# frozen_string_literal: true # # ronin-exploits - A Ruby library for ronin-rb that provides exploitation and # payload crafting functionality. # # Copyright (c) 2007-2022 Hal Brodigan (postmodern.mod3 at gmail.com) # # ronin-exploits is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ronin-exploits is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ronin-exploits. If not, see . # module Ronin module Exploits module Mixins # # Generates NOP buffers. # # ## Examples # # include Mixins::NOPS # # arch :x86_64 # # def build # buffer = ('A' * 1024) + nops(100) + payload # # ... # end # # @api public # # @since 1.0.0 # module NOPS # Nop instructions for various architectures. # # @api private NOPS = { x86: "\x90".b, # nop x86_64: "\x90".b, # nop arm: "\x05P\xa0\xe1".b, # mov r5, r5 arm64: "\xe5\x03\x05\xaa".b, # mov x5, x5 # TODO: mips # TODO: mips64 # TODO: ppc # TODO: ppc64 } # # Validates that the exploit defined an `arch` method and that all # required params are set. # # @raise [ValidationError] # The exploit did not define an `arch` method, usually defined by # {Mixins::HasTargets} or {Metadata::Arch}. # # @raise [Ronin::Core::Params::RequiredParam] # One of the required params was not set. # # @api semipublic # def perform_validate unless respond_to?(:arch) raise(ValidationError,"exploit #{self.class} did not include Ronin::Exploits::Metadata::Arch or Ronin::Exploits::Mixins::HasTargets") end unless arch raise(ValidationError,"exploit #{self.class} did not include define an architecture") end super() end # # An individual NOP instructure for the target architecture of the # exploit. # # @return [String] # The NOP instruction String. # # @raise [NotImplementedError] # No NOP string was defined for the exploit's targeted architecture. # def nop NOPS.fetch(arch) do raise(NotImplementedError,"no NOP string is currently defined for the architecture: #{arch.inspect}") end end # # Creates a buffer of NOPs. # # @param [Integer] size # The desired size of the nop buffer. # # @return [String] # The NOPs buffer. # # @raise [NotImplementedError] # No NOP string was defined for the exploit's targeted architecture. # # @api public # def nops(size) nop = self.nop return nop * (size / nop.bytesize) end end end end end