Module: Rex::Encoders::XorDwordAdditive::Backend

Included in:

Rex::Encoders::XorDwordAdditive

Defined in:

lib/rex/encoders/xor_dword_additive.rb

Instance Method Summary

• #_prepend ⇒ Object
• #_unencoded_transform(data) ⇒ Object

Instance Method Details

#_prepend ⇒ Object

# File 'lib/rex/encoders/xor_dword_additive.rb', line 34

def _prepend
  "\xfc"                + # cld
  "\xbb" + key          + # mov ebx, key
  "\xeb\x0c"            + # jmp short 0x14
  "\x5e"                + # pop esi
  "\x56"                + # push esi
  "\x31\x1e"            + # xor [esi], ebx
  "\xad"                + # lodsd
  "\x01\xc3"            + # add ebx, eax
  "\x85\xc0"            + # test eax, eax
  "\x75\xf7"            + # jnz 0xa
  "\xc3"                + # ret
  "\xe8\xef\xff\xff\xff"  # call 0x8
end

#_unencoded_transform(data) ⇒ Object

# File 'lib/rex/encoders/xor_dword_additive.rb', line 18

def _unencoded_transform(data)
  # check for any dword aligned zeros that would falsely terminate the decoder
  idx = 0
  while true
    idx = data.index("\x00\x00\x00\x00", idx)
    break if !idx
    if idx & 3 == 0
      raise RuntimeError, "Unencoded data cannot have a dword aligned 0 dword!", caller()
    end
    idx += 1
  end

  # pad to a dword boundary and append null dword for termination
  data = data + ("\x00" * ((4 - data.length & 3) & 3)) + "\x00\x00\x00\x00"
end