Fix multiple occurrences of bad pack/unpack specifiers #3484
Conversation
Ruby treats endianess in pack operators in the opposite way
of python. For example, using pack('<I') actually ignores the
endianess specifier. These need to be 'I<' or better yet, 'V'.
The endian specify must occur after the pack specifier and
multiple instances in meterpreter and exe generation were
broken in thier usage.
The summary:
Instead of I/L or I< use V
Instead of I/L or I> use N
For Q, you need to always use Q< (LE) or Q> (BE)
For c/s/l/i and other lowercase variants, you probably dont
need or want a *signed* value, so stick with vV nN and cC.
Note that there are some cases of host-endian left, these are intentional because they operate on host-local memory or services. When in doubt, please use: ``` ri pack ```
|
Interesting test failure: The extra space between LSB/MSB and "executable" is what is causing this test failure. The "corrupted section header size" output in the output of master as well. I will double check that master generates the same binaries and then fix the spec instead. |
|
Master does indeed fail with the same spec error. It looks like a change to file(1) output. Correcting the spec but also spot checking the generated binaries in case the corruption section header size problem is valid. |
|
More proof that master was going to fail this spec and there are no changes to the resulting payloads: |
|
Maybe a note in hacking/contributing/wiki. Wasnt really aware of the issue |
|
@hmoore-r7 The corrupt header size warning is an artifact of how we build ELF files. The binaries should still work and produce sessions. |
|
Also, I really hate those file(1) specs, but we don't have any other reasonable means of ensuring that the generated output isn't completely insane. |
|
Have noticed Railgun uses Native Q: |
|
@hmoore-r7 do you have the regex for this to put into msftidy? |
These prevent Metasploit from working properly on big-endian architectures and a number of these have crept in over the years.