Add functionality to self.set and fix a recursion bug (introduced by me, d'oh)
git-svn-id: file:///home/svn/incoming/trunk@3370 4d416f70-5f16-0410-b530-b9f4589650daunstable
vlad902
parent
679d192173
commit
e9c3b312d6
|
|
@ -128,6 +128,13 @@ module X86
|
|||
raise ::ArgumentError, "Can only take signed byte values!", caller()
|
||||
end
|
||||
|
||||
#
|
||||
# This method generates a push dword instruction.
|
||||
#
|
||||
def self.push_dword(val)
|
||||
return "\x68" + [ val ].pack('V')
|
||||
end
|
||||
|
||||
#
|
||||
# This method generates a pop dword instruction into a register.
|
||||
#
|
||||
|
|
@ -180,6 +187,8 @@ module X86
|
|||
# This method is a general way of setting a register to a value. Depending
|
||||
# on the value supplied, different sets of instructions may be used.
|
||||
#
|
||||
# TODO: Make this moderatly intelligent so it chain instructions by itself
|
||||
# (ie. xor eax, eax + mov al, 4 + xchg ah, al)
|
||||
def self.set(dst, val, badchars = '')
|
||||
_check_reg(dst)
|
||||
|
||||
|
|
@ -189,6 +198,8 @@ module X86
|
|||
if !opcodes.empty?
|
||||
return opcodes[rand(opcodes.length)].chr + encode_modrm(dst, dst)
|
||||
end
|
||||
# TODO: SHL/SHR
|
||||
# TODO: AND
|
||||
end
|
||||
|
||||
# try push BYTE val; pop dst (3 bytes)
|
||||
|
|
@ -199,21 +210,27 @@ module X86
|
|||
|
||||
# try clear dst, mov BYTE dst (4 bytes)
|
||||
begin
|
||||
break if val == 0
|
||||
return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars)
|
||||
rescue ::ArgumentError, RuntimeError, RangeError
|
||||
end
|
||||
# TODO: Use add...
|
||||
# TODO: Use clear dst, mov BYTE dst, add
|
||||
|
||||
# try clear dst, mov WORD dst (6 bytes)
|
||||
# try mov DWORD dst (5 bytes)
|
||||
begin
|
||||
return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars)
|
||||
return _check_badchars(mov_dword(dst, val), badchars)
|
||||
rescue ::ArgumentError, RuntimeError, RangeError
|
||||
end
|
||||
|
||||
# try clear dst, mov DWORD dst (7 bytes)
|
||||
# try push DWORD, pop dst (6 bytes)
|
||||
begin
|
||||
return _check_badchars(clear(dst, badchars) + mov_dword(dst, val), badchars)
|
||||
return _check_badchars(push_dword(val) + pop_dword(dst), badchars)
|
||||
rescue ::ArgumentError, RuntimeError, RangeError
|
||||
end
|
||||
|
||||
# try clear dst, mov WORD dst (6 bytes)
|
||||
begin
|
||||
break if val == 0
|
||||
return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars)
|
||||
rescue ::ArgumentError, RuntimeError, RangeError
|
||||
end
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,10 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
|
|||
assert_equal("\x6a\xff", Klass.push_byte(-1))
|
||||
end
|
||||
|
||||
def test_push_dword
|
||||
assert_equal("\x68\x78\x56\x34\x12", Klass.push_dword(0x12345678))
|
||||
end
|
||||
|
||||
def test_mov_dword
|
||||
assert_equal("\xb8\x78\x56\x34\x12", Klass.mov_dword(Klass::EAX, 0x12345678))
|
||||
end
|
||||
|
|
@ -67,7 +71,7 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
|
|||
end
|
||||
|
||||
def test_clear
|
||||
assert_equal("\x33\xc0", Klass.clear(Klass::EAX, "\x27\x29\x31"))
|
||||
assert_equal("\x33\xc0", Klass.clear(Klass::EAX, "\x29\x2b\x31"))
|
||||
end
|
||||
|
||||
def test_searcher
|
||||
|
|
|
|||
Loading…
Reference in New Issue