From 46a5c4f4bf56daaae5eae73d2f30f4acad8c4f23 Mon Sep 17 00:00:00 2001 From: Michael Schierl Date: Tue, 1 Jan 2013 11:24:05 +0100 Subject: [PATCH] Improve RC4 shellcode ESI is not clobbered; no need to clear EDX as only DL is filled before and it is overwritten before use. Shellcodes in ruby modules not regenerated, but I guess you want to regenerate them again anyway :-) --- .../source/shellcode/windows/x86/src/block/block_rc4.asm | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/external/source/shellcode/windows/x86/src/block/block_rc4.asm b/external/source/shellcode/windows/x86/src/block/block_rc4.asm index 13a31803c9..ec7f21b5a5 100644 --- a/external/source/shellcode/windows/x86/src/block/block_rc4.asm +++ b/external/source/shellcode/windows/x86/src/block/block_rc4.asm @@ -10,7 +10,7 @@ ; EDI - pointer to 0x100 bytes scratch space for S-box ; Direction flag has to be cleared ; Output: None. Data is decoded in place. -; Clobbers: EAX, EBX, ECX, EDX, ESI, EBP (stack is not used) +; Clobbers: EAX, EBX, ECX, EDX, EBP (stack is not used) ; Initialize S-box xor eax, eax ; Start with 0 @@ -35,8 +35,7 @@ permute: ; decryption loop - xor ebx, ebx ; Clear EBX and EDX (EAX is already cleared) - xor edx, edx + xor ebx, ebx ; Clear EBX (EAX is already cleared) decrypt: inc al ; AL += 1 add bl, [edi+eax] ; BL += S[AL]