Question on SEH, PROCESS, THREAD and integrating custom C Code

[jeffs at speakeasy.net (jeffs)]

Thank you, Egypt.  Your information is most useful. 

Where could I find information on the various variables for the 
msfencode feature.  doing: ./msfencode -h provides no information.  I am 
having a bit of difficulty using the msfencode feature and thought 
knowing the variables and settings would, help but I cannot find them.  
Before I ask here on the list I thought it would be a good idea to at 
least play with it and see how far along I get in what I'm doing.  Also 
some good examples might shed some light.

thanks and much appreciated.

egypt at metasploit.com wrote:
> Jeffs,
>
> Sorry for the late reply, but here goes:
>
> 1) SEH, Process and Thread are exit methods.  When the payload has
> completed (for instance when you type exit in a meterpreter shell), it
> must exit somehow.  SEH means the payload will trigger an exception
> and let the exception handler deal with it, Process means the payload
> calls ExitProcess(), and Thread means it calls ExitThread().
>
> 2) The best way to integrate custom C code would be to create a
> payload for it similar to how meterpreter is set up.
>
> 3) Adding a loop and sleep feature to existing payloads would increase
> their size considerably.  We probably won't do this for the main
> payloads.  It might be something to consider for creating additional
> payloads.
>
>
> Hope I answered your questions,
> egypt
>
>
> On Mon, Jul 28, 2008 at 6:57 PM, jeffs <jeffs at speakeasy.net> wrote:
>   
> > First thanks for the great program.  I've been fiddling with it for
> > months and finally after reading Mark Baggett's document on using
> > Metasploit and AV products, it has all come together.
> >
> > Here is a link to his fine document for those who are interested:
> >
> > http://www.giac.org/certified_professionals/practicals/GCIH/01072.php
> >
> > Yet, I have some lingering questions that maybe an enlighted soul might
> > be able to answer for me.
> >
> > 1) I've confused over the seh, process and thread options and what one
> > can do with them.
> >
> > 2) I have some "c" code that I would like to integrate into the
> > directories so I can use it as a payload.  The nice thing about this
> > exploit is that you can set time intervals for it to "phone home" and
> > connects using encrypted channels.  I'd like to be able to upload it via
> > meterpreter.  How does one go about taking "c" code and turning it into
> > an exploit or module that can be used via the meterpreter?
> >
> > 3) I noticed that if I use some of the msfpayloads such as
> > meterpreter/bind_tcp, the victim's machine will display an error message
> > if upon execution of the binary on the victim's machine there is no
> > attacking machine waiting to receive it's query.  Is there some way to
> > modify the behavior of the payloads so it repeatedly queries an ip to
> > connect with or somehow make the process repeating without dieing after
> > one attempt?
> >
> > 4) I'll think of another question soon enough but thanks for any help.
> >
> >
> > _______________________________________________
> > http://spool.metasploit.com/mailman/listinfo/framework
> >
> >     
>
>
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.metasploit.com/pipermail/framework/attachments/20080806/574fb844/attachment.htm>