Module: Rex::Encoders::XorDwordAdditive::Backend

Included in:

Rex::Encoders::XorDwordAdditive

Defined in:

lib/rex/encoders/xor_dword_additive.rb

Instance Method Summary

• #_prepend ⇒ Object
• #_unencoded_transform(data) ⇒ Object

Instance Method Details

#_prepend ⇒ Object

# File 'lib/rex/encoders/xor_dword_additive.rb', line 34

def _prepend
	"\xfc"                + # cld
	"\xbb" + key          + # mov ebx, key
	"\xeb\x0c"            + # jmp short 0x14
	"\x5e"                + # pop esi
	"\x56"                + # push esi
	"\x31\x1e"            + # xor [esi], ebx
	"\xad"                + # lodsd
	"\x01\xc3"            + # add ebx, eax
	"\x85\xc0"            + # test eax, eax
	"\x75\xf7"            + # jnz 0xa
	"\xc3"                + # ret
	"\xe8\xef\xff\xff\xff"  # call 0x8
end

#_unencoded_transform(data) ⇒ Object

# File 'lib/rex/encoders/xor_dword_additive.rb', line 18

def _unencoded_transform(data)
	# check for any dword aligned zeros that would falsely terminate the decoder
	idx = 0
	while true
		idx = data.index("\x00\x00\x00\x00", idx)
		break if !idx
		if idx & 3 == 0
			raise RuntimeError, "Unencoded data cannot have a dword aligned 0 dword!", caller()
		end
		idx += 1
	end

	# pad to a dword boundary and append null dword for termination
	data = data + ("\x00" * ((4 - data.length & 3) & 3)) + "\x00\x00\x00\x00"
end