Module: Msf::Payload::Windows::MigrateNamedPipe_x64

Includes:

MigrateCommon_x64

Defined in:

lib/msf/core/payload/windows/x64/migrate_named_pipe_x64.rb

Overview

Payload that supports migrating over Named Pipe transports on x64.

Instance Method Summary

• #generate_migrate(opts = {}) ⇒ Object

  Constructs the payload.

• #initialize(info = {}) ⇒ Object

Methods included from MigrateCommon_x64

#generate

Methods included from BlockApi_x64

#asm_block_api

Methods included from Msf::Payload::Windows

#apply_prepends, exit_types, #handle_intermediate_stage, #include_send_uuid, #replace_var

Methods included from PrependMigrate

#apply_prepend_migrate, #prepend_migrate, #prepend_migrate?, #prepend_migrate_64

Instance Method Details

#generate_migrate(opts = {}) ⇒ Object

Constructs the payload

# File 'lib/msf/core/payload/windows/x64/migrate_named_pipe_x64.rb', line 29

def generate_migrate(opts = {})
  %Q^
  start_migrate_pipe:
    mov rdi, qword [rsi+16]   ; The duplicated pipe handle is in the migrate context.
  signal_pipe_event:
    mov rcx, qword [rsi]      ; Event handle is pointed at by rsi
    mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'SetEvent')}
    call rbp                  ; SetEvent(handle)
  call_pipe_payload:
    call qword [rsi+8]        ; call the associated payload
  ^
end

#initialize(info = {}) ⇒ Object

# File 'lib/msf/core/payload/windows/x64/migrate_named_pipe_x64.rb', line 15

def initialize(info={})
  super(update_info(info,
    'Name'        => 'Migrate over Named Pipe transport (x64)',
    'Description' => 'Migration stub to use over Named Pipe transports (x64)',
    'Author'      => ['OJ Reeves'],
    'License'     => MSF_LICENSE,
    'Platform'    => 'win',
    'Arch'        => ARCH_X64,
  ))
end