require 'msf/core'

module Msf
module Encoders
module Ia32

class JmpCallAdditive < Msf::Encoder::XorAdditiveFeedback

	def initialize
		super(
			'Name'             => 'Jump/Call XOR Additive Feedback Encoder',
			'Version'          => '$Revision$',
			'Description'      => 'Jump/Call XOR Additive Feedback',
			'Author'           => 'skape',
			'Arch'             => ARCH_IA32,
			'Decoder'          =>
				{
					'Stub'       => 
						"\xfc"                + # cld
						"\xbbXORK"            + # mov ebx, key
						"\xeb\x0c"            + # jmp short 0x14
						"\x5e"                + # pop esi
						"\x56"                + # push esi
						"\x31\x1e"            + # xor [esi], ebx
						"\xad"                + # lodsd
						"\x01\xc3"            + # add ebx, eax
						"\x85\xc0"            + # test eax, eax
						"\x75\xf7"            + # jnz 0xa
						"\xc3"                + # ret
						"\xe8\xef\xff\xff\xff", # call 0x8
					'KeyOffset' => 2,
					'KeySize'   => 4,
					'BlockSize' => 4,
				})
	end

end

end end end