feat: refactor exit function handling to use block_api_hash

lib/msf/core/payload/windows.rb

@@ -22,30 +22,14 @@ module Msf::Payload::Windows
   #
   # ROR hash associations for some of the exit technique routines.
 
-  def self.exitfunc_helper(type)
-    iv = 0 if block_api_iv.nil?
-    case type
-    when 'seh'
-      return Rex::Text.block_api_hash("kernel32.dll", "SetUnhandledExceptionFilter", iv: iv).to_i(16)
-    when 'thread'
-      return Rex::Text.block_api_hash("kernel32.dll", "ExitThread", iv: iv).to_i(16)
-    when 'process'
-      return Rex::Text.block_api_hash("kernel32.dll", "ExitProcess", iv: iv).to_i(16)
-    when 'none'
-      return Rex::Text.block_api_hash("kernel32.dll", "GetLastError", iv: iv).to_i(16)
-    else
-      return 0
-    end
-  end
-
   @@exit_types =
     {
-      nil       => exitfunc_helper(nil),          # Default to nothing
-      ''        => exitfunc_helper(''),           # Default to nothing
-      'seh'     => exitfunc_helper('seh'),        # SetUnhandledExceptionFilter
-      'thread'  => exitfunc_helper('thread'),     # ExitThread
-      'process' => exitfunc_helper('process'),    # ExitProcess
-      'none'    => exitfunc_helper('none')        # GetLastError
+      nil       => 0,          # Default to nothing
+      ''        => 0,          # Default to nothing
+      'seh'     => Rex::Text.block_api_hash("kernel32.dll", "SetUnhandledExceptionFilter").to_i(16), # SetUnhandledExceptionFilter
+      'thread'  => Rex::Text.block_api_hash("kernel32.dll", "ExitThread").to_i(16), # ExitThread
+      'process' => Rex::Text.block_api_hash("kernel32.dll", "ExitProcess").to_i(16), # ExitProcess
+      'none'    => Rex::Text.block_api_hash("kernel32.dll", "GetLastError").to_i(16)  # GetLastError
     }
 
   #
@@ -100,7 +84,18 @@ module Msf::Payload::Windows
       method = datastore[name]
       method = 'thread' if (!method or @@exit_types.include?(method) == false)
 
-      raw[offset, 4] = [ @@exit_types[method] ].pack(pack || 'V')
+      if respond_to?(:block_api_hash)
+        exit_hash = block_api_hash('kernel32.dll', {
+          'seh'     => 'SetUnhandledExceptionFilter',
+          'thread'  => 'ExitThread',
+          'process' => 'ExitProcess',
+          'none'    => 'GetLastError'
+        }[method]).to_i(16)
+      else
+        exit_hash = @@exit_types[method]
+      end
+
+      raw[offset, 4] = [ exit_hash ].pack(pack || 'V')
 
       return true
     end

lib/msf/core/payload/windows/exitfunk.rb

@@ -18,7 +18,7 @@ module Payload::Windows::Exitfunk
 
     when 'seh'
       asm << %Q^
-        mov ebx, 0x#{Msf::Payload::Windows.exit_types['seh'].to_s(16)}
+        mov ebx, #{block_api_hash('kernel32.dll', 'SetUnhandledExceptionFilter')}
         push.i8 0              ; push the exit function parameter
         push ebx               ; push the hash of the exit function
         call ebp               ; SetUnhandledExceptionFilter(0)
@@ -32,7 +32,7 @@ module Payload::Windows::Exitfunk
 
     when 'thread'
       asm << %Q^
-        mov ebx, 0x#{Msf::Payload::Windows.exit_types['thread'].to_s(16)}
+        mov ebx, #{block_api_hash('kernel32.dll', 'ExitThread')}
         push #{block_api_hash("kernel32.dll", "GetVersion")}        ; hash( "kernel32.dll", "GetVersion" )
         call ebp               ; GetVersion(); (AL will = major version and AH will = minor version)
         cmp al, 6              ; If we are not running on Windows Vista, 2008 or 7
@@ -48,7 +48,7 @@ module Payload::Windows::Exitfunk
 
     when 'process', nil
       asm << %Q^
-        mov ebx, 0x#{Msf::Payload::Windows.exit_types['process'].to_s(16)}
+        mov ebx, #{block_api_hash('kernel32.dll', 'ExitProcess')}
         push.i8 0              ; push the exit function parameter
         push ebx               ; push the hash of the exit function
         call ebp               ; ExitProcess(0)

lib/msf/core/payload/windows/x64/exitfunk_x64.rb

@@ -23,7 +23,7 @@ module Payload::Windows::Exitfunk_x64
       asm << %Q^
         push 0                ;
         pop rcx               ; set the exit function parameter
-        mov ebx, 0x#{Msf::Payload::Windows.exit_types['seh'].to_s(16)}
+        mov ebx, #{block_api_hash('kernel32.dll', 'SetUnhandledExceptionFilter')}
         mov r10d, ebx         ; place the correct EXITFUNK into r10d
         call rbp              ; SetUnhandledExceptionFilter(0)
         push 0                ;
@@ -34,7 +34,7 @@ module Payload::Windows::Exitfunk_x64
       asm << %Q^
         push 0                ;
         pop rcx               ; set the exit function parameter
-        mov ebx, 0x#{Msf::Payload::Windows.exit_types['thread'].to_s(16)}
+        mov ebx, #{block_api_hash('kernel32.dll', 'ExitThread')}
         mov r10d, ebx         ; place the correct EXITFUNK into r10d
         call rbp              ; call EXITFUNK( 0 );
       ^