Metasploit mailing list archives
Re: What does msfencode BufferRegister option is used for?
From: Peter Van Eeckhoutte <peter.ve () corelan be>
Date: Fri, 29 Jul 2011 06:44:39 +0200
One of the first things most payloads do, is retrieving its own position in memory, its absolute memory address. The routine to do this, is often called a "getpc" routine. If you can't use a getpc routine (because it contains bad chars), or if you don't want/need to use a getPC routine (because you can make one of the registers point exactly at the first byte of the payload, at the time the payload starts to run), then you can use the BufferRegister option Some encoders (especially the alpha_* encoders) actually expect you to provide a bufferregister. Without the bufferregister, the encoded payload will be prepended by an non-alpha-* getpc routine. Not sure why your exe crashes after executing the payload. What exitfunc did you use ? From: framework-bounces () spool metasploit com [mailto:framework-bounces () spool metasploit com] On Behalf Of Jordan Trover Sent: vrijdag 29 juli 2011 4:55 To: framework () spool metasploit com Subject: [framework] What does msfencode BufferRegister option is used for? I hope the question is not too stupid, but I just started learning masm and I have ported one of the functions from syringe.c to masm to execute payloads directly from code. All the payloads I tested executed fine but they all crashed the exe that launched them with a memory access violation right after finishing executing the payload. So I added a SE handler, but still wasn't able to return to my code after the payload execution. Then I tried encoding the payload, got the same result. But then I tried encoding and using the option BufferRegister=EAX, this time the payload throws an exception but I am able to catch it and return. I read in metasploit website that BufferRegister is "The register that pointers to the encoded payload", but I don't fully understand why using that option allow me to catch the exception and without it I can't. Could someone give me an explanation on the BufferRegister option is involved in the execution of the payload? ________________________________ This transmission is intended only for use by the intended recipient(s). If you are not an intended recipient you should not read, disclose, copy, circulate or in any other way use the information contained in this transmission. The information contained in this transmission may be confidential and/or privileged. If you have received this transmission in error, please notify the sender immediately and delete this transmission including any attachments.
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- What does msfencode BufferRegister option is used for? Jordan Trover (Jul 28)
- Re: What does msfencode BufferRegister option is used for? Peter Van Eeckhoutte (Jul 28)