Path: blob/master/lib/msf/util/exe/windows/x64.rb
36043 views
module Msf::Util::EXE::Windows::X641include Msf::Util::EXE::Common2include Msf::Util::EXE::Windows::Common34def self.included(base)5base.extend(ClassMethods)6end78module ClassMethods9# Construct a Windows x64 PE executable with the given shellcode.10# to_win64pe11#12# @param framework [Msf::Framework] The Metasploit framework instance.13# @param code [String] The shellcode to embed in the executable.14# @param opts [Hash] Additional options.15# @return [String] The constructed PE executable as a binary string.1617def to_win64pe(framework, code, opts = {})18# Use the standard template if not specified by the user.19# This helper finds the full path and stores it in opts[:template].20set_template_default(opts, 'template_x64_windows.exe')2122# Try to inject code into executable by adding a section without affecting executable behavior23if opts[:inject]24injector = Msf::Exe::SegmentInjector.new({25:payload => code,26:template => opts[:template],27:arch => :x64,28:secname => opts[:secname]29})30return injector.generate_pe31end3233# Append a new section instead34appender = Msf::Exe::SegmentAppender.new({35:payload => code,36:template => opts[:template],37:arch => :x64,38:secname => opts[:secname]39})40return appender.generate_pe41end4243# to_win64pe44#45# @param framework [Msf::Framework] The framework of you want to use46# @param code [String]47# @param opts [Hash]48# @return [String]49def to_win64pe(framework, code, opts = {})50# Allow the user to specify their own EXE template51set_template_default(opts, "template_x64_windows.exe")5253# Try to inject code into executable by adding a section without affecting executable behavior54if opts[:inject]55injector = Msf::Exe::SegmentInjector.new({56:payload => code,57:template => opts[:template],58:arch => :x64,59:secname => opts[:secname]60})61return injector.generate_pe62end6364# Append a new section instead65appender = Msf::Exe::SegmentAppender.new({66:payload => code,67:template => opts[:template],68:arch => :x64,69:secname => opts[:secname]70})71return appender.generate_pe72end7374# to_win64pe_service75#76# @param framework [Msf::Framework] The framework of you want to use77# @param code [String]78# @param opts [Hash]79# @option [String] :exe_type80# @option [String] :service_exe81# @option [String] :dll82# @option [String] :inject83# @return [String]84def to_win64pe_service(framework, code, opts = {})85# Allow the user to specify their own service EXE template86set_template_default(opts, "template_x64_windows_svc.exe")87opts[:exe_type] = :service_exe88exe_sub_method(code,opts)89end9091# to_win64pe_dll92#93# @param framework [Msf::Framework] The framework of you want to use94# @param code [String]95# @param opts [Hash]96# @option [String] :exe_type97# @option [String] :dll98# @option [String] :inject99# @return [String]100def to_win64pe_dll(framework, code, opts = {})101flavor = opts.fetch(:mixed_mode, false) ? 'mixed_mode' : nil102set_template_default_winpe_dll(opts, ARCH_X64, code.size, flavor: flavor)103104opts[:exe_type] = :dll105106if opts[:inject]107raise RuntimeError, 'Template injection unsupported for x64 DLLs'108else109exe_sub_method(code,opts)110end111end112113# to_win64pe_dccw_gdiplus_dll114#115# @param framework [Msf::Framework] The framework of you want to use116# @param code [String]117# @param opts [Hash]118# @option [String] :exe_type119# @option [String] :dll120# @option [String] :inject121# @return [String]122def to_win64pe_dccw_gdiplus_dll(framework, code, opts = {})123set_template_default_winpe_dll(opts, ARCH_X64, code.size, flavor: 'dccw_gdiplus')124to_win64pe_dll(framework, code, opts)125end126end127class << self128include ClassMethods129end130end131132133