librex 0.0.65 → 0.0.66

data/README.markdown

@@ -4,7 +4,7 @@ An re-packaging of the Rex library included in the Metasploit Framework for use
 made official by the Rapid7 development team. The upstream of this package is the rex subdirectory of https://github.com/rapid7/metasploit-framework
 
 Currently based on:
-SVN Revision: 14335
+SVN Revision: 15601
 
 # Notes
 

data/lib/rex/arch.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/constants'
 
 module Rex

data/lib/rex/arch/sparc.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 module Rex
 module Arch
@@ -21,17 +22,17 @@ module Sparc
 			'l4' => 20, 'l5' => 21, 'l6' => 22, 'l7' => 23,
 			'i0' => 24, 'i1' => 25, 'i2' => 26, 'i3' => 27,
 			'i4' => 28, 'i5' => 29, 'i6' => 30, 'i7' => 31,
-			'sp' => 14, 'fp' => 30, 
+			'sp' => 14, 'fp' => 30,
 		} # :nodoc:
 
 	#
 	# Encodes a SETHI instruction with the value 'constant' being put into 'dst' register
 	#
-	def self.sethi(constant, dst) 
-		[ 
-		  (RegisterNumber[dst] << 25) | 
-		  (4 << 22) | 
-		  (constant >> 10)
+	def self.sethi(constant, dst)
+		[
+			(RegisterNumber[dst] << 25) |
+			(4 << 22) |
+			(constant >> 10)
 		].pack('N')
 	end
 
@@ -39,18 +40,18 @@ module Sparc
 	# Encodes an OR instruction with the value 'constant' being OR'ed with the 'src' register into the 'dst' register
 	#
 	def self.ori(src, constant, dst)
-		[ 
-		  (2 << 30) | 
-		  (RegisterNumber[dst] << 25) | 
-		  (2 << 19) | 
-		  (RegisterNumber[src] << 14) | 
-		  (1 << 13) | 
-		  (constant & 0x1fff)
+		[
+			(2 << 30) |
+			(RegisterNumber[dst] << 25) |
+			(2 << 19) |
+			(RegisterNumber[src] << 14) |
+			(1 << 13) |
+			(constant & 0x1fff)
 		].pack('N')
 	end
 
 	#
-	# Puts 'constant' into the 'dst' register using as few instructions as possible by checking the size of the value. 
+	# Puts 'constant' into the 'dst' register using as few instructions as possible by checking the size of the value.
 	# XXX: signedness support
 	#
 	def self.set(constant, dst)
@@ -72,4 +73,4 @@ module Sparc
 
 end
 
-end end
+end end

data/lib/rex/arch/sparc.rb.ut.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 $:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
 
@@ -15,4 +16,4 @@ class Rex::Arch::Sparc::UnitTest < ::Test::Unit::TestCase
 		assert_equal("\x09\x00\x00\x08\x88\x11\x22\x22", Klass.set(0x2222, 'g4'))
 	end
 
-end
+end

data/lib/rex/arch/x86.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 module Rex
 module Arch

data/lib/rex/arch/x86.rb.ut.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 $:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
 
@@ -90,4 +91,4 @@ class Rex::Arch::X86::UnitTest < ::Test::Unit::TestCase
 		assert_equal(s, Klass.searcher("\x04\x03\x02\x01"))
 	end
 
-end
+end

data/lib/rex/assembly/nasm.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 require 'tempfile'
 require 'rex/file'

data/lib/rex/assembly/nasm.rb.ut.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 $:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
 
@@ -19,4 +20,4 @@ class Rex::Assembly::Nasm::UnitTest < ::Test::Unit::TestCase
 		assert_equal("00000000  31C0              xor eax,eax\n", Klass.disassemble("\x31\xc0"))
 	end
 
-end
+end

data/lib/rex/compat.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 module Rex
 
