From 5cee818623bae9b8c5f564308ea35729c1ad5e3e Mon Sep 17 00:00:00 2001
From: Matt Miller <mmiller@hick.org>
Date: Wed, 18 Jan 2006 15:43:48 +0000
Subject: [PATCH] poly encoder fixes

git-svn-id: file:///home/svn/incoming/trunk@3406 4d416f70-5f16-0410-b530-b9f4589650da
---
 lib/rex/poly.rb                           | 5 +++++
 modules/encoders/x86/jmp_call_additive.rb | 6 +++---
 modules/encoders/x86/shikata_ga_nai.rb    | 6 +++---
 3 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/lib/rex/poly.rb b/lib/rex/poly.rb
index df32d6affd..017eef068d 100644
--- a/lib/rex/poly.rb
+++ b/lib/rex/poly.rb
@@ -28,6 +28,11 @@ class State
 	# beginning and destroying any block generation state.
 	#
 	def reset
+		# Reset the generation flag on any blocks in the block list
+		@block_list.each { |block|
+			block[0].generated = false
+		} if (@block_list)
+
 		@regnums     = Hash.new
 		@buffer      = ''
 		@block_list  = []
diff --git a/modules/encoders/x86/jmp_call_additive.rb b/modules/encoders/x86/jmp_call_additive.rb
index fbb85e1d92..a4b26bbec2 100644
--- a/modules/encoders/x86/jmp_call_additive.rb
+++ b/modules/encoders/x86/jmp_call_additive.rb
@@ -44,7 +44,7 @@ class JmpCallAdditive < Msf::Encoder::XorAdditiveFeedback
 	#
 	def decoder_stub(state)
 		if (state.decoder_stub == nil)
-			block = generate_decoder_stub
+			block = generate_decoder_stub(state)
 			state.decoder_key_offset = block.index('XORK')
 			state.decoder_stub = block
 		end
@@ -64,7 +64,7 @@ protected
 	#
 	# Does the actual stub generation.
 	#
-	def generate_decoder_stub
+	def generate_decoder_stub(state)
 		key_reg  = Rex::Poly::LogicalRegister::X86.new('key')
 		endb     = Rex::Poly::SymbolicBlock::End.new
 		cld      = Rex::Poly::LogicalBlock.new('cld', "\xfc")
@@ -108,7 +108,7 @@ protected
 		jmp.generate([ 
 			Rex::Arch::X86::ESP, 
 			Rex::Arch::X86::EAX, 
-			Rex::Arch::X86::ESI ])
+			Rex::Arch::X86::ESI ], nil, state.badchars)
 	end
 
 end
diff --git a/modules/encoders/x86/shikata_ga_nai.rb b/modules/encoders/x86/shikata_ga_nai.rb
index 015d38b319..49032fec8c 100644
--- a/modules/encoders/x86/shikata_ga_nai.rb
+++ b/modules/encoders/x86/shikata_ga_nai.rb
@@ -38,7 +38,7 @@ class ShikataGaNai < Msf::Encoder::XorAdditiveFeedback
 		# If the decoder stub has not already been generated for this state, do
 		# it now.  The decoder stub method may be called more than once.
 		if (state.decoder_stub == nil)
-			block = generate_shikata_block(state.buf.length + 4)
+			block = generate_shikata_block(state, state.buf.length + 4)
 
 			# Set the state specific key offset to wherever the XORK ended up.
 			state.decoder_key_offset = block.index('XORK')
@@ -87,7 +87,7 @@ protected
 	# Returns a polymorphic decoder stub that is capable of decoding a buffer
 	# of the supplied length.
 	#
-	def generate_shikata_block(length)
+	def generate_shikata_block(state, length)
 		# Declare logical registers
 		count_reg = Rex::Poly::LogicalRegister::X86.new('count', 'ecx')
 		addr_reg  = Rex::Poly::LogicalRegister::X86.new('addr')
@@ -165,7 +165,7 @@ protected
 		# Generate a permutation saving the ECX and ESP registers
 		loop_inst.generate([
 			Rex::Arch::X86::ESP,
-			Rex::Arch::X86::ECX ])
+			Rex::Arch::X86::ECX ], nil, state.badchars)
 	end
 
 end