module Rex
module Poly

###
#
# This class encapsulates a LogicalBlock permutation.  Block permutations can
# take the form of a static string or a procedure.  This makes it possible to
# have simple blocks and more complicated ones that take into account other
# variables, such as dynamic registers.  The to_s method will return the
# string version of the permutation, regardless of whether or not the
# underlying permutation is a string or a procedure.
#
###
class Permutation

	#
	# Initializes the permutation and its associated block.
	#
	def initialize(perm, block)
		@perm  = perm
		@block = block
	end

	#
	# Returns the length of the string returned by to_s.
	#
	def length
		to_s.length
	end

	#
	# Returns the string representation of the permutation.  If the underlying
	# permutation is a procedure, the procedure is called.  Otherwise, the
	# string representation of the permutation is returned.
	#
	def to_s
		if (@perm.kind_of?(Proc))
			@perm.call(@block).to_s
		else
			@perm.to_s
		end
	end

	attr_reader :perm

end

###
#
# This class represents a logical block which is defined as a concise portion
# of code that may have one or more functionally equivalent implementations.
# A logical block should serve a very specific purpose, and any permutations
# beyond the first should result in exactly the same functionality without any
# adverse side effects to other blocks.  
#
# Like blocks of code, LogicalBlock's can depend on one another in terms of
# ordering and precedence.  By marking blocks as dependent on another, a
# hierarchy begins to form.  This is a block dependency graph.
#
# To add permutations to a LogicalBlock, they can either be passed in as a
# list of arguments to the constructor following the blocks name or can be
# added on the fly by calling the add_perm method.  To get a random
# permutation, the rand_perm method can be called.
#
# To mark one block as depending on another, the depends_on method can be
# called with zero or more LogicalBlock instances as parameters.
#
###
class LogicalBlock

	#
	# Initializes the logical block's name along with zero or more specific
	# blocks.
	#
	def initialize(name, *perms)
		@name  = name

		reset

		add_perm(*perms)
	end

	#
	# Resets the block back to its starting point.
	#
	def reset
		@perms           = []
		@depends         = []
		@next_blocks     = []
		@clobbers        = []
		@offset          = nil
		@state           = nil
		@once            = false
		@references      = 0
		@used_references = 0
		@generated       = false
	end

	#
	# Returns the block's name.
	#
	def name
		@name
	end

	#
	# Flags whether or not the block should only be generated once.  This can
	# be used to mark a blog as being depended upon by multiple blocks, but
	# making it such that it is only generated once.
	#
	def once=(tf)
		@once = tf
	end

	#
	# Returns true if this block is a 'once' block.  That is, this block is
	# dependend upon by multiple blocks but should only be generated once.
	#
	def once
		@once
	end

	#
	# Increments the number of blocks that depend on this block.
	#
	def ref
		@references += 1
	end

	#
	# Increments the number of blocks that have completed their dependency
	# pass on this block.  This number should never become higher than the
	# @references attribute.
	#
	def deref
		@used_references += 1
	end

	#
	# Returns true if there is only one block reference remaining.
	#
	def last_reference?
		(@references - @used_references <= 0)
	end

	#
	# Adds zero or more specific permutations that may be represented either as
	# strings or as Proc's to be called at evaluation time.
	#
	def add_perm(*perms)
		@perms.concat(perms)
	end

	#
	# Returns a random permutation that is encapsulated in a Permutation class
	# instance.
	#
	def rand_perm
		perm = nil

		if (@state.badchars)
			perm = rand_perm_badchars
		else
			perm = Permutation.new(@perms[rand(@perms.length)], self)
		end

		if (perm.nil?)
			raise RuntimeError, "Failed to locate a valid permutation."
		end

		perm
	end

	#
	# Returns a random permutation that passes any necessary bad character
	# checks.
	#
	def rand_perm_badchars
		idx = rand(@perms.length)
		off = 0

		while (off < @perms.length)
			p = @perms[(idx + off) % @perms.length]

			if (p.kind_of?(Proc) or
			    @state.badchars.nil? or 
			    Rex::Text.badchar_index(p, @state.badchars).nil?)
				return Permutation.new(p, self)
			end

			off += 1
		end
	end

	#
	# Sets the blocks that this block instance depends on.
	#
	def depends_on(*depends)
		@depends = depends.dup

		# Increment dependent references
		@depends.each { |b| b.ref }
	end

	#
	# Defines the next blocks, but not in a dependency fashion but rather in a
	# linking of separate block contexts.
	#
	def next_blocks(*blocks)
		@next_blocks = blocks.dup
	end

	#
	# Defines the list of zero or more LogicalRegister's that this block
	# clobbers.
	#
	def clobbers(*registers)
		@clobbers = registers
	end

	#
	# Enumerates each register instance that is clobbered by this block.
	#
	def each_clobbers(&block)
		@clobbers.each(&block)
	end

	#
	# Generates the polymorphic buffer that results from this block and any of
	# the blocks that it either directly or indirectly depends on.  A list of
	# register numbers to be saved can be passed in as an argument.
	#
	# This method is not thread safe.  To call this method on a single block
	# instance from within multiple threads, be sure to encapsulate the calls
	# inside a locked context.
	#
	def generate(save_registers = nil, state = nil, badchars = nil)
		# Create a localized state instance if one was not supplied.
		state = Rex::Poly::State.new if (state == nil)
		buf   = nil
		cnt   = 0