 ###
@@ -224,12 +225,24 @@ end
 # Verify the Console2 environment
 #
 def self.win32_console2_verify
+	return nil if ! (is_windows and @@loaded_win32api)
 	buf = "\x00" * 512
 	out = Win32API.new("kernel32", "GetStdHandle", ["L"], "L").call(STD_OUTPUT_HANDLE)
 	res = Win32API.new("kernel32","GetConsoleTitle", ["PL"], "L").call(buf, buf.length-1) rescue 0
 	( res > 0 and buf.index("Console2 command").nil? ) ? false : true
 end
 
+#
+# Expand a 8.3 path to a full path
+#
+def self.win32_expand_path(path)
+	return nil if ! (is_windows and @@loaded_win32api)
+	glp = Win32API.new('kernel32', 'GetLongPathName', 'PPL', 'L')
+	buf = "\x00" * 260
+	len = glp.call(path, buf, buf.length)
+	buf[0, len]
+end
+
 #
 # Platform independent socket pair
 #

data/lib/rex/constants.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 #
 # Log severities
 #
@@ -13,7 +14,7 @@ LOG_RAW   = 'raw'
 #
 ##
 
-# 
+#
 # LEV_0 - Default
 #
 # This log level is the default log level if none is specified.  It should be
@@ -29,7 +30,7 @@ LEV_0     = 0
 #
 # This log level should be used when extra information may be needed to
 # understand the cause of an error or warning message or to get debugging
-# information that might give clues as to why something is happening.  This 
+# information that might give clues as to why something is happening.  This
 # log level should be used only when information may be useful to understanding
 # the behavior of something at a basic level.  This log level should not be
 # used in an exhaustively verbose fashion.
@@ -50,10 +51,10 @@ LEV_2     = 2
 #
 # LEV_3 - Insanity
 #
-# This log level should contain very verbose information about the 
+# This log level should contain very verbose information about the
 # behavior of the framework, such as detailed information about variable
 # states at certain phases including, but not limited to, loop iterations,
-# function calls, and so on.  This log level will rarely be displayed, 
+# function calls, and so on.  This log level will rarely be displayed,
 # but when it is the information provided should make it easy to analyze
 # any problem.
 #

data/lib/rex/elfparsey.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: elfparsey.rb 5413 2008-02-13 02:43:56Z ramon $
+# $Id: elfparsey.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 module Rex
 module ElfParsey
@@ -8,4 +9,4 @@ module ElfParsey
 end
 end
 
-require 'rex/elfparsey/elf'
+require 'rex/elfparsey/elf'

data/lib/rex/elfparsey/elf.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: elf.rb 6615 2009-06-03 01:39:54Z hdm $
+# $Id: elf.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 require 'rex/elfparsey/elfbase'
 require 'rex/elfparsey/exceptions'

data/lib/rex/elfparsey/elfbase.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: elfbase.rb 9937 2010-07-27 18:03:18Z jduck $
+# $Id: elfbase.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 require 'rex/struct2'
 
@@ -127,23 +128,23 @@ class ElfBase
 		end
 
 		# The following methods are just pass-throughs for struct
-		
+
 		# Access a value
 		def v
 			struct.v
-			
+
 		end
-		
-		# Access a value by array 
+
+		# Access a value by array
 		def [](*args)
 			struct[*args]
 		end
-		
+
 		# Obtain an array of all fields
 		def keys
 			struct.keys
 		end
-		
+
 		def method_missing(meth, *args)
 			v[meth.to_s] || (raise NoMethodError.new, meth)
 		end

data/lib/rex/elfparsey/exceptions.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: exceptions.rb 5413 2008-02-13 02:43:56Z ramon $
+# $Id: exceptions.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 module Rex
 module ElfParsey
@@ -24,4 +25,4 @@ class WtfError < ElfError
 end
 
 end
-end
+end

data/lib/rex/elfscan.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: elfscan.rb 5398 2008-02-06 17:31:57Z ramon $
+# $Id: elfscan.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 module Rex
 module ElfScan
@@ -9,4 +10,4 @@ end
 end
 
 require 'rex/elfscan/scanner'
-require 'rex/elfscan/search'
+require 'rex/elfscan/search'

