We support shellcode prepends and appends using Msf::Payload::<platform>::<arch>::Prepends, although they are used inconsistently across payloads.

We currently group both appends and prepends into the Prepends mixins, which is a dubious design decision, but understandable as we have only a single append (AppendExit, which unsurprisingly appends an exit syscall), and I'm not sure that we would ever want to append anything other than an exit syscall in payload generation.

By importing the Prepends mixin within a payload module, we make both prepends and appends available. However, the appends are pointless for many payloads which already include an exit syscall hardcoded in the shellcode.

It is generally not suitable for payloads to check AppendExit. No payloads do this:

# grep -rni AppendExit modules/payloads/singles/ | wc -l
0

Instead, this should be handled by the mixin, and the payload module can opt-in by setting AppendExit to true in the module default options.

The likely cleanest solution is to update the shellcode for each payload module to remove the hardcoded exit syscall and setting AppendExit to true in the module default options. Granted, there are likely scenarios where this is not suitable (bad chars / null free?).

As an alternative, we can deregister the AppendExit option in every module which uses a hard-coded exit, but that may be confusing. As an operator, how would I know if the shellcode appends exit if the option is deregistered ?