Land rapid7#1944, C# byte array payload

Author: wvu

lib/msf/base/simple/buffer.rb

@@ -31,6 +31,8 @@ def self.transform(buf, fmt = "ruby")
 				buf = Rex::Text.to_bash(buf)
 			when 'c'
 				buf = Rex::Text.to_c(buf)
+			when 'csharp'
+				buf = Rex::Text.to_csharp(buf)
 			when 'js_be'
 				buf = Rex::Text.to_unescape(buf, ENDIAN_BIG)
 			when 'js_le'
@@ -59,6 +61,8 @@ def self.comment(buf, fmt = "ruby")
 				buf = Rex::Text.to_bash_comment(buf)
 			when 'c'
 				buf = Rex::Text.to_c_comment(buf)
+			when 'csharp'
+				buf = Rex::Text.to_c_comment(buf)
 			when 'js_be', 'js_le'
 				buf = Rex::Text.to_js_comment(buf)
 			when 'java'
@@ -74,7 +78,7 @@ def self.comment(buf, fmt = "ruby")
 	# Returns the list of supported formats
 	#
 	def self.transform_formats
-		['raw','ruby','rb','perl','pl','bash','sh','c','js_be','js_le','java','python','py']
+		['raw','ruby','rb','perl','pl','bash','sh','c','csharp','js_be','js_le','java','python','py']
 	end
 
 end

lib/rex/text.rb

@@ -52,8 +52,55 @@ module Text
 	DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ]
 
 	# In case Iconv isn't loaded
-	Iconv_EBCDIC = ["\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05", "%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "<", "=", "2", "&", "\x18", "\x19", "?", "'", "\x1C", "\x1D", "\x1E", "\x1F", "@", "Z", "\x7F", "{", "[", "l", "P", "}", "M", "]", "\\", "N", "k", "`", "K", "a", "\xF0", "\xF1", "\xF2", "\xF3", "\xF4", "\xF5", "\xF6", "\xF7", "\xF8", "\xF9", "z", "^", "L", "~", "n", "o", "|", "\xC1", "\xC2", "\xC3", "\xC4", "\xC5", "\xC6", "\xC7", "\xC8", "\xC9", "\xD1", "\xD2", "\xD3", "\xD4", "\xD5", "\xD6", "\xD7", "\xD8", "\xD9", "\xE2", "\xE3", "\xE4", "\xE5", "\xE6", "\xE7", "\xE8", "\xE9", nil, "\xE0", nil, nil, "m", "y", "\x81", "\x82", "\x83", "\x84", "\x85", "\x86", "\x87", "\x88", "\x89", "\x91", "\x92", "\x93", "\x94", "\x95", "\x96", "\x97", "\x98", "\x99", "\xA2", "\xA3", "\xA4", "\xA5", "\xA6", "\xA7", "\xA8", "\xA9", "\xC0", "O", "\xD0", "\xA1", "\a", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
-	Iconv_ASCII  = ["\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\a", "\b", "\t", "\n", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x19", "\x1A", "\e", "\x1C", "\x1D", "\x1E", "\x1F", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", nil, "\\", nil, nil, "_", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "\x7F", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
+	Iconv_EBCDIC = [
+		"\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05",
+		"%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13",
+		"<", "=", "2", "&", "\x18", "\x19", "?", "'", "\x1C", "\x1D", "\x1E",
+		"\x1F", "@", "Z", "\x7F", "{", "[", "l", "P", "}", "M", "]", "\\",
+		"N", "k", "`", "K", "a", "\xF0", "\xF1", "\xF2", "\xF3", "\xF4",
+		"\xF5", "\xF6", "\xF7", "\xF8", "\xF9", "z", "^", "L", "~", "n", "o",
+		"|", "\xC1", "\xC2", "\xC3", "\xC4", "\xC5", "\xC6", "\xC7", "\xC8",
+		"\xC9", "\xD1", "\xD2", "\xD3", "\xD4", "\xD5", "\xD6", "\xD7",
+		"\xD8", "\xD9", "\xE2", "\xE3", "\xE4", "\xE5", "\xE6", "\xE7",
+		"\xE8", "\xE9", nil, "\xE0", nil, nil, "m", "y", "\x81", "\x82",
+		"\x83", "\x84", "\x85", "\x86", "\x87", "\x88", "\x89", "\x91",
+		"\x92", "\x93", "\x94", "\x95", "\x96", "\x97", "\x98", "\x99",
+		"\xA2", "\xA3", "\xA4", "\xA5", "\xA6", "\xA7", "\xA8", "\xA9",
+		"\xC0", "O", "\xD0", "\xA1", "\a", nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil
+	]
+
+	Iconv_ASCII  = [
+		"\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\a", "\b",
+		"\t", "\n", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12",
+		"\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x19", "\x1A", "\e",
+		"\x1C", "\x1D", "\x1E", "\x1F", " ", "!", "\"", "#", "$", "%", "&",
+		"'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4",
+		"5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B",
+		"C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P",
+		"Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", nil, "\\", nil,
+		nil, "_", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k",
+		"l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y",
+		"z", "{", "|", "}", "~", "\x7F", nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil,
+		nil, nil, nil, nil, nil, nil, nil, nil, nil
+	]
 
