[BITS 32]

;Author: Ron Henry - dijital1
;Email: rlh@ciphermonk.net
;Site: http://www.ciphermonk.net

;Ok... couple of assumptions with this code. First, we're using a single
;byte as the checksum which gives us a 1 in 255 or ~0.39% chance of a 
;collision.
;We consider this a worthwhile risk given the overall size of the code; 18 bytes.

;There are a couple ways to implement this, but a good example is how it
;was used in Peter Van Eeckhoutte's omelet egghunter mixin that was recently
;added to the Metasploit Framework.

;We're using a 1 byte footer at the end of the shellcode that contains the
;checksum generated at shellcode creation.

; Variables eax: accumulator
;           edx: points to current byte in shellcode
;           ecx: counter

egg_size equ 0x7a       ;we're testing 122 bytes in this instance

find_egg:

xor ecx, ecx            ;zero the counter
xor eax, eax            ;zero the accumlator

calc_chksum_loop:
add al, byte [edx+ecx]  ;add the byte to running total
inc ecx                 ;increment the counter
cmp cl, egg_size        ;cmp counter to egg_size
jnz calc_chksum_loop    ;if it's not equal repeat

test_ckksum:
cmp al, byte [edx+ecx]  ;cmp eax with 1 byte checksum
jnz find_egg            ;search for another egg if checksum is bogus