Metasploit mailing list archives
Re: Unencoded payload works fine, but encoded payload crashes.
From: scriptjunkie <scriptjunkie1 () googlemail com>
Date: Wed, 27 Jul 2011 16:34:08 -0500
That is because an encoded payload will modify itself to decode its inner payload. However, most compilers, and I assume MASM as well, marks the code section of the executable as EXECUTE_READ but if you want to modify that code directly, it must be writeable (EXECUTE_READWRITE). You will need to call VirtualProtect on your shellcode to mark the page with appropriate permissions first, or somehow otherwise copy it to an RWX page. Matt On Tue, Jul 26, 2011 at 10:10 PM, Jordan Trover <shurimaxx () hotmail com> wrote:
I didn't know where to ask for help on this, but I though here would be the best place to ask. I started learning MASM a few days ago, and I wanted to test executing some payloads from metasploit with masm. Here's the code: http://pastie.org/private/oyfaky8xttqllgfjlaopzg You can see there are two payloads there, the first one (commented) is an unencoded payload I generated with: ~$ msfpayload windows/exec CMD=calc.exe EXITFUNC=none C This one works fine, but when I try encoding the payload (the second uncommented payload in the code) with: ~$ msfpayload windows/exec CMD=calc.exe EXITFUNC=none R | msfencode -t c The compiled binary crashes when executing it. It seems to be because of a memory access violation. I loaded it into a debugger and the instruction where it crashes is : XOR DWORD PTR DS:[ESI+17],EAX But ESI is 00000000 at that moment. I hope someone could help me figure out how I can run the encoded payload just like I do with the normal unencoded version. Thanks. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
-- scriptjunkie http://www.scriptjunkie.us/ _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Unencoded payload works fine, but encoded payload crashes. Jordan Trover (Jul 26)
- Re: Unencoded payload works fine, but encoded payload crashes. scriptjunkie (Jul 27)