 	##
 	#
@@ -82,6 +129,17 @@ def self.to_c(str, wrap = DefaultWrap, name = "buf")
 		return hexify(str, wrap, '"', '"', "unsigned char #{name}[] = \n", '";')
 	end
 
+	def self.to_csharp(str, wrap = DefaultWrap, name = "buf")
+		ret = "byte[] #{name} = new byte[#{str.length}] {"
+		i = -1;
+		while (i += 1) < str.length
+			ret << "\n" if i%(wrap/4) == 0
+			ret << "0x" << str[i].unpack("H*")[0] << ","
+		end
+		ret = ret[0..ret.length-2] #cut off last comma
+		ret << " };\n"
+	end
+
 	#
 	# Creates a c-style comment
 	#
@@ -344,22 +402,40 @@ def self.to_hex_ascii(str, prefix = "\\x", count = 1, suffix=nil)
 	#
 	# Converts standard ASCII text to a unicode string.
 	#
-	# Supported unicode types include: utf-16le, utf16-be, utf32-le, utf32-be, utf-7, and utf-8
+	# Supported unicode types include: utf-16le, utf16-be, utf32-le,
+	# utf32-be, utf-7, and utf-8
+	#
+	# Providing 'mode' provides hints to the actual encoder as to how it
+	# should encode the string.
 	#
-	# Providing 'mode' provides hints to the actual encoder as to how it should encode the string.	Only UTF-7 and UTF-8 use "mode".
+	# Only UTF-7 and UTF-8 use "mode".
 	#
-	# utf-7 by default does not encode alphanumeric and a few other characters.  By specifying the mode of "all", then all of the characters are encoded, not just the non-alphanumeric set.
-	#	to_unicode(str, 'utf-7', 'all')
+	# utf-7 by default does not encode alphanumeric and a few other
+	# characters.  By specifying the mode of "all", then all of the
+	# characters are encoded, not just the non-alphanumeric set.
+	# to_unicode(str, 'utf-7', 'all')
 	#
-	# utf-8 specifies that alphanumeric characters are used directly, eg "a" is just "a".  However, there exist 6 different overlong encodings of "a" that are technically not valid, but parse just fine in most utf-8 parsers.  (0xC1A1, 0xE081A1, 0xF08081A1, 0xF8808081A1, 0xFC80808081A1, 0xFE8080808081A1).  How many bytes to use for the overlong enocding is specified providing 'size'.
-	#	to_unicode(str, 'utf-8', 'overlong', 2)
+	# utf-8 specifies that alphanumeric characters are used directly, eg
+	# "a" is just "a".  However, there exist 6 different overlong
+	# encodings of "a" that are technically not valid, but parse just fine
+	# in most utf-8 parsers.  (0xC1A1, 0xE081A1, 0xF08081A1, 0xF8808081A1,
+	# 0xFC80808081A1, 0xFE8080808081A1).  How many bytes to use for the
+	# overlong enocding is specified providing 'size'.  to_unicode(str,
+	# 'utf-8', 'overlong', 2)
 	#
-	# Many utf-8 parsers also allow invalid overlong encodings, where bits that are unused when encoding a single byte are modified.  Many parsers will ignore these bits, rendering simple string matching to be ineffective for dealing with UTF-8 strings.  There are many more invalid overlong encodings possible for "a".  For example, three encodings are available for an invalid 2 byte encoding of "a". (0xC1E1 0xC161 0xC121).	By specifying "invalid", a random invalid encoding is chosen for the given byte size.
-	#	to_unicode(str, 'utf-8', 'invalid', 2)
+	# Many utf-8 parsers also allow invalid overlong encodings, where bits
+	# that are unused when encoding a single byte are modified.  Many
+	# parsers will ignore these bits, rendering simple string matching to
+	# be ineffective for dealing with UTF-8 strings.  There are many more
+	# invalid overlong encodings possible for "a".  For example, three
+	# encodings are available for an invalid 2 byte encoding of "a".
+	# (0xC1E1 0xC161 0xC121).
 	#
-	# utf-7 defaults to 'normal' utf-7 encoding
-	# utf-8 defaults to 2 byte 'normal' encoding
+	# By specifying "invalid", a random invalid encoding is chosen for the
+	# given byte size.  to_unicode(str, 'utf-8', 'invalid', 2)
 	#
+	# utf-7 defaults to 'normal' utf-7 encoding utf-8 defaults to 2 byte
+	# 'normal' encoding
 	def self.to_unicode(str='', type = 'utf-16le', mode = '', size = '')
 		return '' if not str
 		case type

