From 25b60466ad7d82ba25bfa0721173a3175eccbc7a Mon Sep 17 00:00:00 2001
From: pusscat <>
Date: Mon, 24 Apr 2006 15:42:40 +0000
Subject: [PATCH] Fix ecx count Fix jle -> jge

git-svn-id: file:///home/svn/incoming/trunk@3614 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/rex/encoder/nonalpha.rb | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lib/rex/encoder/nonalpha.rb b/lib/rex/encoder/nonalpha.rb
index 13a1f788f0..b75de181b8 100644
--- a/lib/rex/encoder/nonalpha.rb
+++ b/lib/rex/encoder/nonalpha.rb
@@ -9,14 +9,15 @@ class NonAlpha
     
 	
 	def NonAlpha.gen_decoder()
-	    decoder = 
+	    decoder =
+            "\x66\xB9\xFF\xFF" +
             "\xEB\x19"  +               # Jmp to table
             "\x5E"      +               # pop esi
             "\x8B\xFE"  +               # mov edi, esi      - Get table addr
-            "\x8B\xD6"  +               # mov edx, edi      - Hold end of table ptr
             "\x83\xC7"  + "A" +         # add edi, tablelen - Get shellcode addr
-            "\x3B\xFA"  +               # cmp edx, edi
-            "\x7E\x0B"  +               # jle to end
+            "\x8B\xD7"  +               # mov edx, edi      - Hold end of table ptr
+            "\x3B\xF2"  +               # cmp esi, edx
+            "\x7D\x0B"  +               # jle to end
             "\xB0\x7B"  +               # mov eax, 0x7B     - Set up eax with magic
             "\xF2\xAE"  +               # repne scasb       - Find magic!
             "\xFF\xCF"  +               # dec edi           - scasb purs us one ahead