Retab all the things (except external/)
This commit is contained in:
Tab Assassin
+43
-43
@@ -4,7 +4,7 @@
|
||||
|
||||
msfbase = __FILE__
|
||||
while File.symlink?(msfbase)
|
||||
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
|
||||
msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
|
||||
end
|
||||
|
||||
$:.unshift(File.expand_path(File.join(File.dirname(msfbase), '..', 'lib')))
|
||||
@@ -16,10 +16,10 @@ $:.unshift(ENV['MSF_LOCAL_LIB']) if ENV['MSF_LOCAL_LIB']
|
||||
require 'rex'
|
||||
|
||||
if ARGV.length < 1
|
||||
$stderr.puts("Usage: #{File.basename($0)} <search item> <length of buffer>")
|
||||
$stderr.puts("Default length of buffer if none is inserted: 8192")
|
||||
$stderr.puts("This buffer is generated by pattern_create() in the Rex library automatically")
|
||||
exit
|
||||
$stderr.puts("Usage: #{File.basename($0)} <search item> <length of buffer>")
|
||||
$stderr.puts("Default length of buffer if none is inserted: 8192")
|
||||
$stderr.puts("This buffer is generated by pattern_create() in the Rex library automatically")
|
||||
exit
|
||||
end
|
||||
|
||||
value = ARGV.shift
|
||||
@@ -63,13 +63,13 @@ $ ./tools/pattern_offset.rb 0xFFFF4138
|
||||
|
||||
# The normal format is a full hexadecimal value: 0x41424344
|
||||
if (value.length >= 8 and value.hex > 0)
|
||||
value = value.hex
|
||||
value = value.hex
|
||||
# However, you can also specify a four-byte string
|
||||
elsif (value.length == 4)
|
||||
value = value.unpack("V").first
|
||||
value = value.unpack("V").first
|
||||
else
|
||||
# Or even a hex value that isn't 8 bytes long
|
||||
value = value.to_i(16)
|
||||
value = value.to_i(16)
|
||||
end
|
||||
|
||||
buffer = Rex::Text.pattern_create(len.to_i)
|
||||
@@ -77,48 +77,48 @@ offset = Rex::Text.pattern_offset(buffer, value)
|
||||
|
||||
# Handle cases where there is no match by looking for "close" matches
|
||||
unless offset
|
||||
found = false
|
||||
$stderr.puts "[*] No exact matches, looking for likely candidates..."
|
||||
found = false
|
||||
$stderr.puts "[*] No exact matches, looking for likely candidates..."
|
||||
|
||||
# Look for shifts by a single byte
|
||||
0.upto(3) do |idx|
|
||||
0.upto(255) do |c|
|
||||
nvb = [value].pack("V")
|
||||
nvb[idx, 1] = [c].pack("C")
|
||||
nvi = nvb.unpack("V").first
|
||||
# Look for shifts by a single byte
|
||||
0.upto(3) do |idx|
|
||||
0.upto(255) do |c|
|
||||
nvb = [value].pack("V")
|
||||
nvb[idx, 1] = [c].pack("C")
|
||||
nvi = nvb.unpack("V").first
|
||||
|
||||
off = Rex::Text.pattern_offset(buffer, nvi)
|
||||
if off
|
||||
mle = value - buffer[off,4].unpack("V").first
|
||||
mbe = value - buffer[off,4].unpack("N").first
|
||||
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] ) byte offset #{idx}"
|
||||
found = true
|
||||
end
|
||||
end
|
||||
end
|
||||
off = Rex::Text.pattern_offset(buffer, nvi)
|
||||
if off
|
||||
mle = value - buffer[off,4].unpack("V").first
|
||||
mbe = value - buffer[off,4].unpack("N").first
|
||||
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] ) byte offset #{idx}"
|
||||
found = true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
exit if found
|
||||
exit if found
|
||||
|
||||
# Look for 16-bit offsets
|
||||
[0, 2].each do |idx|
|
||||
0.upto(65535) do |c|
|
||||
nvb = [value].pack("V")
|
||||
nvb[idx, 2] = [c].pack("v")
|
||||
nvi = nvb.unpack("V").first
|
||||
# Look for 16-bit offsets
|
||||
[0, 2].each do |idx|
|
||||
0.upto(65535) do |c|
|
||||
nvb = [value].pack("V")
|
||||
nvb[idx, 2] = [c].pack("v")
|
||||
nvi = nvb.unpack("V").first
|
||||
|
||||
off = Rex::Text.pattern_offset(buffer, nvi)
|
||||
if off
|
||||
mle = value - buffer[off,4].unpack("V").first
|
||||
mbe = value - buffer[off,4].unpack("N").first
|
||||
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] )"
|
||||
found = true
|
||||
end
|
||||
end
|
||||
end
|
||||
off = Rex::Text.pattern_offset(buffer, nvi)
|
||||
if off
|
||||
mle = value - buffer[off,4].unpack("V").first
|
||||
mbe = value - buffer[off,4].unpack("N").first
|
||||
puts "[+] Possible match at offset #{off} (adjusted [ little-endian: #{mle} | big-endian: #{mbe} ] )"
|
||||
found = true
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
while offset
|
||||
puts "[*] Exact match at offset #{offset}"
|
||||
offset = Rex::Text.pattern_offset(buffer, value, offset + 1)
|
||||
puts "[*] Exact match at offset #{offset}"
|
||||
offset = Rex::Text.pattern_offset(buffer, value, offset + 1)
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user