Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / usr / lib / metasploit / encoders / PexFnstenvSub.pm < prev next >

Wrap

Perl POD Document | 2006-06-30 | 1.8 KB | 59 lines

## # This file is part of the Metasploit Framework and may be redistributed # according to the licenses defined in the Authors field below. In the # case of an unknown or missing license, this file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest # version of the Framework can always be obtained from metasploit.com. ## package Msf::Encoder::PexFnstenvSub; use strict; use base 'Msf::Encoder::XorDword'; use Pex::Encoder; use Pex::x86; my $advanced = { }; my $info = { 'Name' => 'Pex Variable Length Fnstenv/sub Double Word Xor Encoder', 'Version' => '$Revision: 1.15 $', 'Authors' => [ 'spoonm <ninjatools [at] hush.com>', ], 'Arch' => [ 'x86' ], 'OS' => [ ], 'Description' => 'Variable-length fnstenv/sub dword xor encoder', 'Refs' => [ ], }; sub new { my $class = shift; return($class->SUPER::new({'Info' => $info, 'Advanced' => $advanced}, @_)); } # w00t http://archives.neohapsis.com/archives/vuln-dev/2003-q4/0096.html # This is useful if you have a BadChar of say 0xff, and your payload is small (or insanely large) # enough to not have 0xff in your payload, which is realistic (<= 512 && > 4) sub _GenEncoder { my $self = shift; my $xor = shift; my $len = shift; my $badchars = shift; my $xorkey = pack('V', $xor); # spoon's smaller variable-length fnstenv encoder my $decoder = Pex::x86::Sub(-((($len - 1) / 4) + 1), "ecx", $badchars). "\xd9\xee". # fldz "\xd9\x74\x24\xf4". # fnstenv [esp - 12] "\x5b". # pop ebx "\x81\x73\x13". $xorkey . # xor_xor: xor DWORD [ebx + 22], xorkey "\x83\xeb\xfc". # sub ebx,-4 "\xe2\xf4"; # loop xor_xor return $decoder; } 1;