Module: Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::DLLHelper
- Included in:
- DLL, MultiCaller, Util
- Defined in:
- lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb
Overview
shared functions
Defined Under Namespace
Classes: UnitTest
Instance Method Summary collapse
-
#asciiz_to_str(asciiz) ⇒ Object
converts 0-terminated ASCII string to ruby string.
-
#assemble_buffer(direction, function, args) ⇒ Object
assembles the buffers “in” and “inout”.
-
#param_to_number(v, win_consts = @win_consts) ⇒ Object
parses a number param and returns the value raises an exception if the param cannot be converted to a number examples: nil => 0 3 => 3 “MB_OK” => 0 “SOME_CONSTANT | OTHER_CONSTANT” => 17 “tuna” => !!!!!!!!!!Exception.
-
#str_to_ascii_z(str) ⇒ Object
converts ruby string to zero-terminated ASCII string.
-
#str_to_uni_z(str) ⇒ Object
converts ruby string to zero-terminated WCHAR string.
-
#uniz_to_str(uniz) ⇒ Object
converts 0-terminated UTF16 to ruby string.
Instance Method Details
#asciiz_to_str(asciiz) ⇒ Object
converts 0-terminated ASCII string to ruby string
45 46 47 48 49 50 51 52 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 45 def asciiz_to_str(asciiz) zero_byte_idx = asciiz.index("\x00") if zero_byte_idx != nil return asciiz[0, zero_byte_idx] else return asciiz end end |
#assemble_buffer(direction, function, args) ⇒ Object
assembles the buffers “in” and “inout”
96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 96 def assemble_buffer(direction, function, args) layout = {} # paramName => BufferItem blob = "" #puts " building buffer: #{direction}" function.params.each_with_index do |param_desc, param_idx| #puts " processing #{param_desc[0]} #{param_desc[1]} #{param_desc[2]}" # we care only about inout buffers if param_desc[2] == direction buffer = nil # Special case: # The user can choose to supply a Null pointer instead of a buffer # in this case we don't need space in any heap buffer if param_desc[0][0,1] == 'P' # type is a pointer if args[param_idx] == nil next end end case param_desc[0] # required argument type when "PDWORD" dw = param_to_number(args[param_idx]) buffer = [dw].pack('V') when "PWCHAR" raise "param #{param_desc[1]}: string expected" unless args[param_idx].class == String buffer = str_to_uni_z(args[param_idx]) when "PCHAR" raise "param #{param_desc[1]}: string expected" unless args[param_idx].class == String buffer = str_to_ascii_z(args[param_idx]) when "PBLOB" raise "param #{param_desc[1]}: please supply your BLOB as string!" unless args[param_idx].class == String buffer = args[param_idx] # other types (non-pointers) don't reference buffers # and don't need any treatment here end if buffer != nil #puts " adding #{buffer.length} bytes to heap blob" layout[param_desc[1]] = BufferItem.new(param_idx, blob.length, buffer.length, param_desc[0]) blob += buffer # sf: force 8 byte alignment to satisfy x64, wont matter on x86. while( blob.length % 8 != 0 ) blob += "\x00" end #puts " heap blob size now #{blob.length}" end end end #puts " built buffer: #{direction}" return [layout, blob] end |
#param_to_number(v, win_consts = @win_consts) ⇒ Object
parses a number param and returns the value raises an exception if the param cannot be converted to a number examples:
nil => 0
3 => 3
"MB_OK" => 0
"SOME_CONSTANT | OTHER_CONSTANT" => 17
"tuna" => !!!!!!!!!!Exception
Parameter “win_consts” is a WinConstantManager
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 76 def param_to_number(v, win_consts = @win_consts) if v.class == NilClass then return 0 elsif v.class == Fixnum then return v # ok, it's already a number elsif v.class == Bignum then return v # ok, it's already a number elsif v.class == String then dw = win_consts.parse(v) # might raise an exception if dw != nil return dw else raise ArgumentError, "Param #{v} (class #{v.class}) cannot be converted to a number. It's a string but matches no constants I know." end else raise "Param #{v} (class #{v.class}) should be a number but isn't" end end |
#str_to_ascii_z(str) ⇒ Object
converts ruby string to zero-terminated ASCII string
40 41 42 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 40 def str_to_ascii_z(str) return str+"\x00" end |
#str_to_uni_z(str) ⇒ Object
converts ruby string to zero-terminated WCHAR string
55 56 57 58 59 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 55 def str_to_uni_z(str) enc = str.unpack("C*").pack("v*") enc += "\x00\x00" return enc end |
#uniz_to_str(uniz) ⇒ Object
converts 0-terminated UTF16 to ruby string
62 63 64 |
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb', line 62 def uniz_to_str(uniz) uniz.unpack("v*").pack("C*").unpack("A*")[0] end |