		# This is a lame way of doing this.  We just try to generate at most 128
		# times until we don't have badchars.  The reason we have to do it this
		# way is because of the fact that badchars can be introduced through
		# block offsetting and register number selection which can't be readily
		# predicted or detected during the generation phase.  In the future we
		# can make this better, but for now this will have to do.
		begin
			buf = do_generate(save_registers, state, badchars)

			if (buf and 
			    (badchars.nil? or Rex::Text.badchar_index(buf, badchars).nil?))
				break
			end
		end while ((cnt += 1) < 128)

		# If we passed 128 tries, then we can't succeed.
		buf = nil if (cnt >= 128)

		buf
	end
	
	#
	# Returns the offset of a block.  If the active state for this instance is
	# operating in the first phase, then zero is always returned.  Otherwise,
	# the correct offset for the supplied block is returned.
	#
	def offset_of(lblock)
		if (@state.first_phase) 
			0 
		else
			if (lblock.kind_of?(SymbolicBlock::End))
				@state.curr_offset
			else
				lblock.offset
			end
		end
	end

	#
	# Returns the register number associated with the supplied LogicalRegister
	# instance.  If the active state for this instance is operating in the
	# first phase, then zero is always returned.  Otherwise, the correct
	# register number is returned based on what is currently assigned to the
	# supplied LogicalRegister instance, if anything.
	#
	def regnum_of(reg)
		(@state.first_phase) ? 0 : reg.regnum
	end

	def size_of(lblock)
		@state.block_list.map { |b, p|
			if b == lblock
				return p.length
			end
		}
		0
	end

	#
	# This attributes contains the currently assigned offset of the permutation
	# associated with this block into the polymorphic buffer that is being
	# generated.
	#
	attr_accessor :offset

	#
	# Whether or not this block has currently been generated for a given
	# iteration.
	#
	attr_accessor :generated

protected
	
	#
	# Performs the actual polymorphic buffer generation.  Called from generate
	#
	def do_generate(save_registers, state, badchars)
		# Reset the state in case it was passed in.
		state.reset

		# Set the bad character list
		state.badchars = badchars if (badchars)

		# Consume any registers that should be saved.
		save_registers.each { |reg|
			state.consume_regnum(reg)
		} if (save_registers)

		# Build the linear list of blocks that will be processed.  This
		# list is built in a dynamic fashion based on block dependencies.
		# The list that is returned is an Array of which each element is a two
		# member array, the first element being the LogicalBlock instance that
		# the permutation came from and the second being an instance of the
		# Permutation class associated with the selected permutation.
		block_list = generate_block_list(state)

		# Transition into the second phase which enables offset_of and regnum_of
		# calls to return real values.
		state.first_phase = false

		# Now that every block has been assigned an offset, generate the
		# buffer block by block, assigning registers as necessary.
		block_list.each { |b| 

			# Generate the next permutation and append it to the buffer.
			begin
				state.buffer += b[1].to_s 
			# If an invalid register exception is raised, try to consume a random
			# register from the register's associated architecture register
			# number set.
			rescue InvalidRegisterError => e
				e.reg.regnum = state.consume_regnum_from_set(e.reg.class.regnum_set)
				retry
			end
	
			# Remove any of the registers that have been clobbered by this block
			# from the list of consumed register numbers so that they can be used
			# in the future.
			b[0].each_clobbers { |reg|
				begin
					state.defecate_regnum(reg.regnum)

					reg.regnum = nil
				rescue InvalidRegisterError
				end
			}
				
		}

		# Finally, return the buffer that has been created.
		state.buffer
	end

	#
	# Generates the linear list of block permutations which is stored in the
	# supplied state instance.  This is done prior to assigning blocks offsets
	#
	def generate_block_list(state, level=0)
		if @depends.length > 1
			@depends.length.times {
				f = rand(@depends.length)
				@depends.push(@depends.delete_at(f))
			}
		end

		@depends.length.times { |cidx|
		
			pass = false
		
			while (not pass)
			
				if (@depends[cidx].generated)
					break

				# If this dependent block is a once block and the magic 8 ball turns
				# up zero, skip it and let a later block pick it up.  We only do this
				# if we are not the last block to have a dependency on this block.
				elsif ((@depends[cidx].once) and
			    	(rand(2).to_i == 0) and
			    	(@depends[cidx].last_reference? == false))
					break
				end

				# Generate this block
				@depends[cidx].generate_block_list(state, level+1)

				if level != 0
					return
				else
					@depends.length.times {
						f = rand(@depends.length)
						@depends.push(@depends.delete_at(f))
					}

					next
				end
			end
				
			next
		}

		self.deref

		# Assign the instance local state for the duration of this generation
		@state = state

		# Select a random permutation
		perm = rand_perm

		# Set our block offset to the current state offset
		self.offset = state.curr_offset

		# Flag ourselves as having been generated for this iteration.
		self.generated = true

		# Adjust the current offset based on the permutations length
		state.curr_offset += perm.length

		# Add it to the linear list of blocks
		state.block_list << [ self, perm ]

		# Generate all the blocks that follow this one.
		@next_blocks.each { |b|
			b.generate_block_list(state)
		}

		# Return the state's block list
		state.block_list
	end

end

###
#
# Symbolic blocks are used as special-case LogicalBlock's that have meaning
# a more general meaning.  For instance, SymbolicBlock::End can be used to
# symbolize the end of a polymorphic buffer.
#
###
module SymbolicBlock

	###
	#
	# The symbolic end of a polymorphic buffer.
	#
	###
	class End < LogicalBlock
		def initialize
			super('__SYMBLK_END__')
		end
	end
end

end
end