File tree Expand file tree Collapse file tree 1 file changed +5
-5
lines changed
lib/msf/core/payload/windows/x64 Expand file tree Collapse file tree 1 file changed +5
-5
lines changed Original file line number Diff line number Diff line change @@ -40,14 +40,14 @@ def asm_exitfunk(opts={})
4040 mov r10d, 0x9DBD95A6 ; hash( "kernel32.dll", "GetVersion" )
4141 call rbp ; GetVersion(); (AL will = major version and AH will = minor version)
4242 add rsp, 40 ; cleanup the default param space on stack
43- cmp al, byte 6 ; If we are not running on Windows Vista, 2008 or 7
44- jl short goodbye ; Then just call the exit function...
43+ cmp al, 6 ; If we are not running on Windows Vista, 2008 or 7
44+ jl exitfunk_goodbye ; Then just call the exit function...
4545 cmp bl, 0xE0 ; If we are trying a call to kernel32.dll!ExitThread on
4646 ; Windows Vista, 2008 or 7...
47- jne short goodbye ;
47+ jne exitfunk_goodbye ;
4848 mov ebx, 0x6F721347 ; Then we substitute the EXITFUNK to that of ntdll.dll!RtlExitUserThread
49- goodbye: ; We now perform the actual call to the exit function
50- push byte 0 ;
49+ exitfunk_goodbye: ; We now perform the actual call to the exit function
50+ push 0 ;
5151 pop rcx ; set the exit function parameter
5252 mov r10d, ebx ; place the correct EXITFUNK into r10d
5353 call rbp ; call EXITFUNK( 0 );
You can’t perform that action at this time.
0 commit comments