#
#--
# Ronin Exploits - A Ruby library for Ronin that provides exploitation and
# payload crafting functionality.
#
# Copyright (c) 2007-2009 Hal Brodigan (postmodern.mod3 at gmail.com)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
#++
#

require 'ronin/exploits/exceptions/payload_size'
require 'ronin/exploits/targets/buffer_overflow'
require 'ronin/exploits/helpers/binary'
require 'ronin/exploits/helpers/padding'

module Ronin
  module Exploits
    module Helpers
      module BufferOverflow
        def self.included(base)
          base.module_eval do
            include Ronin::Exploits::Helpers::Binary
            include Ronin::Exploits::Helpers::Padding

            has n, :targets,
                   :class_name => 'Ronin::Exploits::Targets::BufferOverflow'

            # The buffer to use for the buffer overflow
            attr_reader :buffer
          end
        end

        def self.extended(obj)
          obj.instance_eval do
            extend Ronin::Exploits::Helpers::Binary
            extend Ronin::Exploits::Helpers::Padding

            #
            # Returns the buffer to use for the buffer overflow.
            #
            def buffer
              @buffer
            end
          end
        end

        #
        # Adds a new Targets::BufferOverflow with the given _attributes_
        # and _block_.
        #
        def targeting(attributes={},&block)
          self.targets << Targets::BufferOverflow.new(attributes,&block)
        end

        protected
       
        #
        # Builds the buffer with the current target and payload to be
        # used in the buffer overflow exploit.
        #
        def build_buffer
          verify_target!

          if encoded_payload.length > target.buffer_length
            raise(PayloadSize,"the specified payload is too large for the target's buffer length",caller)
          end

          buffer = pad(target.buffer_length - encoded_payload.length) + encoded_payload
          ip_packed = pack(target.ip)

          if target.bp
            buffer << ((pack(target.bp) + ip_packed) * target.frame_repeat)
          else
            buffer << ((ip_packed * 2) * target.frame_repeat)
          end

          return buffer
        end

        #
        # Default builder method which simply calls build_buffer.
        #
        def build
          @buffer = build_buffer
        end
      end
    end
  end
end