metasploit-framework/lib/rex/encoders/xor_dword.rb

33 lines
799 B
Ruby

#!/usr/bin/ruby
require 'rex/arch/x86'
require 'rex/encoder/xor/dword'
module Rex
module Encoders
# spoon's smaller variable-length encoder (updated to use call $+4 by vlad902)
class XorDword < Rex::Encoder::Xor::Dword
module Backend
def _prepend
# set the counter to the rounded up number of dwords to decode
Rex::Arch::X86.set(
Rex::Arch::X86::ECX,
(encoded.length - 1 >> 2) + 1,
badchars
) +
"\xe8\xff\xff\xff" + # call $+4
"\xff\xc0" + # inc eax
"\x5e" + # pop esi
"\x81\x76\x0e" + key + # xor_xor: xor [esi + 0x0e], $xorkey
"\x83\xee\xfc" + # sub esi, -4
"\xe2\xf4" # loop xor_xor
end
end
include Backend
end
end end