infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modified the manner in which set and clear worked to make them more interconnected 

and better!


git-svn-id: file:///home/svn/incoming/trunk@3356 4d416f70-5f16-0410-b530-b9f4589650da
unstable
vlad902 2006-01-09 02:07:56 +00:00
parent 953cbe0f20
commit 9e4530ff30
2 changed files with 19 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/rex/arch/x86.rb
View File

@ -142,12 +142,7 @@ module X86
# #
def self.clear(reg, badchars = '') def self.clear(reg, badchars = '')
_check_reg(reg) _check_reg(reg)
opcodes = Rex::Text.remove_badchars("\x29\x2b\x31\x33", badchars) return set(reg, 0, badchars)
if opcodes.empty?
raise RuntimeError, "Could not find a usable opcode", caller()
end
return opcodes[rand(opcodes.length)].chr + encode_modrm(reg, reg)
end end
# #
@ -188,25 +183,35 @@ module X86
def self.set(dst, val, badchars = '') def self.set(dst, val, badchars = '')
_check_reg(dst) _check_reg(dst)
# try push BYTE val; pop dst # If the value is 0 try xor/sub dst, dst (2 bytes)
if(val == 0)
opcodes = Rex::Text.remove_badchars("\x29\x2b\x31\x33", badchars)
if !opcodes.empty?
return opcodes[rand(opcodes.length)].chr + encode_modrm(dst, dst)
end
end
# try push BYTE val; pop dst (3 bytes)
begin begin
return _check_badchars(push_byte(val) + pop_dword(dst), badchars) return _check_badchars(push_byte(val) + pop_dword(dst), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end
# try clear dst, mov BYTE dst # try clear dst, mov BYTE dst (4 bytes)
begin begin
return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars) return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end
# TODO: Use add...
# TODO: Use clear dst, mov BYTE dst, add
# try clear dst, mov WORD dst # try clear dst, mov WORD dst (6 bytes)
begin begin
return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars) return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end
# try clear dst, mov DWORD dst # try clear dst, mov DWORD dst (7 bytes)
begin begin
return _check_badchars(clear(dst, badchars) + mov_dword(dst, val), badchars) return _check_badchars(clear(dst, badchars) + mov_dword(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError

4
lib/rex/arch/x86.rb.ut.rb
View File

@ -66,6 +66,10 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
assert_equal("\x81\xc4\x11\x11\x01\x00", Klass.add(0x11111, Klass::ESP, '', true)) assert_equal("\x81\xc4\x11\x11\x01\x00", Klass.add(0x11111, Klass::ESP, '', true))
end end
def test_clear
assert_equal("\x33\xc0", Klass.clear(Klass::EAX, "\x27\x29\x31"))
end
def test_searcher def test_searcher
s = "\xbe"+ # mov esi, Tag - 1 s = "\xbe"+ # mov esi, Tag - 1
"\x03\x03\x02\x01"+ "\x03\x03\x02\x01"+