An IDL compiler in PERL ...

[nicolas.ruff at gmail.com (Nicolas RUFF)]

Hello everybody,

A suggestion for Metasploit guru developers : instead of integrating RPC
marshalling code inside exploits (ex. ms05_039 using Ndr* functions), it
could be easier to integrate this code in a separate library, because
there are other interesting RPC bugs to be exploited (namely, ms05_043).

The Holy Grail would be an IDL compiler in PERL ... For instance, given
the following RPC call reversed by MUDDLE or UNMIDL :

  long Function_00(
        [in] long element_1,
        [in] [unique] [string] wchar_t *element_2,
        [in] long element_3,
  );

It would be really cool (and cleaner than using $data_stub =
"\x00\x01\x02\x03 ..."; syntax) to be able to call Function_00 with the
following syntax :

RpcCall( <idl full description>, <function name or number>, <arguments
list> );

Sorry boys, but I am not good enough at PERL and RPC marshalling to do
it myself :)

But if anybody has any clue ...

Regards,
- Nicolas RUFF
Security Researcher @ EADS-CCR