move encoders

git-svn-id: file:///home/svn/incoming/trunk@2495 4d416f70-5f16-0410-b530-b9f4589650da
2005-05-18 06:28:12 +00:00 · 2005-05-18 06:28:12 +00:00 · c3939483b7
parent 33cbb7c1c6
commit c3939483b7
1 changed files with 37 additions and 0 deletions
--- a/modules/encoders/x86/jmp_call_additive.rb
+++ b/modules/encoders/x86/jmp_call_additive.rb
@ -0,0 +1,37 @@
+require 'Msf'
+
+module Msf
+module Encoders
+module Generic
+module IA32
+
+class JmpCallAdditive < Msf::Encoder::XorAdditiveFeedback
+
+	def initialize
+		super(
+			'Name'             => 'Jump/Call XOR Additive Feedback',
+			'Version'          => '$Revision$',
+			'Description'      => 'Jump/Call XOR Additive Feedback',
+			'Author'           => 'skape',
+			'Arch'             => ARCH_IA32,
+			'DecoderStub'      => 
+				"\xfc"                + # cld
+				"\xbbXORK"            + # mov ebx, key
+				"\xeb\x0c"            + # jmp short 0x14
+				"\x5e"                + # pop esi
+				"\x56"                + # push esi
+				"\x31\x1e"            + # xor [esi], ebx
+				"\xad"                + # lodsd
+				"\x01\xc3"            + # add ebx, eax
+				"\x85\xc0"            + # test eax, eax
+				"\x75\xf7"            + # jnz 0xa
+				"\xc3"                + # ret
+				"\xe8\xef\xff\xff\xff", # call 0x8
+			'DecoderKeyOffset' => 2,
+			'DecoderKeySize'   => 4,
+			'DecoderBlockSize' => 4)
+	end
+
+end
+
+end end end end