Beispiel #1
0
// TCP
static WINDOWS::INT replacementTCP(
	AFUNPTR functionTCP, 
	WINDOWS::SOCKET s,
	WINDOWS::CHAR *buf,
	WINDOWS::INT len,
	WINDOWS::INT flags,
	CONTEXT *ctx,
	WINDOWS::CHAR * functionName
	)
{
	WINDOWS::INT retval = 0;
	
	PIN_CallApplicationFunction(
		ctx, 
		PIN_ThreadId(),
		CALLINGSTD_STDCALL, functionTCP, // send or recv
		PIN_PARG(WINDOWS::INT), &retval, // return value first
		PIN_PARG(WINDOWS::SOCKET), s, 
		PIN_PARG(WINDOWS::CHAR *), buf,
		PIN_PARG(WINDOWS::INT), len,
		PIN_PARG(WINDOWS::INT), flags,
		PIN_PARG_END()
		);
	
	
	if ( retval != -1 ) 
	{
		fprintf( LogFile, "%s [%d]:\r\n", functionName, retval );
		fprintf( LogFile, "{\r\n" );
		PrintHexBuffer( buf, retval, KnobAsciiMode );
		fprintf( LogFile, "}\r\n" );
	}
	fflush( LogFile );
	return retval;
}
Beispiel #2
0
static WINDOWS::INT replacementWSASendTo(
	AFUNPTR functionWSASendTo, 
	WINDOWS::SOCKET s,
	WINDOWS::LPWSABUF lpBuffers,
	WINDOWS::DWORD dwBufferCount,
	WINDOWS::LPDWORD lpNumberOfBytesSend,
	WINDOWS::DWORD dwFlags,
	WINDOWS::SOCKADDR * lpTo,
	WINDOWS::INT iToLen,
	WINDOWS::LPWSAOVERLAPPED lpOverlapped,
	WINDOWS::LPWSAOVERLAPPED_COMPLETION_ROUTINE lpCompletionRoutine,
	CONTEXT *ctx,
	WINDOWS::CHAR * functionName
	)
{
	WINDOWS::INT retval = 0;
	
	PIN_CallApplicationFunction(
		ctx, 
		PIN_ThreadId(),
		CALLINGSTD_STDCALL, functionWSASendTo, // send or recv
		PIN_PARG(WINDOWS::INT), &retval, // return value first
		PIN_PARG(WINDOWS::SOCKET), s,
		PIN_PARG(WINDOWS::LPWSABUF), lpBuffers,
		PIN_PARG(WINDOWS::DWORD), dwBufferCount,
		PIN_PARG(WINDOWS::LPDWORD), lpNumberOfBytesSend,
		PIN_PARG(WINDOWS::DWORD), dwFlags,
		PIN_PARG(WINDOWS::SOCKADDR *), lpTo,
		PIN_PARG(WINDOWS::INT),	iToLen,
		PIN_PARG(WINDOWS::LPWSAOVERLAPPED),	lpOverlapped,
		PIN_PARG(WINDOWS::LPWSAOVERLAPPED_COMPLETION_ROUTINE), lpCompletionRoutine,
		PIN_PARG_END()
		);
	
	
	if ( retval != -1 ) 
	{
		fprintf( LogFile, "%s [%d]:\r\n", functionName, retval );
		fprintf( LogFile, "{\r\n" );
		PrintHexBuffer( (char *)lpBuffers, retval, KnobAsciiMode );
		fprintf( LogFile, "}\r\n" );
	}
	fflush( LogFile );
	return retval;
}
Beispiel #3
0
void OutputReceivedMessage(const Hekate::Protobuf::Proto::Server::HekateMessage &msg)
{
    if (!msg.has_hook_info())
    {
        std::cerr << "Missing Hekate -> client message.\n";
        exit(-1);
    }

