From d494cf7f81d8e544ae1f1d6f77a58af493b2c1eb Mon Sep 17 00:00:00 2001
From: dledda-r7 <diego_ledda@rapid7.com>
Date: Thu, 28 Aug 2025 13:36:20 -0400
Subject: [PATCH 1/2] fix: update exe service templates to support stageless
 payloads

---
 lib/msf/util/exe.rb | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 7d7b6c6fb9a21..78624f1e06d55 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -708,7 +708,31 @@ def self.to_win64pe_service(framework, code, opts = {})
     # Allow the user to specify their own service EXE template
     set_template_default(opts, "template_x64_windows_svc.exe")
     opts[:exe_type] = :service_exe
-    exe_sub_method(code,opts)
+    if code.length >= 8192
+      # Try to inject code into executable by adding a section without affecting executable behavior
+      if opts[:inject]
+        injector = Msf::Exe::SegmentInjector.new({
+         :payload  => code,
+         :template => opts[:template],
+         :arch     => :x64,
+         :secname  => opts[:secname]
+        })
+        pe = injector.generate_pe
+      else
+        # Append a new section instead
+        appender = Msf::Exe::SegmentAppender.new({
+          :payload  => code,
+          :template => opts[:template],
+          :arch     => :x64,
+          :secname	=> opts[:secname]
+        })
+        pe =  appender.generate_pe
+      end
+      
+      return pe
+    else
+      return exe_sub_method(code,opts)
+    end
   end
 
   # self.set_template_default_winpe_dll

From 1f1c60f3a8d8f055a1d8e28925cdaf5d552bb520 Mon Sep 17 00:00:00 2001
From: dledda-r7 <diego_ledda@rapid7.com>
Date: Wed, 3 Sep 2025 11:15:54 -0400
Subject: [PATCH 2/2] fix: remove sub technique for exe service generation

---
 lib/msf/util/exe.rb | 41 ++++++++++++++++++-----------------------
 1 file changed, 18 insertions(+), 23 deletions(-)

diff --git a/lib/msf/util/exe.rb b/lib/msf/util/exe.rb
index 78624f1e06d55..5a86f3c55e098 100644
--- a/lib/msf/util/exe.rb
+++ b/lib/msf/util/exe.rb
@@ -708,31 +708,26 @@ def self.to_win64pe_service(framework, code, opts = {})
     # Allow the user to specify their own service EXE template
     set_template_default(opts, "template_x64_windows_svc.exe")
     opts[:exe_type] = :service_exe
-    if code.length >= 8192
-      # Try to inject code into executable by adding a section without affecting executable behavior
-      if opts[:inject]
-        injector = Msf::Exe::SegmentInjector.new({
-         :payload  => code,
-         :template => opts[:template],
-         :arch     => :x64,
-         :secname  => opts[:secname]
-        })
-        pe = injector.generate_pe
-      else
-        # Append a new section instead
-        appender = Msf::Exe::SegmentAppender.new({
-          :payload  => code,
-          :template => opts[:template],
-          :arch     => :x64,
-          :secname	=> opts[:secname]
-        })
-        pe =  appender.generate_pe
-      end
-      
-      return pe
+    # Try to inject code into executable by adding a section without affecting executable behavior
+    if opts[:inject]
+      injector = Msf::Exe::SegmentInjector.new({
+        :payload  => code,
+        :template => opts[:template],
+        :arch     => :x64,
+        :secname  => opts[:secname]
+      })
+      pe = injector.generate_pe
     else
-      return exe_sub_method(code,opts)
+      # Append a new section instead
+      appender = Msf::Exe::SegmentAppender.new({
+        :payload  => code,
+        :template => opts[:template],
+        :arch     => :x64,
+        :secname	=> opts[:secname]
+      })
+      pe =  appender.generate_pe
     end
+    return pe
   end
 
   # self.set_template_default_winpe_dll