Module Rex::Arch::X86
In: lib/rex/arch/x86.rb

everything here is mostly stole from vlad‘s perl x86 stuff

Methods

add   adjust_reg   call   clear   copy_to_stack   dword_adjust   encode_effective   encode_modrm   fpu_instructions   geteip_fpu   jmp   jmp_reg   jmp_short   mov_byte   mov_dword   mov_word   pack_dword   pack_lsb   pop_dword   push_byte   push_dword   reg_name32   reg_number   rel_number   searcher   set   sub  

Constants

EAX = AL = AX = ES = 0   Register number constants
ECX = CL = CX = CS = 1
EDX = DL = DX = SS = 2
EBX = BL = BX = DS = 3
ESP = AH = SP = FS = 4
EBP = CH = BP = GS = 5
ESI = DH = SI = 6
EDI = BH = DI = 7

Public Class methods

add(val, reg, badchars = '', adjust = false, bits = 0)

This method generates the opcodes equivalent to subtracting with a negative value from a given register.

adjust_reg(reg, adjustment)

This method adjusts the value of the ESP register by a given amount.

call(addr)

This method returns the opcodes that compose a relative call instruction to the address specified.

clear(reg, badchars = '')

This method generates an instruction that clears the supplied register in a manner that attempts to avoid bad characters, if supplied.

copy_to_stack(len)

Generates a buffer that will copy memory immediately following the stub that is generated to be copied to the stack

dword_adjust(dword, amount=0)

This method adds/subs a packed long integer

encode_effective(shift, dst)

This method generates the encoded effective value for a register.

encode_modrm(dst, src)

This method generates the mod r/m character for a source and destination register.

fpu_instructions()

This method returns an array of ‘safe’ FPU instructions

geteip_fpu(badchars)

This method returns an array containing a geteip stub, a register, and an offset This method will return nil if the getip generation fails

jmp(addr)

This method returns the opcodes that compose a jump instruction to the supplied relative offset.

jmp_reg(str)

Jump tp a specific register

jmp_short(addr)

This method returns the opcodes that compose a short jump instruction to the supplied relative offset.

mov_byte(reg, val)

This method generates the opcodes that set the low byte of a given register to the supplied value.

mov_dword(reg, val)

This method generates the opcodes that set the a register to the supplied value.

mov_word(reg, val)

This method generates the opcodes that set the low word of a given register to the supplied value.

pack_dword(num)

This method wrappers packing an integer as a little-endian buffer.

pack_lsb(num)

This method returns the least significant byte of a packed dword.

pop_dword(dst)

This method generates a pop dword instruction into a register.

push_byte(byte)

This method generates a push byte instruction.

push_dword(val)

This method generates a push dword instruction.

reg_name32(num)

This method returns the register named associated with a given register number.

reg_number(str)

This method returns the number associated with a named register.

rel_number(num, delta = 0)

This method returns a number offset to the supplied string.

searcher(tag)

This method returns the opcodes that compose a tag-based search routine

set(dst, val, badchars = '')

This method is a general way of setting a register to a value. Depending on the value supplied, different sets of instructions may be used.

TODO: Make this moderatly intelligent so it chain instructions by itself 

  (ie. xor eax, eax + mov al, 4 + xchg ah, al)
sub(val, reg, badchars = '', add = false, adjust = false, bits = 0)

Builds a subtraction instruction using the supplied operand and register.

[Validate]