CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
Path: blob/master/data/templates/src/pe/exe/template_x64_windows.asm
Views: 11789
1
; Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com)
2
; Architecture: x64
3
;
4
; Assemble and link with the following command:
5
; "C:\Program Files\Microsoft Visual Studio 9.0\VC\bin\x86_amd64\ml64" template_x64_windows.asm /link /subsystem:windows /defaultlib:"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Lib\x64\kernel32.lib" /entry:main
6
7
extrn ExitProcess : proc
8
extrn VirtualAlloc : proc
9
10
.code
11
12
main proc
13
sub rsp, 40 ;
14
mov r9, 40h ;
15
mov r8, 3000h ;
16
mov rdx, 4096 ;
17
xor rcx, rcx ;
18
call VirtualAlloc ; lpPayload = VirtualAlloc( NULL, 4096, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE );
19
mov rcx, 4096 ;
20
mov rsi, payload ;
21
mov rdi, rax ;
22
rep movsb ; memcpy( lpPayload, payload, 4096 );
23
call rax ; lpPayload();
24
xor rcx, rcx ;
25
call ExitProcess ; ExitProcess( 0 );
26
main endp
27
28
payload proc
29
A byte 'PAYLOAD:'
30
B db 4096-8 dup ( 0 )
31
payload endp
32
end
33
34