Re: non-process-terminating shellcode

[H D Moore <sflist () digitaloffense net>]

Many of the Metasploit Framework modules prevent the exploited process 
from terminating by calling ExitThread() after the shellcode completes. 
This can often allow you to exploit the same process, over and over 
again, and not crash it as long as your shellcode cleans up properly. 
Metasploit implements this by swapping out the function hash in the 
payload at runtime. When EXITFUNC is set to "thread", it uses 
ExitThread(), when it is "process", it uses ExitProcess(), and when it is 
set to "seh", it forces an exception (call 0x0 iirc).

-HD

On Tuesday 12 June 2007 10:20, Sanjay R wrote:
> I am looking for some references for creating a shellcode that will
> not terminate the exploited application (process that being exploited)
> and on the same time, inject the payload that, for example, opens a
> shell. I shall be obliged for any help and further readings on this.