infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add functionality to self.set and fix a recursion bug (introduced by me, d'oh) 

git-svn-id: file:///home/svn/incoming/trunk@3370 4d416f70-5f16-0410-b530-b9f4589650da
unstable
vlad902 2006-01-14 17:45:42 +00:00
parent 679d192173
commit e9c3b312d6
2 changed files with 28 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/rex/arch/x86.rb
View File

@ -128,6 +128,13 @@ module X86
raise ::ArgumentError, "Can only take signed byte values!", caller() raise ::ArgumentError, "Can only take signed byte values!", caller()
end end
#
# This method generates a push dword instruction.
#
def self.push_dword(val)
return "\x68" + [ val ].pack('V')
end
# #
# This method generates a pop dword instruction into a register. # This method generates a pop dword instruction into a register.
# #
@ -180,6 +187,8 @@ module X86
# This method is a general way of setting a register to a value. Depending # This method is a general way of setting a register to a value. Depending
# on the value supplied, different sets of instructions may be used. # on the value supplied, different sets of instructions may be used.
# #
# TODO: Make this moderatly intelligent so it chain instructions by itself
# (ie. xor eax, eax + mov al, 4 + xchg ah, al)
def self.set(dst, val, badchars = '') def self.set(dst, val, badchars = '')
_check_reg(dst) _check_reg(dst)
@ -189,6 +198,8 @@ module X86
if !opcodes.empty? if !opcodes.empty?
return opcodes[rand(opcodes.length)].chr + encode_modrm(dst, dst) return opcodes[rand(opcodes.length)].chr + encode_modrm(dst, dst)
end end
# TODO: SHL/SHR
# TODO: AND
end end
# try push BYTE val; pop dst (3 bytes) # try push BYTE val; pop dst (3 bytes)
@ -199,21 +210,27 @@ module X86
# try clear dst, mov BYTE dst (4 bytes) # try clear dst, mov BYTE dst (4 bytes)
begin begin
break if val == 0
return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars) return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end
# TODO: Use add...
# TODO: Use clear dst, mov BYTE dst, add
# try clear dst, mov WORD dst (6 bytes) # try mov DWORD dst (5 bytes)
begin begin
return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars) return _check_badchars(mov_dword(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end
# try clear dst, mov DWORD dst (7 bytes) # try push DWORD, pop dst (6 bytes)
begin begin
return _check_badchars(clear(dst, badchars) + mov_dword(dst, val), badchars) return _check_badchars(push_dword(val) + pop_dword(dst), badchars)
rescue ::ArgumentError, RuntimeError, RangeError
end
# try clear dst, mov WORD dst (6 bytes)
begin
break if val == 0
return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars)
rescue ::ArgumentError, RuntimeError, RangeError rescue ::ArgumentError, RuntimeError, RangeError
end end

6
lib/rex/arch/x86.rb.ut.rb
View File

@ -22,6 +22,10 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
assert_equal("\x6a\xff", Klass.push_byte(-1)) assert_equal("\x6a\xff", Klass.push_byte(-1))
end end
def test_push_dword
assert_equal("\x68\x78\x56\x34\x12", Klass.push_dword(0x12345678))
end
def test_mov_dword def test_mov_dword
assert_equal("\xb8\x78\x56\x34\x12", Klass.mov_dword(Klass::EAX, 0x12345678)) assert_equal("\xb8\x78\x56\x34\x12", Klass.mov_dword(Klass::EAX, 0x12345678))
end end
@ -67,7 +71,7 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
end end
def test_clear def test_clear
assert_equal("\x33\xc0", Klass.clear(Klass::EAX, "\x27\x29\x31")) assert_equal("\x33\xc0", Klass.clear(Klass::EAX, "\x29\x2b\x31"))
end end
def test_searcher def test_searcher