Class Rex::Exploitation::Seh
In: lib/rex/exploitation/seh.rb
Parent: Object

This class provides methods for generating SEH registration records in a dynamic and flexible fashion. The records can be generated with the short jump at a random offset into the next pointer and with random padding in between the handler and the attacker‘s payload.

Methods

generate_dynamic_seh_record   generate_seh_record   generate_static_seh_record   new  

Public Class methods

new(badchars = nil, space = nil, nop = nil)

Creates a new instance of the class and initializes it with the supplied bad character list. The space argument denotes how much room is available for random padding and the NOP argument can be used to generate a random NOP sled that is better than 0x90.

Public Instance methods

generate_dynamic_seh_record(handler)

Generates a fake SEH registration record with the supplied handler address for the handler, and a nop generator to use when generating padding inside the next pointer. The NOP generator must implement the ‘generate_sled’ method that takes a length and a list of bad characters.

generate_static_seh_record(handler)

Generates a static SEH registration record with a specific handler and next pointer.

[Validate]