Class: TurboRex::Windows::ALPC::MessageAttribute

Inherits:

Object

• Object
• TurboRex::Windows::ALPC::MessageAttribute

Defined in:

lib/turborex/windows/alpc.rb

Instance Attribute Summary

• #attr ⇒ Object readonly

  Returns the value of attribute attr.

• #buf ⇒ Object readonly

  Returns the value of attribute buf.

• #struct ⇒ Object readonly

  Returns the value of attribute struct.

Instance Method Summary

• #initialize(attr = nil) ⇒ MessageAttribute constructor

  A new instance of MessageAttribute.

• #required_buf(attr) ⇒ Object
• #required_buf_size(attr) ⇒ Object

Constructor Details

#initialize(attr = nil) ⇒ MessageAttribute

Returns a new instance of MessageAttribute.

# File 'lib/turborex/windows/alpc.rb', line 569

def initialize(attr = nil)
  @attr = attr ||= (
  TurboRex::Windows::ALPC::ALPC_MESSAGE_SECURITY_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_VIEW_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_CONTEXT_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_HANDLE_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_TOKEN_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_DIRECT_ATTRIBUTE |
      TurboRex::Windows::ALPC::ALPC_MESSAGE_WORK_ON_BEHALF_ATTRIBUTE
  )
  msg_attr = APIProxy.alloc_c_struct('ALPC_MESSAGE_ATTRIBUTES')
  reqired_buf_size = APIProxy.alloc_c_type('ULONG')
  @buf = required_buf(attr)
  ntstatus = APIProxy.alpcinitializemessageattribute(attr, @buf, @buf.sizeof, reqired_buf_size)
  unless TinySDK.nt_success? ntstatus
    formatted = TurboRex::Windows::TinySDK.format_hex_ntstatus ntstatus, hex_str: true
    raise "Failed to call AlpcInitializeMessageAttribute: #{formatted}"
  end

  @struct = @buf
end

Instance Attribute Details

#attr ⇒ Object (readonly)

Returns the value of attribute attr.

# File 'lib/turborex/windows/alpc.rb', line 567

def attr
  @attr
end

#buf ⇒ Object (readonly)

Returns the value of attribute buf.

# File 'lib/turborex/windows/alpc.rb', line 566

def buf
  @buf
end

#struct ⇒ Object (readonly)

Returns the value of attribute struct.

# File 'lib/turborex/windows/alpc.rb', line 565

def struct
  @struct
end

Instance Method Details

#required_buf(attr) ⇒ Object

# File 'lib/turborex/windows/alpc.rb', line 591

def required_buf(attr)
  size = required_buf_size(attr)
  APIProxy.alloc_c_ary('BYTE', size)
end

#required_buf_size(attr) ⇒ Object

# File 'lib/turborex/windows/alpc.rb', line 596

def required_buf_size(attr)
  required_bud_size = APIProxy.alloc_c_type('ULONG')
  ntstatus = APIProxy.alpcinitializemessageattribute(attr, 0, 0, required_bud_size)
  required_bud_size.str.unpack('V')[0]
end