Consistently use the same technique for exe-service

zeroSteiner · zeroSteiner · commit 3af8bd97ad41 · 2025-08-28T17:39:57.000-04:00
diff --git a/data/templates/src/pe/README.md b/data/templates/src/pe/README.md
@@ -1,8 +1,8 @@
 # PE Source Code
 This directory contains the source code for the PE executable templates.
 
-## Building DLLs
-Use the provided `build_dlls.bat` file, and run it from within the Visual Studio
+## Building
+Use the provided `build_all.bat` file, and run it from within the Visual Studio
 developer console. The batch file requires that the `%VCINSTALLDIR%` environment
 variable be defined (which it should be by default). The build script will
 create both the x86 and x64 templates before moving them into the correct
diff --git a/lib/msf/core/exploit/exe.rb b/lib/msf/core/exploit/exe.rb
@@ -21,7 +21,6 @@ def initialize(info = {})
         OptPath.new('EXE::Path',     [false, 'The directory in which to look for the executable template']),
         OptPath.new('EXE::Template', [false, 'The executable template file name.']),
         OptBool.new('EXE::Inject',   [false, 'Set to preserve the original EXE function']),
-        OptBool.new('EXE::OldMethod',[false, 'Set to use the substitution EXE generation method.']),
         OptBool.new('EXE::FallBack', [false, 'Use the default template in case the specified one is missing']),
         OptBool.new('MSI::EICAR',    [false, 'Generate an EICAR file instead of regular payload msi']),
         OptPath.new('MSI::Custom',   [false, 'Use custom msi instead of automatically generating a payload msi']),
@@ -185,7 +184,7 @@ def exe_init_options(opts)
         :template => datastore['EXE::Template'],
         :inject => datastore['EXE::Inject'],
         :fallback => datastore['EXE::FallBack'],
-        :sub_method => datastore['EXE::OldMethod']
+        :sub_method => false
       })
 
     # NOTE: If code and platform/arch are supplied, we use those values and skip initialization.
diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
@@ -248,7 +248,7 @@ def self.to_win32pe(framework, code, opts = {})
       end
 
       # use
-      self.to_win32pe_exe_sub(framework, code, opts)
+      return self.to_win32pe_exe_sub(framework, code, opts)
     end
 
     # Allow the user to specify their own EXE template
@@ -630,7 +630,6 @@ def self.to_win32pe_exe_sub(framework, code, opts = {})
     opts[:exe_type] = :exe_sub
     exe_sub_method(code,opts)
   end
-
   # self.to_win64pe
   #
   # @param framework  [Msf::Framework]  The framework of you want to use
@@ -674,24 +673,10 @@ def self.to_win64pe(framework, code, opts = {})
   #
   # @return [String] Windows Service PE file
   def self.to_win32pe_service(framework, code, opts = {})
+    # Allow the user to specify their own service EXE template
     set_template_default(opts, "template_x86_windows_svc.exe")
-    if opts[:sub_method]
-      # Allow the user to specify their own service EXE template
-      opts[:exe_type] = :service_exe
-      return exe_sub_method(code,opts)
-    else
-      ENV['MSF_SERVICENAME'] = opts[:servicename]
-
-      opts[:framework] = framework
-      opts[:payload] = 'stdin'
-      opts[:encoder] = '@x86/service,'+(opts[:serviceencoder] || '')
-
-      # XXX This should not be required, it appears there is a dependency inversion
-      # See https://github.com/rapid7/metasploit-framework/pull/9851
-      venom_generator = Msf::PayloadGenerator.new(opts)
-      code_service = venom_generator.multiple_encode_payload(code)
-      return to_winpe_only(framework, code_service, opts)
-    end
+    opts[:exe_type] = :service_exe
+    exe_sub_method(code,opts)
   end
 
   # self.to_win64pe_service
