From 137b9c6cfb23e0d0bfd646ec40ce07d4a4e71b6f Mon Sep 17 00:00:00 2001
From: HD Moore <hd_moore@rapid7.com>
Date: Fri, 10 Oct 2008 02:22:20 +0000
Subject: [PATCH] Consistency fix

git-svn-id: file:///home/svn/framework3/trunk@5726 4d416f70-5f16-0410-b530-b9f4589650da
---
 msfmachscan | 92 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100755 msfmachscan

diff --git a/msfmachscan b/msfmachscan
new file mode 100755
index 0000000000..09ae1285c7
--- /dev/null
+++ b/msfmachscan
@@ -0,0 +1,92 @@
+#!/usr/bin/env ruby
+
+msfbase = File.symlink?(__FILE__) ? File.readlink(__FILE__) : __FILE__
+$:.unshift(File.join(File.dirname(msfbase), 'lib'))
+
+require 'rex/machparsey'
+require 'rex/machscan'
+require 'rex/arch/x86'
+require 'optparse'
+
+
+def opt2i(o)
+		o.index("0x")==0 ? o.hex : o.to_i
+end
+
+opt = OptionParser.new
+
+opt.banner = "Usage: #{$PROGRAM_NAME} [mode] <options> [targets]"
+opt.separator('')
+opt.separator('Modes:')
+
+worker = nil
+param = {}
+
+opt.on('-j', '--jump [regA,regB,regC]', 'Search for jump equivalent instructions') do |t|
+	# take csv of register names (like eax,ebx) and convert
+	# them to an array of register numbers
+	regnums = t.split(',').collect { |o| Rex::Arch::X86.reg_number(o) }
+	worker = Rex::MachScan::Scanner::JmpRegScanner
+	param['args'] = regnums
+end
+
+opt.on('-p', '--poppopret', 'Search for pop+pop+ret combinations') do |t|
+	worker = Rex::MachScan::Scanner::PopPopRetScanner
+	param['args'] = t
+end
+
+opt.on('-r', '--regex [regex]', 'Search for regex match') do |t|
+	worker = Rex::MachScan::Scanner::RegexScanner
+	param['args'] = t
+end
+
+opt.separator('')
+opt.separator('Options:')
+
+opt.on('-A', '--after [bytes]', 'Number of bytes to show after match (-a/-b)') do |t|
+	param['after'] = opt2i(t)
+end
+
+opt.on('-B', '--before [bytes]', 'Number of bytes to show before match (-a/-b)') do |t|
+	param['before'] = opt2i(t)
+end
+
+opt.on('-I', '--image-base [address]', 'Specify an alternate ImageBase') do |t|
+	param['imagebase'] = opt2i(t)
+end
+
+opt.on_tail("-h", "--help", "Show this message") do
+	puts opt
+	exit(0)
+end
+
+opt.parse!
+
+if (! worker)
+	puts opt
+	exit(0)
+end
+
+ARGV.each do |file|
+
+	param['file'] = file
+
+	begin
+		mach = Rex::MachParsey::Mach.new_from_file(file, true)
+		o = worker.new(mach)
+		o.scan(param)
+		mach.close
+	rescue Rex::MachParsey::MachHeaderError
+		$stderr.puts("File is not a Mach-O binary, trying Fat..\n")
+		fat = Rex::MachParsey::Fat.new_from_file(file, true)
+		o = worker.new(fat)
+		o.scan(param)
+		fat.close
+	rescue Errno::ENOENT
+		$stderr.puts("File does not exist: #{file}")
+		next
+	end
+end
+
+#end
+