data/lib/rex/elfscan/scanner.rb

@@ -1,5 +1,6 @@
+# -*- coding: binary -*-
 
-# $Id: scanner.rb 7320 2009-11-02 17:09:13Z hdm $
+# $Id: scanner.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 module Rex
 module ElfScan

data/lib/rex/elfscan/search.rb

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
-# $Id: search.rb 10173 2010-08-27 21:26:59Z jduck $
+# $Id: search.rb 15548 2012-06-29 06:08:20Z rapid7 $
 
 module Rex
 module ElfScan

data/lib/rex/encoder/alpha2.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 #
 # ________________________________________________________________________________
@@ -28,4 +29,4 @@ require 'rex/encoder/alpha2/generic'
 require 'rex/encoder/alpha2/alpha_mixed'
 require 'rex/encoder/alpha2/alpha_upper'
 require 'rex/encoder/alpha2/unicode_mixed'
-require 'rex/encoder/alpha2/unicode_upper'
+require 'rex/encoder/alpha2/unicode_upper'

data/lib/rex/encoder/alpha2/alpha_mixed.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 require 'rex/encoder/alpha2/generic'
 
@@ -19,7 +20,7 @@ class AlphaMixed < Generic
 			mod = 'I' * (16 - offset) + nop + '7QZ'    # dec ecx,,, push ecx, pop edx
 			edxmod = 'J' * (17 - offset)
 		else
-			mod = 'A' * (offset - 16) 
+			mod = 'A' * (offset - 16)
 			nop = 'C' * (16 - mod.length)
 			mod << nop + '7QZ'
 			edxmod = 'B' * (17 - (offset - 16))
@@ -47,7 +48,7 @@ class AlphaMixed < Generic
 			 gen_decoder_prefix(reg, offset) +
 			 "jA" +          # push 0x41
 			 "X" +           # pop eax
-			 "P" +           # push eax 
+			 "P" +           # push eax
 			 "0A0" +         # xor byte [ecx+30], al
 			 "A" +           # inc ecx                        <---
 			 "kAAQ" +        # imul eax, [ecx+42], 51 -> 10       |

data/lib/rex/encoder/alpha2/alpha_upper.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 require 'rex/encoder/alpha2/generic'
 
@@ -8,7 +9,7 @@ module Alpha2
 
 class AlphaUpper < Generic
 	def self.default_accepted_chars ; ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
-	
+
 	def self.gen_decoder_prefix(reg, offset)
 		if (offset > 20)
 			raise "Critical: Offset is greater than 20"
@@ -49,12 +50,12 @@ class AlphaUpper < Generic
 			gen_decoder_prefix(reg, offset) +
 			"V" +           # push esi
 			"T" +           # push esp
-			"X" +           # pop eax 
+			"X" +           # pop eax
 			"30" +          # xor esi, [eax]
 			"V" +           # push esi
 			"X" +           # pop eax
 			"4A" +          # xor al, 41
-			"P" +           # push eax 
+			"P" +           # push eax
 			"0A3" +         # xor [ecx+33], al
 			"H" +           # dec eax
 			"H" +           # dec eax
@@ -63,7 +64,7 @@ class AlphaUpper < Generic
 			"A" +           # inc ecx   <---------------
 			"A" +           # inc ecx                   |
 			"B" +           # inc edx                   |
-			"TAAQ" +        # imul eax, [ecx+41], 10 *  | 
+			"TAAQ" +        # imul eax, [ecx+41], 10 *  |
 			"2AB" +         # xor al [ecx+42]           |
 			"2BB" +         # xor al, [edx+42]          |
 			"0BB" +         # xor [edx+42], al          |

data/lib/rex/encoder/alpha2/generic.rb

@@ -1,4 +1,5 @@
 #!/usr/bin/env ruby
+# -*- coding: binary -*-
 
 require 'rex/text'
 
@@ -8,6 +9,7 @@ module Alpha2
 
 class Generic
 
+	# Note: 'A' is presumed to be accepted, but excluded from the accepted characters, because it serves as the terminator
 	def Generic.default_accepted_chars ; ('a' .. 'z').to_a + ('B' .. 'Z').to_a + ('0' .. '9').to_a ; end
 
 	def Generic.gen_decoder_prefix(reg, offset)
@@ -22,14 +24,6 @@ class Generic
 		return ''
 	end
 
