metasploit-payloads

mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-02 11:36:22 +01:00

Go to file

RageLtMan 035531c35c This commit adds in-memory substitution for x64 Initial commit of in-mem-exe.c modifications for Windows x64. Initial boolean wrapper checks to see if the image supplied is a valid 64bit PE and calls a 64bit injection function. wow64 not yet implemented. 64bit execution is a bit tricky since we can't get the entrypoint of the existing thread from ThreadContext.Eax and we need to make sure that our images are properly aligned. The 64 bit mapper is based on MemExec64 source code by Steve10120 [at] icode.org. TODO: Write wow64 based injector. Write conditional to check that source and destination images are the same architecture and call the arch appropriate injection method. Write "Heaven's Gate" based injector for running x86 process in x64 space.	2013-03-20 18:45:08 -04:00
c/meterpreter	This commit adds in-memory substitution for x64	2013-03-20 18:45:08 -04:00

RageLtMan 035531c35c This commit adds in-memory substitution for x64

Initial commit of in-mem-exe.c modifications for Windows x64.
Initial boolean wrapper checks to see if the image supplied is a
valid 64bit PE and calls a 64bit injection function. wow64 not yet
implemented.

64bit execution is a bit tricky since we can't get the entrypoint
of the existing thread from ThreadContext.Eax and we need to make
sure that our images are properly aligned. The 64 bit mapper is
based on MemExec64 source code by Steve10120 [at] icode.org.

TODO:
Write wow64 based injector. Write conditional to check that
source and destination images are the same architecture and call
the arch appropriate injection method.
Write "Heaven's Gate" based injector for running x86 process in
x64 space.

2013-03-20 18:45:08 -04:00

c/meterpreter

This commit adds in-memory substitution for x64

2013-03-20 18:45:08 -04:00