correct error in block service_change_description

2014-01-06 19:49:52 +01:00 · 2014-01-06 19:49:52 +01:00 · bb4e9e2d4d
parent 6332957bd2
commit bb4e9e2d4d
2 changed files with 9 additions and 5 deletions
--- a/external/source/shellcode/windows/x86/src/block/block_service_change_description.asm
+++ b/external/source/shellcode/windows/x86/src/block/block_service_change_description.asm
@ -7,7 +7,7 @@
 [BITS 32]
 ; Input: EBP must be the address of 'api_call'.

-push 0x000F01FF
+push 0x000F003F
 push 0x00000000
 push 0x00000000
 push 0x7636F067
@ -24,7 +24,11 @@ call ebp 		;OpenServiceA
 mov esi, eax
 push 0x00464349
 push 0x56524553
+mov ecx, esp
+push 0x00000000
+push ecx
 mov ecx, esp	;SVCDESCRIPTION
+push ecx
 push 0x00000001 ;SERVICE_CONFIG_DESCRIPTION
 push eax
 push 0xED35B087
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@ -545,12 +545,12 @@ require 'msf/core/exe/segment_injector'
        pushed_service_description = string_to_pushes(opts[:servicedescription])

        code_service_description = 
-          "\x68\xFF\x01\x0F\x00\x6A\x00\x6A\x00\x68\x67\xF0\x36" +
+          "\x68\x3F\x00\x0F\x00\x6A\x00\x6A\x00\x68\x67\xF0\x36" +
          "\x76\xFF\xD5\x89\xC7"+pushed_service_name+"\x89\xE1\x68" +
          "\xFF\x01\x0F\x00\x51\x50\x68\x56\x28\x4B\x40\xFF\xD5\x89\xC6" +
-          pushed_service_description+"\x89\xE1\x6A\x01\x50\x68\x87\xB0\x35" +
-          "\xED\xFF\xD5\x56\x68\xDE\xEA\x77\xAD\xFF\xD5\x57\x68\xDE\xEA\x77" +
-          "\xAD\xFF\xD5"
+           pushed_service_description+"\x89\xE1\x6A\x00\x51\x89\xE1\x51" +
+          "\x6A\x01\x50\x68\x87\xB0\x35\xED\xFF\xD5\x56\x68\xDE\xEA\x77" +
+          "\xAD\xFF\xD5\x57\x68\xDE\xEA\x77\xAD\xFF\xD5"
      end

      precode_size = 0x42