msfpayload

@@ -30,7 +30,7 @@ $args = Rex::Parser::Arguments.new(
 #
 def usage
 	$stderr.puts("\n" +
-		"    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|[P]erl|Rub[y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>\n" +
+		"    Usage: #{$0} [<options>] <payload> [var=val] <[S]ummary|C|Cs[H]arp|[P]erl|Rub[Y]|[R]aw|[J]s|e[X]e|[D]ll|[V]BA|[W]ar|Pytho[N]>\n" +
 		$args.usage)
 	exit
 end
@@ -119,17 +119,18 @@ end
 
 payload.datastore.merge! options
 
-if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
-	fmt = 'perl' if (cmd =~ /^p/)
-	fmt = 'ruby' if (cmd =~ /^y/)
-	fmt = 'raw' if (cmd =~ /^(r|x|d)/)
-	fmt = 'raw' if (cmd =~ /^v/)
-	fmt = 'c' if (cmd == 'c')
-	fmt = 'js_be' if (cmd =~ /^j/ and Rex::Arch.endian(payload.arch) == ENDIAN_BIG)
-	fmt = 'js_le' if (cmd =~ /^j/ and ! fmt)
-	fmt = 'java'  if (cmd =~ /^b/)
-	fmt = 'raw' if (cmd =~ /^w/)
-	fmt = 'python' if (cmd =~ /^n/)
+if (cmd =~ /^(p|y|r|d|c|h|j|x|b|v|w|n)$/)
+	fmt = 'perl' if (cmd =~ /^p$/)
+	fmt = 'ruby' if (cmd =~ /^y$/)
+	fmt = 'raw' if (cmd =~ /^(r|x|d)$/)
+	fmt = 'raw' if (cmd =~ /^v$/)
+	fmt = 'c' if (cmd =~ /^c$/)
+	fmt = 'csharp' if (cmd =~ /^h$/)
+	fmt = 'js_be' if (cmd =~ /^j$/ and Rex::Arch.endian(payload.arch) == ENDIAN_BIG)
+	fmt = 'js_le' if (cmd =~ /^j$/ and ! fmt)
+	fmt = 'java'  if (cmd =~ /^b$/)
+	fmt = 'raw' if (cmd =~ /^w$/)
+	fmt = 'python' if (cmd =~ /^n$/)
 	enc = options['ENCODER']
 
 	begin
@@ -144,7 +145,7 @@ if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
 
 	$stdout.binmode
 
-	if (cmd =~ /^x/)
+	if (cmd =~ /^x$/)
 		note =
 			"Created by msfpayload (http://www.metasploit.com).\n" +
 			"Payload: " + payload.refname + "\n" +
@@ -170,7 +171,7 @@ if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
 		exit(-1)
 	end
 
-	if(cmd =~ /^v/)
+	if(cmd =~ /^v$/)
 		exe = Msf::Util::EXE.to_win32pe($framework, buf)
 		note =
 			"'Created by msfpayload (http://www.metasploit.com).\r\n" +
@@ -183,7 +184,7 @@ if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
 		exit(0)
 	end
 
