Vulnerability Development mailing list archives
Re: non-process-terminating shellcode
From: H D Moore <sflist () digitaloffense net>
Date: Tue, 12 Jun 2007 11:02:00 -0500
Many of the Metasploit Framework modules prevent the exploited process from terminating by calling ExitThread() after the shellcode completes. This can often allow you to exploit the same process, over and over again, and not crash it as long as your shellcode cleans up properly. Metasploit implements this by swapping out the function hash in the payload at runtime. When EXITFUNC is set to "thread", it uses ExitThread(), when it is "process", it uses ExitProcess(), and when it is set to "seh", it forces an exception (call 0x0 iirc). -HD On Tuesday 12 June 2007 10:20, Sanjay R wrote:
I am looking for some references for creating a shellcode that will not terminate the exploited application (process that being exploited) and on the same time, inject the payload that, for example, opens a shell. I shall be obliged for any help and further readings on this.
Current thread:
- non-process-terminating shellcode Sanjay R (Jun 12)
- Re: non-process-terminating shellcode H D Moore (Jun 12)