Class: Metasm::Shellcode

Inherits:

ExeFormat

• Object
• ExeFormat
• Metasm::Shellcode

Defined in:

lib/metasm/exe_format/shellcode.rb

Overview

a shellcode is a simple sequence of instructions

Instance Attribute Summary

• #base_addr ⇒ Object

  the base address of the shellcode (nil if unspecified).

• #source ⇒ Object

  the array of source elements (Instr/Data etc).

Attributes inherited from ExeFormat

#cpu, #cursource, #disassembler, #encoded, #filename, #unique_labels_cache

Class Method Summary

• .disassemble(cpu, str, eip = 0) ⇒ Object
• .withcpu(cpu) ⇒ Object

  returns a virtual subclass of Shellcode whose cpu_from_headers will return cpu.

Instance Method Summary

• #addr_to_fileoff(addr) ⇒ Object
• #assemble(*a) ⇒ Object

  encodes the source found in self.source appends it to self.encoded clears self.source the optional parameter may contain a binding used to fixup! self.encoded uses self.base_addr if it exists.

• #compile_setsection(src, section) ⇒ Object
• #decode ⇒ Object
• #dump_section_header(addr, edata) ⇒ Object
• #each_section {|@encoded, (@base_addr || 0)| ... } ⇒ Object
• #encode(binding = {}) ⇒ Object
• #fileoff_to_addr(foff) ⇒ Object
• #get_default_entrypoints ⇒ Object
• #get_section_at(addr) ⇒ Object
• #init_disassembler ⇒ Object
• #initialize(cpu = nil, base_addr = nil) ⇒ Shellcode constructor

  A new instance of Shellcode.

• #parse_init ⇒ Object
• #parse_parser_instruction(instr) ⇒ Object

  allows definition of the base address.

Methods inherited from ExeFormat

assemble, assemble_file, #assemble_resolve, #assemble_sequence, autoexe_load, #c_set_default_entrypoint, #compile_c, compile_c, compile_c_file, #curencoded, decode, decode_file, decode_file_header, decode_header, #decode_strz, #disassemble, #disassemble_fast_deep, #encode_file, #encode_string, #get_xrefs_rw, #get_xrefs_x, #label_at, load, load_file, #locallabels_bkw, #locallabels_fwd, #new_label, #parse, #parse_data, #parse_data_data, #parse_new_label, #read_c_attrs, #share_namespace, #shortname, #tune_cparser, #tune_prepro

Methods included from ExeFormat::IntToHash

#bits_from_hash, #bits_to_hash, #int_from_hash, #int_to_hash

Constructor Details

#initialize(cpu = nil, base_addr = nil) ⇒ Shellcode

Returns a new instance of Shellcode.

# File 'lib/metasm/exe_format/shellcode.rb', line 17

def initialize(cpu=nil, base_addr=nil)
  @base_addr = base_addr
  @source = []
  super(cpu)
end

Instance Attribute Details

#base_addr ⇒ Object

the base address of the shellcode (nil if unspecified)

# File 'lib/metasm/exe_format/shellcode.rb', line 15

def base_addr
  @base_addr
end

#source ⇒ Object

the array of source elements (Instr/Data etc)

# File 'lib/metasm/exe_format/shellcode.rb', line 13

def source
  @source
end

Class Method Details

.disassemble(cpu, str, eip = 0) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 85

def self.disassemble(cpu, str, eip=0)
  sc = decode(str, cpu)
  sc.disassemble(eip)
end

.withcpu(cpu) ⇒ Object

returns a virtual subclass of Shellcode whose cpu_from_headers will return cpu

# File 'lib/metasm/exe_format/shellcode.rb', line 108

def self.withcpu(cpu)
  c = Class.new(self)
  c.send(:define_method, :cpu_from_headers) { cpu }
  c
end

Instance Method Details

#addr_to_fileoff(addr) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 55

def addr_to_fileoff(addr)
  addr - (base_addr || 0)
end

#assemble(*a) ⇒ Object

encodes the source found in self.source appends it to self.encoded clears self.source the optional parameter may contain a binding used to fixup! self.encoded uses self.base_addr if it exists

# File 'lib/metasm/exe_format/shellcode.rb', line 68

def assemble(*a)
  parse(*a) if not a.empty?
  @encoded << assemble_sequence(@source, @cpu)
  @source.clear
  encode
end

#compile_setsection(src, section) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 96

def compile_setsection(src, section)
end

#decode ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 82

def decode
end

#dump_section_header(addr, edata) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 99

def dump_section_header(addr, edata)
  ''
end

#each_section {|@encoded, (@base_addr || 0)| ... } ⇒ Object

Yields:

• (@encoded, (@base_addr || 0))

# File 'lib/metasm/exe_format/shellcode.rb', line 51

def each_section
  yield @encoded, (@base_addr || 0)
end

#encode(binding = {}) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 75

def encode(binding={})
  @encoded.fixup! binding
  @encoded.fixup @encoded.binding(@base_addr)
  @encoded.fill @encoded.rawsize
  self
end

#fileoff_to_addr(foff) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 59

def fileoff_to_addr(foff)
  foff + (base_addr || 0)
end

#get_default_entrypoints ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 103

def get_default_entrypoints
  [@base_addr || 0]
end

#get_section_at(addr) ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 41

def get_section_at(addr)
  base = @base_addr || 0
  if not addr.kind_of? Integer
    [@encoded, addr] if @encoded.ptr = @encoded.export[addr]
  elsif addr >= base and addr < base + @encoded.virtsize
    @encoded.ptr = addr - base
    [@encoded, addr]
  end
end

#init_disassembler ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 90

def init_disassembler
  d = super()
  d.function[:default] = @cpu.disassembler_default_func
  d
end

#parse_init ⇒ Object

# File 'lib/metasm/exe_format/shellcode.rb', line 23

def parse_init
  @cursource = @source
  super()
end

#parse_parser_instruction(instr) ⇒ Object

allows definition of the base address

# File 'lib/metasm/exe_format/shellcode.rb', line 29

def parse_parser_instruction(instr)
  case instr.raw.downcase
  when '.base', '.baseaddr', '.base_addr'
    # ".base_addr <expression>"
    # expression should #reduce to integer
    @lexer.skip_space
    raise instr, 'syntax error' if not @base_addr = Expression.parse(@lexer).reduce
    raise instr, 'syntax error' if tok = @lexer.nexttok and tok.type != :eol
  else super(instr)
  end
end