    if (msg.hook_info().has_send())
    {
        auto hookmsg = msg.hook_info().send();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        std::cout << "Buffer: ";
        PrintHexBuffer(hookmsg.buffer().c_str(), hookmsg.length());
        std::cout << "Length: 0x" << std::hex << hookmsg.length() << std::endl;
    }
    else if (msg.hook_info().has_sendto())
    {
        auto hookmsg = msg.hook_info().sendto();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        std::cout << "Buffer: ";
        PrintHexBuffer(hookmsg.buffer().c_str(), hookmsg.length());
        std::cout << "Length: 0x" << std::hex << hookmsg.length() << std::endl;
        std::cout << "to struct address: 0x" << std::hex << hookmsg.to_address() << std::endl;
        std::cout << "to address length: 0x" << std::hex << hookmsg.to_length() << std::endl;
    }
    else if (msg.hook_info().has_wsasend())
    {
        auto hookmsg = msg.hook_info().wsasend();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        for (int i = 0; i < hookmsg.count(); ++i)
        {
            std::cout << "Buffer #" << i << std::endl;
            PrintHexBuffer(hookmsg.buffers(i).c_str(), hookmsg.buffer_size(i));
        }
        std::cout << "Count: 0x" << std::hex << hookmsg.count() << std::endl;
        std::cout << "Bytes sent address: 0x" << std::hex << hookmsg.bytes_sent_address() << std::endl;
        std::cout << "Flags: 0x" << std::hex << hookmsg.flags() << std::endl;
        std::cout << "Overlapped address: 0x" << std::hex << hookmsg.overlapped_address() << std::endl;
        std::cout << "Overlapped routine address: 0x" << std::hex << hookmsg.overlapped_routine_address() << std::endl;
    }
    else if (msg.hook_info().has_wsasendto())
    {
        auto hookmsg = msg.hook_info().wsasendto();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        for (int i = 0; i < hookmsg.count(); ++i)
        {
            std::cout << "Buffer #" << i << std::endl;
            PrintHexBuffer(hookmsg.buffers(i).c_str(), hookmsg.buffer_size(i));
        }
        std::cout << "Count: 0x" << std::hex << hookmsg.count() << std::endl;
        std::cout << "Bytes sent address: 0x" << std::hex << hookmsg.bytes_sent_address() << std::endl;
        std::cout << "Flags: 0x" << std::hex << hookmsg.flags() << std::endl;
        std::cout << "to struct address: 0x" << std::hex << hookmsg.to_address() << std::endl;
        std::cout << "to struct length: 0x" << std::hex << hookmsg.to_length() << std::endl;
        std::cout << "Overlapped address: 0x" << std::hex << hookmsg.overlapped_address() << std::endl;
        std::cout << "Overlapped routine address: 0x" << std::hex << hookmsg.overlapped_routine_address() << std::endl;

    }
    else if (msg.hook_info().has_recv())
    {
        auto hookmsg = msg.hook_info().recv();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        std::cout << "Buffer: ";
        std::cout << "Buffer address: " << hookmsg.buffer() << std::endl;
        std::cout << "Length: 0x" << std::hex << hookmsg.length() << std::endl;
    }
    else if (msg.hook_info().has_recvfrom())
    {
        auto hookmsg = msg.hook_info().recvfrom();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        std::cout << "Buffer: ";
        std::cout << "Buffer address: " << hookmsg.buffer() << std::endl;
        std::cout << "Length: 0x" << std::hex << hookmsg.length() << std::endl;
        std::cout << "from struct address: 0x" << std::hex << hookmsg.from_address() << std::endl;
        std::cout << "from length address: 0x" << std::hex << hookmsg.from_length_address() << std::endl;
    }
    else if (msg.hook_info().has_wsarecv())
    {
        auto hookmsg = msg.hook_info().wsarecv();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        for (int i = 0; i < hookmsg.count(); ++i)
        {
            std::cout << "Buffer #" << i << std::endl;
            std::cout << "Buffer address: " << hookmsg.buffers(i) << std::endl;
        }
        std::cout << "Count: 0x" << std::hex << hookmsg.count() << std::endl;
        std::cout << "Bytes received address: 0x" << std::hex << hookmsg.bytes_received_address() << std::endl;
        std::cout << "Flags address: 0x" << std::hex << hookmsg.flags_address() << std::endl;
        std::cout << "Overlapped address: 0x" << std::hex << hookmsg.overlapped_address() << std::endl;
        std::cout << "Overlapped routine address: 0x" << std::hex << hookmsg.overlapped_routine_address() << std::endl;
    }
    else if (msg.hook_info().has_wsarecvfrom())
    {
        auto hookmsg = msg.hook_info().wsarecvfrom();
        std::cout << "Socket: 0x" << std::hex << hookmsg.socket() << std::endl;
        for (int i = 0; i < hookmsg.count(); ++i)
        {
            std::cout << "Buffer #" << i << std::endl;
            std::cout << "Buffer address: " << hookmsg.buffers(i) << std::endl;
        }
        std::cout << "Count: 0x" << std::hex << hookmsg.count() << std::endl;
        std::cout << "Bytes received address: 0x" << std::hex << hookmsg.bytes_received_address() << std::endl;
        std::cout << "Flags address: 0x" << std::hex << hookmsg.flags_address() << std::endl;
        std::cout << "from struct address: 0x" << std::hex << hookmsg.from_address() << std::endl;
        std::cout << "from struct length: 0x" << std::hex << hookmsg.from_length_address() << std::endl;
        std::cout << "Overlapped address: 0x" << std::hex << hookmsg.overlapped_address() << std::endl;
        std::cout << "Overlapped routine address: 0x" << std::hex << hookmsg.overlapped_routine_address() << std::endl;
    }
    else if(msg.has_acknowledge())
    {
        std::cout << "Received acknowledge message from server." << std::endl;
        std::cout << "Code: " << msg.acknowledge().debug_response_id() << std::endl;
    }
    else if (msg.hook_info().has_filter_message())
    {
        auto filtermsg = msg.hook_info().filter_message();
        std::cout << "Received filter hit message." << std::endl;
        std::cout << "Filter hit id: 0x" << std::hex << filtermsg.filter_id() << std::endl;
        if (filtermsg.broken())
        {
            std::cout << "Application is currently in a paused state." << std::endl;
        }
    }
    else
    {
        std::cerr << "Received unknown/empty message from server." << std::endl;
    }
}