[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: non-process-terminating shellcode
Many of the Metasploit Framework modules prevent the exploited process
from terminating by calling ExitThread() after the shellcode completes.
This can often allow you to exploit the same process, over and over
again, and not crash it as long as your shellcode cleans up properly.
Metasploit implements this by swapping out the function hash in the
payload at runtime. When EXITFUNC is set to "thread", it uses
ExitThread(), when it is "process", it uses ExitProcess(), and when it is
set to "seh", it forces an exception (call 0x0 iirc).
On Tuesday 12 June 2007 10:20, Sanjay R wrote:
> I am looking for some references for creating a shellcode that will
> not terminate the exploited application (process that being exploited)
> and on the same time, inject the payload that, for example, opens a
> shell. I shall be obliged for any help and further readings on this.