 2008 or 7
         jl exitfunk_goodbye    ; Then just call the exit function...
         cmp bl, 0xE0           ; If we are trying a call to kernel32.dll!ExitThread on Windows Vista, 2008 or 7...
         jne exitfunk_goodbye   ;
-        mov ebx, 0x6F721347    ; Then we substitute the EXITFUNK to that of ntdll.dll!RtlExitUserThread
+        mov ebx, #{Rex::Text.block_api_hash("ntdll.dll", "RtlExitUserThread")}     ; Then we substitute the EXITFUNK to that of ntdll.dll!RtlExitUserThread
       exitfunk_goodbye:        ; We now perform the actual call to the exit function
         push.i8 0              ; push the exit function parameter
         push ebx               ; push the hash of the exit function
 
@@ -442,7 +442,7 @@ def asm_reverse_http(opts={})
     else
       asm << %Q^
     failure:
-      push 0x56A2B5F0        ; hardcoded to exitprocess for size
+      push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
       call ebp
       ^
     end
 
@@ -147,7 +147,7 @@ def asm_reverse_named_pipe(opts={})
     else
       asm << %Q^
       failure:
-        push 0x56A2B5F0         ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call ebp
       ^
     end
 
@@ -201,7 +201,7 @@ def asm_reverse_tcp(opts={})
     else
       asm << %Q^
       failure:
-        push 0x56A2B5F0         ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call ebp
       ^
     end
 
@@ -142,7 +142,7 @@ def asm_reverse_tcp_dns(opts={})
     else
       asm << %Q^
       failure:
-        push 0x56A2B5F0         ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call ebp
       ^
     end
 
@@ -129,7 +129,7 @@ def asm_reverse_udp(opts={})
     else
       asm << %Q^
       failure:
-        push 0x56A2B5F0         ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call ebp
       ^
     end
 
@@ -476,7 +476,7 @@ def asm_reverse_winhttp(opts={})
       else
         asm << %Q^
       failure:
-        push 0x56A2B5F0        ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call ebp
         ^
       end
 
@@ -59,8 +59,8 @@ def generate_reverse_named_pipe(opts={})
       and rsp, ~0xF           ;  Ensure RSP is 16 byte aligned
       call start              ; Call start, this pushes the address of 'api_call' onto the stack.
       #{asm_block_api}
-      start:
-        pop rbp               ; block API pointer
+     start:
+      pop rbp                 ; block API pointer
       #{asm_reverse_named_pipe(opts)}
     ^
     Metasm::Shellcode.assemble(Metasm::X64.new, combined_asm).encode_string
@@ -145,7 +145,7 @@ def asm_reverse_named_pipe(opts={})
     else
       asm << %Q^
       failure:
-        push 0x56A2B5F0         ; hardcoded to exitprocess for size
+        push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}
         call rbp
       ^
     end
Original file line number	Diff line number	Diff line change
`@@ -21,15 +21,15 @@ module Msf::Payload::Windows`
`21`	`21`
`22`	`22`	`#`
`23`	`23`	`# ROR hash associations for some of the exit technique routines.`
`24`		`- #`
	`24`	`+`
`25`	`25`	`@@exit_types =`
`26`	`26`	`{`
`27`	`27`	`nil => 0, # Default to nothing`
`28`	`28`	`'' => 0, # Default to nothing`
`29`		`- 'seh' => 0xEA320EFE, # SetUnhandledExceptionFilter`
`30`		`- 'thread' => 0x0A2A1DE0, # ExitThread`
`31`		`- 'process' => 0x56A2B5F0, # ExitProcess`
`32`		`- 'none' => 0x5DE2C5AA # GetLastError`
	`29`	`+ 'seh' => Rex::Text.block_api_hash("kernel32.dll", "SetUnhandledExceptionFilter").to_i(16), # SetUnhandledExceptionFilter`
	`30`	`+ 'thread' => Rex::Text.block_api_hash("kernel32.dll", "ExitThread").to_i(16), # ExitThread`
	`31`	`+ 'process' => Rex::Text.block_api_hash("kernel32.dll", "ExitProcess").to_i(16), # ExitProcess`
	`32`	`+ 'none' => Rex::Text.block_api_hash("kernel32.dll", "GetLastError").to_i(16) # GetLastError`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`#`
Original file line number	Diff line number	Diff line change
`@@ -442,7 +442,7 @@ def asm_reverse_http(opts={})`
`442`	`442`	`else`
`443`	`443`	`asm << %Q^`
`444`	`444`	`failure:`
`445`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`445`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`446`	`446`	`call ebp`
`447`	`447`	`^`
`448`	`448`	`end`
Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ def asm_reverse_named_pipe(opts={})`
`147`	`147`	`else`
`148`	`148`	`asm << %Q^`
`149`	`149`	`failure:`
`150`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`150`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`151`	`151`	`call ebp`
`152`	`152`	`^`
`153`	`153`	`end`
Original file line number	Diff line number	Diff line change
`@@ -201,7 +201,7 @@ def asm_reverse_tcp(opts={})`
`201`	`201`	`else`
`202`	`202`	`asm << %Q^`
`203`	`203`	`failure:`
`204`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`204`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`205`	`205`	`call ebp`
`206`	`206`	`^`
`207`	`207`	`end`
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,7 @@ def asm_reverse_tcp_dns(opts={})`
`142`	`142`	`else`
`143`	`143`	`asm << %Q^`
`144`	`144`	`failure:`
`145`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`145`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`146`	`146`	`call ebp`
`147`	`147`	`^`
`148`	`148`	`end`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ def asm_reverse_udp(opts={})`
`129`	`129`	`else`
`130`	`130`	`asm << %Q^`
`131`	`131`	`failure:`
`132`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`132`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`133`	`133`	`call ebp`
`134`	`134`	`^`
`135`	`135`	`end`
Original file line number	Diff line number	Diff line change
`@@ -476,7 +476,7 @@ def asm_reverse_winhttp(opts={})`
`476`	`476`	`else`
`477`	`477`	`asm << %Q^`
`478`	`478`	`failure:`
`479`		`- push 0x56A2B5F0 ; hardcoded to exitprocess for size`
	`479`	`+ push #{Rex::Text.block_api_hash('kernel32.dll', 'ExitProcess')}`
`480`	`480`	`call ebp`
`481`	`481`	`^`
`482`	`482`	`end`