Class: TurboRex::Windows::Process

Inherits:

Metasm::WinOS::Process

• Object
• Metasm::WinOS::Process
• TurboRex::Windows::Process

Defined in:

lib/turborex/windows/process.rb

Instance Method Summary

• #close_handle ⇒ Object
• #disassembler ⇒ Object
• #load_symbol_table(libname) ⇒ Object

Instance Method Details

#close_handle ⇒ Object

# File 'lib/turborex/windows/process.rb', line 36

def close_handle
  Metasm::WinAPI.closehandle(handle)
end

#disassembler ⇒ Object

# File 'lib/turborex/windows/process.rb', line 6

def disassembler
  return @disassembler if @disassembler
  case self.cpusz 
  when 32
    @disassembler = Metasm::Shellcode.decode(self.memory, Metasm::Ia32.new).disassembler
  when 64
    @disassembler = Metasm::Shellcode.decode(self.memory, Metasm::X86_64.new).disassembler
  end
end

#load_symbol_table(libname) ⇒ Object

# File 'lib/turborex/windows/process.rb', line 16

def load_symbol_table(libname)  
  initialize_sym_handler
  unless lib = modules.find { |m| m.path =~ Regexp.new(libname, true) }
    return false
  end

  if Win32API.symloadmoduleex(self.handle, 0, libname, 0, lib.addr, lib.size, 0, 0) == 0 &&
     Win32API.getlasterror != 0
      return false
  end

  # module_info = Win32API.alloc_c_struct('IMAGEHLP_MODULE64')
  # module_info.SizeOfStruct = module_info.sizeof
  # unless Win32API.symgetmoduleinfo64(self.handle, lib.addr, module_info) == 1
  #   return false
  # end

  true
end