-	def Generic.gen_base_set(ignored_max=0x0f)
-		# 0xf is max for XOR encodings - non-unicode
-		max = 0x0f
-		Rex::Text.shuffle_a(
-			[* ( (0..(max)).map { |i| i *= 0x10 } ) ]
-		)
-	end
-
 	def Generic.gen_second(block, base)
 		# XOR encoder for ascii - unicode uses additive
 		(block^base)
@@ -37,58 +31,41 @@ class Generic
 
 	def Generic.encode_byte(block, badchars)
 		accepted_chars = default_accepted_chars.dup
-
-
-		# Remove bad chars from the accepted_chars list.  Sadly 'A' must be
-		# an accepted char or we'll certainly fail at this point.  This could
-		# be fixed later maybe with some recalculation of the encoder stubs...
-		# - Puss
-		(badchars || '').unpack('C*').map { |c| accepted_chars.delete([c].pack('C')) }
-
-		first    = 0
-		second   = 1
-		randbase = 0
-		found    = nil
-
-
-		gen_base_set(block).each do |randbase_|
-			second   = gen_second(block, randbase_)
-			next if second < 0
-			if accepted_chars.include?([second].pack('C'))
-				found    = second
-				randbase = randbase_
-				break
-			end
+		
+		badchars.each_char {|c| accepted_chars.delete(c) } if badchars
+		
+		# No, not nipple.
+		nibble_chars = Array.new(0x10) {[]}
+		accepted_chars.each {|c| nibble_chars[c.unpack('C')[0] & 0x0F].push(c) }
+		
+		poss_encodings = []
+		
+		block_low_nibble = block & 0x0F
+		block_high_nibble = block >> 4
+		
+		# Get list of chars suitable for expressing lower part of byte
+		first_chars = nibble_chars[block_low_nibble]
+		
+		# Build a list of possible encodings
+		first_chars.each do |first_char|
+			first_high_nibble = first_char.unpack('C')[0] >> 4
+		
+			# In the decoding process, the low nibble of the second char gets combined
+			# (either ADDed or XORed depending on the encoder) with the high nibble of the first char,
+			# and we want the high nibble of our input byte to result
+			second_low_nibble = gen_second(block_high_nibble, first_high_nibble) & 0x0F
+			
+			# Find valid second chars for this first char and add each combination to our possible encodings
+			second_chars = nibble_chars[second_low_nibble]
+			second_chars.each {|second_char| poss_encodings.push(second_char + first_char) }
 		end
-
-		if not found
-			msg = "No valid base found for #{"0x%.2x" % block}"
-			if not accepted_chars.include?([second].pack('C'))
-				msg << ": BadChar to #{second}"
-			elsif second < 1
-				msg << ": Negative"
-			end
-			raise RuntimeError, msg
+		
+		if poss_encodings.empty?
+			raise RuntimeError, "No encoding of #{"0x%.2X" % block} possible with limited character set"
 		end
-
-		if (randbase > 0xa0)
-			# first num must be 4
-			first = (randbase/0x10) + 0x40
-		elsif (randbase == 0x00) || (randbase == 0x10)
-			# first num must be 5
-			first = (randbase/0x10) + 0x50
-		else
-			# pick one at "random"
-			first = (randbase/0x10)
-			if (first % 2) > 0
-				first += 0x40
-			else
-				first += 0x50
-			end
-		end
-
-		# now add our new bytes :)
-		[first.to_i, second].pack('CC')
+		
+		# Return a random encoding
+		poss_encodings[rand(poss_encodings.length)]
 	end
 
 	def Generic.encode(buf, reg, offset, badchars = '')
@@ -97,10 +74,10 @@ class Generic
 		buf.each_byte {
 			|block|
 
-			encoded += encode_byte(block, badchars)
+			encoded << encode_byte(block, badchars)
 		}
 
-		encoded += add_terminator()
+		encoded << add_terminator()
 
 		return encoded
 	end