From 9444c8c41065d9f6dca712b5017aaa0931ea99f1 Mon Sep 17 00:00:00 2001
From: jvazquez-r7 <juan_vazquez@rapid7.com>
Date: Mon, 28 Sep 2015 15:52:50 -0500
Subject: [PATCH] Fix #5988, windows x64 stagers

* Also, use mov esi, esi to save an extra byte
* Also, modify the block_recv.asm code, just to have it up to date
---
 external/source/shellcode/windows/x64/src/block/block_recv.asm | 1 +
 lib/msf/core/payload/windows/x64/bind_tcp.rb                   | 1 +
 lib/msf/core/payload/windows/x64/reverse_tcp.rb                | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/external/source/shellcode/windows/x64/src/block/block_recv.asm b/external/source/shellcode/windows/x64/src/block/block_recv.asm
index a38ebf23f8..c76eb2373b 100644
--- a/external/source/shellcode/windows/x64/src/block/block_recv.asm
+++ b/external/source/shellcode/windows/x64/src/block/block_recv.asm
@@ -24,6 +24,7 @@ recv:
   add rsp, 32            ; we restore RSP from the api_call so we can pop off RSI next
   ; Alloc a RWX buffer for the second stage
   pop rsi                ; pop off the second stage length
+  mov esi, esi           ; only use the lower-order 32 bits for the size
   push byte 0x40         ; 
   pop r9                 ; PAGE_EXECUTE_READWRITE
   push 0x1000            ; 
diff --git a/lib/msf/core/payload/windows/x64/bind_tcp.rb b/lib/msf/core/payload/windows/x64/bind_tcp.rb
index 52e2cc352e..33f57b220e 100644
--- a/lib/msf/core/payload/windows/x64/bind_tcp.rb
+++ b/lib/msf/core/payload/windows/x64/bind_tcp.rb
@@ -220,6 +220,7 @@ module Payload::Windows::BindTcp_x64
 
         ; Alloc a RWX buffer for the second stage
         pop rsi                ; pop off the second stage length
+        mov esi, esi           ; only use the lower-order 32 bits for the size
         push 0x40              ; 
         pop r9                 ; PAGE_EXECUTE_READWRITE
         push 0x1000            ; 
diff --git a/lib/msf/core/payload/windows/x64/reverse_tcp.rb b/lib/msf/core/payload/windows/x64/reverse_tcp.rb
index 3110f5642e..3de55bd891 100644
--- a/lib/msf/core/payload/windows/x64/reverse_tcp.rb
+++ b/lib/msf/core/payload/windows/x64/reverse_tcp.rb
@@ -219,7 +219,7 @@ module Payload::Windows::ReverseTcp_x64
 
       ; Alloc a RWX buffer for the second stage
         pop rsi                 ; pop off the second stage length
-        movsxd rsi, esi         ; only use the lower-order 32 bits for the size
+        mov esi, esi            ; only use the lower-order 32 bits for the size
         push 0x40               ; 
         pop r9                  ; PAGE_EXECUTE_READWRITE
         push 0x1000             ;