-	if(cmd =~ /^d/)
+	if(cmd =~ /^d$/)
 		dll = Msf::Util::EXE.to_win32pe_dll($framework, buf)
 		note =
 			"Created by msfpayload (http://www.metasploit.com).\r\n" +
@@ -201,7 +202,7 @@ if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
 		exit(-1)
 	end
 
-	if(cmd =~ /^w/)
+	if(cmd =~ /^w$/)
 		note =
 			"Created by msfpayload (http://www.metasploit.com).\n" +
 			"Payload: " + payload.refname + "\n" +
@@ -231,7 +232,7 @@ if (cmd =~ /^(p|y|r|d|c|j|x|b|v|w|n)/)
 
 	$stdout.write(buf)
 
-elsif (cmd =~ /^(s|o)/)
+elsif (cmd =~ /^(s|o)$/)
 	payload.datastore.import_options_from_s(rest.join('_|_'), '_|_')
 	puts Msf::Serializer::ReadableText.dump_module(payload)
 

msfvenom

@@ -265,13 +265,13 @@ $framework ||= Msf::Simple::Framework.create(
 if opts[:list]
 	opts[:list].each do |mod|
 		case mod
-		when /payloads/i
+		when /^payloads$/i
 			$stderr.puts dump_payloads
-		when /encoders/i
+		when /^encoders$/i
 			$stderr.puts dump_encoders(opts[:arch])
-		when /nops/i
+		when /^nops$/i
 			$stderr.puts dump_nops
-		when /all/i
+		when /^all$/i
 			$stderr.puts dump_payloads
 			$stderr.puts dump_encoders
 			$stderr.puts dump_nops
@@ -422,26 +422,26 @@ end
 
 $stdout.binmode
 
-if opts[:format] !~/ruby|rb|perl|pl|bash|sh|c|js|dll|elf/i
+if opts[:format] !~/^(ruby|rb|perl|pl|bash|sh|c|csharp|js|dll|elf)$/i
 	exe = Msf::Util::EXE.to_executable_fmt($framework, opts[:arch], opts[:platform], payload_raw, opts[:format], exeopts)
 end
 
