infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed default read size for analuze, needs better logic 

Changed pattern_offset to work like 2.x - from lin0xx


git-svn-id: file:///home/svn/incoming/trunk@3608 4d416f70-5f16-0410-b530-b9f4589650da
unstable
HD Moore 2006-04-21 21:06:31 +00:00
parent 4a781e59cd
commit e439b5a32d
2 changed files with 10 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/rex/pescan/analyze.rb
View File

@ -52,7 +52,7 @@ module Analyze
config(param) config(param)
epa = pe.hdr.opt.AddressOfEntryPoint epa = pe.hdr.opt.AddressOfEntryPoint
buf = pe.read_rva(epa, 1024) buf = pe.read_rva(epa, 256)
@sigs.each_pair do |name, data| @sigs.each_pair do |name, data|
begin begin

13
tools/pattern_offset.rb
View File

@ -4,12 +4,17 @@ $:.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
require 'rex' require 'rex'
if ARGV.length < 2 if ARGV.length < 1
$stderr.puts("Usage: #{File.basename($0)} buffer [text/integer]") $stderr.puts("Usage: #{File.basename($0)} <searh item> <length of buffer>")
$stderr.puts("Default length of buffer if none is inserted: 8192")
$stderr.puts("This buffer is generated by pattern_create() in the Rex library automatically")
exit
end end
buffer = ARGV.shift value = ARGV.shift
value = ARGV.shift len = ARGV.shift || 8192
value = value.hex if (value.length >= 8 and value.hex > 0) value = value.hex if (value.length >= 8 and value.hex > 0)
buffer = Rex::Text.pattern_create(len.to_i)
puts Rex::Text.pattern_offset(buffer, value) puts Rex::Text.pattern_offset(buffer, value)