From fe8542f4cc9c43aa50cef29ea6c5f45796466158 Mon Sep 17 00:00:00 2001 From: Oleksii Shevchuk Date: Sun, 30 Oct 2016 23:12:49 +0200 Subject: [PATCH] Add function to search functions by module and name It wasn't possible to find functions in libraries loaded using memoryloader (Windows) --- client/sources/MyLoadLibrary.c | 16 +++++++++++++++- client/sources/MyLoadLibrary.h | 1 + client/sources/pupy.c | 19 ++++++++++++++++++- 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/client/sources/MyLoadLibrary.c b/client/sources/MyLoadLibrary.c index 63cfd34d..103649b8 100644 --- a/client/sources/MyLoadLibrary.c +++ b/client/sources/MyLoadLibrary.c @@ -66,7 +66,7 @@ static int dprintf(char *fmt, ...) #ifdef VERBOSE va_list marker; int i; - + va_start(marker, fmt); for (i = 0; i < level; ++i) { putchar(' '); @@ -99,6 +99,7 @@ static LIST *_FindMemoryModule(LPCSTR name, HMODULE module) lib = lib->next; } } + dprintf("_FindMemoryModule(%s, %p) -> NONE\n", name, module); return NULL; } @@ -231,3 +232,16 @@ FARPROC MyGetProcAddress(HMODULE module, LPCSTR procname) } else return GetProcAddress(module, procname); } + +FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname) +{ + HCUSTOMMODULE mod = MyGetModuleHandle(modulename); + void *addr = NULL; + dprintf("MyFindProcAddress(%s, %s) -> %p\n", modulename, procname, mod); + if (mod) { + addr = MyGetProcAddress(mod, procname); + } + + dprintf("MyFindProcAddress(%s, %s) -> %p\n", modulename, procname, addr); + return addr; +} diff --git a/client/sources/MyLoadLibrary.h b/client/sources/MyLoadLibrary.h index ce8eb9ba..3f0be551 100644 --- a/client/sources/MyLoadLibrary.h +++ b/client/sources/MyLoadLibrary.h @@ -9,5 +9,6 @@ BOOL MyFreeLibrary(HMODULE); FARPROC MyGetProcAddress(HMODULE, LPCSTR); +FARPROC MyFindProcAddress(LPCSTR modulename, LPCSTR procname); #endif diff --git a/client/sources/pupy.c b/client/sources/pupy.c index 0fba3ce7..adb5405d 100644 --- a/client/sources/pupy.c +++ b/client/sources/pupy.c @@ -69,12 +69,30 @@ static PyObject *Py_load_dll(PyObject *self, PyObject *args) return PyBool_FromLong(0); } +static PyObject *Py_find_function_address(PyObject *self, PyObject *args) +{ + const char *lpDllName = NULL; + const char *lpFuncName = NULL; + void *address = NULL; + printf("DEBUG 0: %s %s\n", lpDllName, lpFuncName); + + if (PyArg_ParseTuple(args, "ss", &lpDllName, &lpFuncName)) { + printf("DEBUG: %s %s\n", lpDllName, lpFuncName); + address = MyFindProcAddress(lpDllName, lpFuncName); + } + + printf("DEBUG 2: %s %s %p\n", lpDllName, lpFuncName, address); + return PyLong_FromVoidPtr(address); +} + static PyMethodDef methods[] = { { "get_pupy_config", Py_get_pupy_config, METH_NOARGS, "get_pupy_config() -> string" }, { "get_arch", Py_get_arch, METH_NOARGS, "get current pupy architecture (x86 or x64)" }, { "_get_compressed_library_string", Py_get_compressed_library_string, METH_VARARGS }, { "reflective_inject_dll", Py_reflective_inject_dll, METH_VARARGS|METH_KEYWORDS, "reflective_inject_dll(pid, dll_buffer, isRemoteProcess64bits)\nreflectively inject a dll into a process. raise an Exception on failure" }, { "load_dll", Py_load_dll, METH_VARARGS, "load_dll(dllname, raw_dll) -> bool" }, + { "find_function_address", Py_find_function_address, METH_VARARGS, + "find_function_address(dllname, function) -> address" }, { NULL, NULL }, /* Sentinel */ }; @@ -83,4 +101,3 @@ initpupy(void) { Py_InitModule3("pupy", methods, module_doc); } -