Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
rapid7
GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/msf/util/exe/windows/x64.rb
57477 views
1
# -*- coding: binary -*-

2
module Msf::Util::EXE::Windows::X64

3
  include Msf::Util::EXE::Common

4
  include Msf::Util::EXE::Windows::Common

5
  

6
  def self.included(base)

7
    base.extend(ClassMethods)

8
  end

9


10
  module ClassMethods

11
    # Construct a Windows x64 PE executable with the given shellcode.

12
    # to_win64pe

13
    #

14
    # @param framework [Msf::Framework] The Metasploit framework instance.

15
    # @param code [String] The shellcode to embed in the executable.

16
    # @param opts [Hash] Additional options.

17
    # @return [String] The constructed PE executable as a binary string.

18


19
    def to_win64pe(framework, code, opts = {})

20
      # Use the standard template if not specified by the user.

21
      # This helper finds the full path and stores it in opts[:template].

22
      set_template_default(opts, 'template_x64_windows.exe')

23


24
      # Try to inject code into executable by adding a section without affecting executable behavior

25
      if opts[:inject]

26
        injector = Msf::Exe::SegmentInjector.new({

27
           :payload  => code,

28
           :template => opts[:template],

29
           :arch     => :x64,

30
           :secname  => opts[:secname]

31
        })

32
        return injector.generate_pe

33
      end

34


35
      # Append a new section instead

36
      appender = Msf::Exe::SegmentAppender.new({

37
        :payload  => code,

38
        :template => opts[:template],

39
        :arch     => :x64,

40
        :secname	=> opts[:secname]

41
      })

42
      return appender.generate_pe

43
    end

44
    

45
    # to_win64pe

46
    #

47
    # @param framework  [Msf::Framework]  The framework of you want to use

48
    # @param code       [String]

49
    # @param opts       [Hash]

50
    # @return           [String]

51
    def to_win64pe(framework, code, opts = {})

52
      # Allow the user to specify their own EXE template

53
      set_template_default(opts, "template_x64_windows.exe")

54


55
      # Try to inject code into executable by adding a section without affecting executable behavior

56
      if opts[:inject]

57
        injector = Msf::Exe::SegmentInjector.new({

58
          :payload  => code,

59
          :template => opts[:template],

60
          :arch     => :x64,

61
          :secname  => opts[:secname]

62
        })

63
        return injector.generate_pe

64
      end

65


66
      # Append a new section instead

67
      appender = Msf::Exe::SegmentAppender.new({

68
        :payload  => code,

69
        :template => opts[:template],

70
        :arch     => :x64,

71
        :secname	=> opts[:secname]

72
      })

73
      return appender.generate_pe

74
    end

75


76
    # to_win64pe_service

77
    #

78
    # @param framework  [Msf::Framework]  The framework of you want to use

79
    # @param code       [String]

80
    # @param opts       [Hash]

81
    # @option           [String] :exe_type

82
    # @option           [String] :service_exe

83
    # @option           [String] :dll

84
    # @option           [String] :inject

85
    # @return           [String]

86
    def to_win64pe_service(framework, code, opts = {})

87
      # Allow the user to specify their own service EXE template

88
      set_template_default(opts, "template_x64_windows_svc.exe")

89
      opts[:exe_type] = :service_exe

90
      exe_sub_method(code,opts)

91
    end

92


93
    # to_win64pe_dll

94
    #

95
    # @param framework  [Msf::Framework]  The framework of you want to use

96
    # @param code       [String]

97
    # @param opts       [Hash]

98
    # @option           [String] :exe_type

99
    # @option           [String] :dll

100
    # @option           [String] :inject

101
    # @return           [String]

102
    def to_win64pe_dll(framework, code, opts = {})

103
      flavor = opts.fetch(:mixed_mode, false) ? 'mixed_mode' : nil

104
      set_template_default_winpe_dll(opts, ARCH_X64, code.size, flavor: flavor)

105


106
      opts[:exe_type] = :dll

107


108
      if opts[:inject]

109
        raise RuntimeError, 'Template injection unsupported for x64 DLLs'

110
      else

111
        exe_sub_method(code,opts)

112
      end

113
    end

114
    

115
    # to_win64pe_dccw_gdiplus_dll

116
    #

117
    # @param framework  [Msf::Framework]  The framework of you want to use

118
    # @param code       [String]

119
    # @param opts       [Hash]

120
    # @option           [String] :exe_type

121
    # @option           [String] :dll

122
    # @option           [String] :inject

123
    # @return           [String]

124
    def to_win64pe_dccw_gdiplus_dll(framework, code, opts = {})

125
      set_template_default_winpe_dll(opts, ARCH_X64, code.size, flavor: 'dccw_gdiplus')

126
      to_win64pe_dll(framework, code, opts)

127
    end

128
  end

129
  class << self

130
    include ClassMethods

131
  end

132
end

133


134