Informative Information for the Uninformed | ||||||||||||||
|
||||||||||||||
encode_endWith all the encoding cruft out of the way, the final method that needs to be overridden is encode_end. In this method, the state.context attribute is appended to the state.encoded. The purpose of the state.context attribute is to hold all of the encoded data blocks that are created over the course of encoding each block. The state.encoded attribute is the actual decoder including the stub header, the decode transformations, and finally, the encoded data blocks.
def encode_end(state) state.encoded += state.context end
Once encoding completes, the result might be a disassembly that looks something like this:
$ echo -ne "\x42\x20\x80\x78\xcc\xcc\xcc\xcc" | \ ./msfencode -e x86/avoid_utf8_tolower -t raw | \ ndisasm -u - [*] x86/avoid_utf8_tolower succeeded, final size 47 00000000 6A02 push byte +0x2 00000002 6B3C240B imul edi,[esp],byte +0xb 00000006 60 pusha 00000007 030C24 add ecx,[esp] 0000000A 6A11 push byte +0x11 0000000C 030C24 add ecx,[esp] 0000000F 6A04 push byte +0x4 00000011 683C0C190D push dword 0xd190c3c 00000016 5F pop edi 00000017 0139 add [ecx],edi 00000019 030C24 add ecx,[esp] 0000001C 68696A6060 push dword 0x60606a69 00000021 5F pop edi 00000022 0139 add [ecx],edi 00000024 030C24 add ecx,[esp] 00000027 06 push es 00000028 1467 adc al,0x67 0000002A 6B63626C imul esp,[ebx+0x62],byte +0x6c 0000002E 6C insb
|