explain how to craft FEALIST for eternalblue exploit

eternalblue_exploit7.py

@@ -20,29 +20,7 @@ Reference:
 
 Bug detail:
 - For the buffer overflow bug detail, please see http://blogs.360.cn/360safe/2017/04/17/nsa-eternalblue-smb/
-- For other bugs defailt, see BUG.txt
-- Here is related struct info.
-#####
-typedef struct _FEA {   /* fea */
-	BYTE fEA;        /* flags                              */
-	BYTE cbName;     /* name length not including NULL */
-	USHORT cbValue;  /* value length */
-} FEA, *PFEA;
-
-typedef struct _FEALIST {    /* feal */
-	DWORD cbList;   /* total bytes of structure including full list */
-	FEA list[1];    /* variable length FEA structures */
-} FEALIST, *PFEALIST;
-
-typedef struct _FILE_FULL_EA_INFORMATION {
-  ULONG  NextEntryOffset;
-  UCHAR  Flags;
-  UCHAR  EaNameLength;
-  USHORT EaValueLength;
-  CHAR   EaName[1];
-} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
-
-- The exploit also use other 2 bugs
+- The exploit also use other 2 bugs (see details in BUG.txt)
   - Send a large transaction with SMB_COM_NT_TRANSACT but processed as SMB_COM_TRANSACTION2 (requires for trigger bug)
   - Send special session setup command (SMB login command) to allocate big nonpaged pool (use for creating hole)
 ######
@@ -86,6 +64,8 @@ Shellcode note:
 - Then, using APC in Process context to get code execution in userland (ring 3)
 '''
 
+# Note: see how to craft FEALIST in eternalblue_poc.py
+
 # wanted overflown buffer size (this exploit support only 0x10000 and 0x11000)
 # the size 0x10000 is easier to debug when setting breakpoint in SrvOs2FeaToNt() because it is called only 2 time
 # the size 0x11000 is used in nsa exploit. this size is more reliable.