Method: Rex::Encoder::Alpha2::UnicodeUpper.gen_decoder_prefix

Defined in:: lib/rex/encoder/alpha2/unicode_upper.rb

.gen_decoder_prefix(reg, offset) ⇒ `Object`

# File 'lib/rex/encoder/alpha2/unicode_upper.rb', line 17

def self.gen_decoder_prefix(reg, offset)
  if (offset > 6)
    raise "Critical: Offset is greater than 6"
  end

  # offset untested for unicode :(
  if (offset <= 4)
    nop = 'CP' * offset
    mod = 'IA' * (4 - offset) + nop    # dec ecx,,, push ecx, pop edx
  else
    mod = 'AA' * (offset - 4)          # inc ecx
    nop = 'CP' * (4 - mod.length)
    mod += nop
  end

  regprefix = {                      # nops ignored below
    'EAX'   => 'PPYA' + mod,        # push eax, pop ecx
    'ECX'   =>  mod + '4444',       # dec ecx
    'EDX'   => 'RRYA' + mod,        # push edx, pop ecx
    'EBX'   => 'SSYA' + mod,        # push ebx, pop ecx
    'ESP'   => 'TUYA' + mod,        # push esp, pop ecx
    'EBP'   => 'UUYA' + mod,        # push ebp, pop ecx
    'ESI'   => 'VVYA' + mod,        # push esi, pop ecx
    'EDI'   => 'WWYA' + mod,        # push edi, pop edi
    '[ESP]' => 'YA' + mod + '44',   #
    '[ESP+4]' => 'YUYA' + mod,      #
  }

  return regprefix[reg]
end

Method: Rex::Encoder::Alpha2::UnicodeUpper.gen_decoder_prefix

.gen_decoder_prefix(reg, offset) ⇒ Object

.gen_decoder_prefix(reg, offset) ⇒ `Object`