 case opts[:format]
-when /ruby|rb|perl|pl|bash|^sh$|^c$|js_le|raw|^py/i
+when /^(ruby|rb|perl|pl|bash|sh|c|csharp|js_le|raw|py)$/i
 	$stdout.write Msf::Simple::Buffer.transform(payload_raw, opts[:format])
-when /asp$/
+when /^asp$/
 	asp = Msf::Util::EXE.to_win32pe_asp($framework, payload_raw, exeopts)
 	$stdout.puts asp
-when /aspx/
+when /^aspx$/
 	aspx = Msf::Util::EXE.to_win32pe_aspx($framework, payload_raw, exeopts)
 	$stdout.puts aspx
-when /js_be/i
+when /^js_be$/i
 	if Rex::Arch.endian(payload.arch) != ENDIAN_BIG
 		print_error("Big endian format selected for a non big endian payload")
 		exit
 	end
 	$stdout.puts Msf::Simple::Buffer.transform(payload_raw, opts[:format])
-when /java/i
+when /^java$/i
 	if(!exe and payload.platform.platforms.index(Msf::Module::Platform::Java))
 		exe = payload.generate_jar.pack
 	end
@@ -451,75 +451,75 @@ when /java/i
 	else
 		print_error("Could not generate payload format")
 	end
-when /elf/i
+when /^elf$/i
 	if (opts[:platform].index(Msf::Module::Platform::Linux))
 		elf = case opts[:arch]
-			when /x64/; Msf::Util::EXE.to_linux_x64_elf($framework, payload_raw, exeopts)
-			when /x86/; Msf::Util::EXE.to_linux_x86_elf($framework, payload_raw, exeopts)
-			when /arm/; Msf::Util::EXE.to_linux_armle_elf($framework, payload_raw, exeopts)
+			when /^x64$/; Msf::Util::EXE.to_linux_x64_elf($framework, payload_raw, exeopts)
+			when /^x86$/; Msf::Util::EXE.to_linux_x86_elf($framework, payload_raw, exeopts)
+			when /^arm$/; Msf::Util::EXE.to_linux_armle_elf($framework, payload_raw, exeopts)
 			end
 	elsif(opts[:platform].index(Msf::Module::Platform::BSD))
 		elf = case opts[:arch]
-			when /x86/; Msf::Util::EXE.to_bsd_x86_elf($framework, payload_raw, exeopts)
+			when /^x86$/; Msf::Util::EXE.to_bsd_x86_elf($framework, payload_raw, exeopts)
 			end
 	elsif(opts[:platform].index(Msf::Module::Platform::Solaris))
 		elf = case opts[:arch]
-			when /x86/; Msf::Util::EXE.to_solaris_x86_elf($framework, payload_raw, exeopts)
+			when /^x86$/; Msf::Util::EXE.to_solaris_x86_elf($framework, payload_raw, exeopts)
 			end
 	end
 	if elf.nil?
 		print_error("This format does not support that architecture")
 		exit
 	end
 	$stdout.write elf
-when /macho/i
+when /^macho$/i
 	bin = case opts[:arch]
-		when /x64/; Msf::Util::EXE.to_osx_x64_macho($framework, payload_raw, exeopts)
-		when /x86/; Msf::Util::EXE.to_osx_x86_macho($framework, payload_raw, exeopts)
-		when /arm/; Msf::Util::EXE.to_osx_arm_macho($framework, payload_raw, exeopts)
-		when /ppc/; Msf::Util::EXE.to_osx_ppc_macho($framework, payload_raw, exeopts)
+		when /^x64$/; Msf::Util::EXE.to_osx_x64_macho($framework, payload_raw, exeopts)
+		when /^x86$/; Msf::Util::EXE.to_osx_x86_macho($framework, payload_raw, exeopts)
+		when /^arm$/; Msf::Util::EXE.to_osx_arm_macho($framework, payload_raw, exeopts)
+		when /^ppc$/; Msf::Util::EXE.to_osx_ppc_macho($framework, payload_raw, exeopts)
 		end
 	if bin.nil?
 		print_error("This format does not support that architecture")
 		exit
 	end
 	$stdout.write bin
-when /dll/i
+when /^dll$/i
 	dll = case opts[:arch]
-		when /x86/;        Msf::Util::EXE.to_win32pe_dll($framework, payload_raw)
-		when /x64|x86_64/; Msf::Util::EXE.to_win64pe_dll($framework, payload_raw)
+		when /^x86$/;        Msf::Util::EXE.to_win32pe_dll($framework, payload_raw)
+		when /^(x64|x86_64)$/; Msf::Util::EXE.to_win64pe_dll($framework, payload_raw)
 		end
 	if dll.nil?
 		print_error("This format does not support that architecture")
 		exit
 	end
 
 	$stdout.write dll
-when /exe/i
+when /^exe$/i
 	$stdout.write exe
-when /exe-small/i
-when /vba/i
+when /^exe-small$/i
+when /^vba$/i
 	vba = Msf::Util::EXE.to_vba($framework, payload_raw)
 	$stdout.puts vba
-when /vba-exe/i
+when /^vba-exe$/i
 	exe = Msf::Util::EXE.to_win32pe($framework, payload_raw)
 	vba = Msf::Util::EXE.to_exe_vba(exe)
 	$stdout.puts vba
-when /vbs/i
+when /^vbs$/i
 	exe = Msf::Util::EXE.to_win32pe($framework, payload_raw)
 	vbs = Msf::Util::EXE.to_exe_vbs(exe)
 	$stdout.puts vbs
-when /war/i
+when /^war$/i
 	if (!exe and payload.platform.platforms.index(Msf::Module::Platform::Java))
 		exe = payload.generate_war.pack
 	else
 		exe = Msf::Util::EXE.to_jsp_war(exe)
 	end
 	$stdout.write exe
-when /psh/i
+when /^psh$/i
 	psh = Msf::Util::EXE.to_win32pe_psh($framework, payload_raw, exeopts)
 	$stdout.write psh
-when /psh-net/i
+when /^psh-net$/i
 	psh = Msf::Util::EXE.to_win32pe_psh_net($framework, payload_raw, exeopts)
 	$stdout.write psh
 else