infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

removed nasm calls inplace of metasm, cleaned up some formatting as well 

git-svn-id: file:///home/svn/framework3/trunk@12741 4d416f70-5f16-0410-b530-b9f4589650da
unstable
David Rude 2011-05-27 17:34:31 +00:00
parent a891d53be4
commit f92819e754
2 changed files with 31 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
lib/rex/pescan/scanner.rb
View File

@ -1,3 +1,5 @@
require 'metasm'
module Rex module Rex
module PeScan module PeScan
module Scanner module Scanner
@ -27,8 +29,15 @@ module Scanner
msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1] msg = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
$stdout.puts pe.ptr_s(vma) + " " + msg $stdout.puts pe.ptr_s(vma) + " " + msg
if(param['disasm']) if(param['disasm'])
::Rex::Assembly::Nasm.disassemble([msg].pack("H*")).split("\n").each do |line| insns = []
$stdout.puts "\t#{line.strip}" d2 = Metasm::Shellcode.decode(msg, Metasm::Ia32.new).disassembler
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (vma + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end end
end end
end end

34
lib/rex/pescan/search.rb
View File

@ -3,44 +3,50 @@ module PeScan
module Search module Search
require "rex/assembly/nasm" require "rex/assembly/nasm"
class DumpRVA class DumpRVA
attr_accessor :pe attr_accessor :pe
def initialize(pe) def initialize(pe)
self.pe = pe self.pe = pe
end end
def config(param) def config(param)
@address = pe.vma_to_rva(param['args']) @address = pe.vma_to_rva(param['args'])
end end
def scan(param) def scan(param)
config(param) config(param)
$stdout.puts "[#{param['file']}]" $stdout.puts "[#{param['file']}]"
# Adjust based on -A and -B flags # Adjust based on -A and -B flags
pre = param['before'] || 0 pre = param['before'] || 0
suf = param['after'] || 16 suf = param['after'] || 16
@address -= pre @address -= pre
@address = 0 if (@address < 0 || ! @address) @address = 0 if (@address < 0 || ! @address)
begin begin
buf = pe.read_rva(@address, suf) buf = pe.read_rva(@address, suf)
rescue ::Rex::PeParsey::WtfError rescue ::Rex::PeParsey::WtfError
return return
end end
$stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0] $stdout.puts pe.ptr_s(pe.rva_to_vma(@address)) + " " + buf.unpack("H*")[0]
if(param['disasm']) if(param['disasm'])
::Rex::Assembly::Nasm.disassemble(buf).split("\n").each do |line| insns = []
$stdout.puts "\t#{line.strip}" d2 = Metasm::Shellcode.decode(buf, Metasm::Ia32.new).disassembler
addr = 0
while ((di = d2.disassemble_instruction(addr)))
insns << di.instruction
disasm = "0x%08x\t" % (pe.rva_to_vma(@address) + addr)
disasm << di.instruction.to_s
$stdout.puts disasm
addr = di.next_addr
end end
end end
end
end
end end
class DumpOffset < DumpRVA class DumpOffset < DumpRVA
@ -50,7 +56,7 @@ module Search
rescue Rex::PeParsey::BoundsError rescue Rex::PeParsey::BoundsError
end end
end end
end end
end end
end end
end end