std::unique_ptr<wasm_instantiated_module_interface>& get_instantiated_module(const digest_type& code_id, const shared_vector<char>& code) { auto it = instantiation_cache.find(code_id); if(it == instantiation_cache.end()) { IR::Module module; try { Serialization::MemoryInputStream stream((const U8*)code.data(), code.size()); WASM::serialize(stream, module); } catch(Serialization::FatalSerializationException& e) { EOS_ASSERT(false, wasm_serialization_error, e.message.c_str()); } wasm_injections::wasm_binary_injection injector(module); injector.inject(); std::vector<U8> bytes; try { Serialization::ArrayOutputStream outstream; WASM::serialize(outstream, module); bytes = outstream.getBytes(); } catch(Serialization::FatalSerializationException& e) { EOS_ASSERT(false, wasm_serialization_error, e.message.c_str()); } it = instantiation_cache.emplace(code_id, runtime_interface->instantiate_module((const char*)bytes.data(), bytes.size(), parse_initial_memory(module))).first; } return it->second; }
ASTTransformer::Result NullDerefProtectionTransformer::Transform(clang::Decl* D) { PointerCheckInjector injector(*m_Interp); injector.TraverseDecl(D); return Result(D, true); }
ASTTransformer::Result NullDerefProtectionTransformer::Transform(clang::Decl* D) { if (getCompilationOpts().CheckPointerValidity) { PointerCheckInjector injector(*m_Interp); injector.TraverseDecl(D); } return Result(D, true); }
int main() { fruit::NormalizedComponent<> normalizedComponent(getComponent()); fruit::Injector<XAnnot> injector(normalizedComponent, getComponent2()); injector.get<XAnnot>(); return 0; }
main(int argc, char** argv) { /* assign the interface victim machine's ip and mac spoofed machine's ip and mac */ interface=argv[1]; victim_ip=argv[3]; spoofed_mac=argv[4]; spoofed_ip=argv[5]; victim_mac=argv[2]; injector(); return 0; }
void NullDerefProtectionTransformer::Transform() { FunctionDecl* FD = getTransaction()->getWrapperFD(); if (!FD) return; CompoundStmt* CS = dyn_cast<CompoundStmt>(FD->getBody()); assert(CS && "Function body not a CompundStmt?"); IfStmtInjector injector((*m_Sema)); CompoundStmt* newCS = injector.Inject(CS); FD->setBody(newCS); }
ASTTransformer::Result NullDerefProtectionTransformer::Transform(clang::Decl* D) { FunctionDecl* FD = dyn_cast<FunctionDecl>(D); if (!FD || FD->isFromASTFile()) return Result(D, true); CompoundStmt* CS = dyn_cast_or_null<CompoundStmt>(FD->getBody()); if (!CS) return Result(D, true); PointerCheckInjector injector(*m_Sema); injector.Visit(CS); return Result(FD, true); }
int main() { fruit::Injector<> injector(getComponent()); X* x = injector.unsafeGet<X>(); Y* y = injector.unsafeGet<Y>(); Z* z = injector.unsafeGet<Z>(); (void) x; (void) y; (void) z; assert(x != nullptr); assert(y != nullptr); assert(z == nullptr); return 0; }
// Unload library from remote process. bool InjectLibrary::unloadLib() { GenericInjector injector(process_); INJECT_CODEPAYLOAD code = createUnloadLibCode(); INJECT_DATAPAYLOAD data = createUnloadLibData(); bool errorFlag = false; injector.doInjection(data, code); // Read back return value from freelibrary call. char* readAddress = (char*)injector.getAddrOfData(); readAddress += sizeof(void*) + sizeof(HMODULE); int error; process_.readMemory(readAddress, &error, sizeof(int)); errorFlag = (error != 0); free(code.code); free(data.data); return errorFlag; }
int main() { fruit::NormalizedComponent<fruit::Required<XAnnot>, Y> normalizedComponent(getComponent()); X x{}; fruit::Injector<XAnnot> injector(normalizedComponent, fruit::Component<XAnnot>(fruit::createComponent().bindInstance<XAnnot>(x))); injector.get<fruit::Annotated<Annotation, X*>>(); fruit::Injector<Y> injector2(normalizedComponent, getXComponent(x)); injector2.get<Y*>(); fruit::Injector<Y> injector3(normalizedComponent, getXComponent(x)); injector3.get<Y*>(); fruit::Injector<XAnnot> injector4(normalizedComponent, fruit::Component<XAnnot>(fruit::createComponent().bindInstance<XAnnot>(x))); injector4.get<fruit::Annotated<Annotation, X*>>(); return 0; }
void IDAStealth::StealthSession::dbgAttachThread(unsigned int processID, const std::string& configFile, const std::string profile) { try { performCommonInit(); if (ipc_) ipc_->remove(); ipc_ = IPCConfigExchangeWriter_Ptr(new IPC::IPCConfigExchangeWriter(processID)); ipc_->setConfigFile(configFile); ipc_->setProfile(profile); ipc_->setPERestoreRequired(false); Process process(processID); InjectLibrary injector(getStealthDllPath(), process); bool injected = injector.injectLib(); if (injected) logString("Successfully injected stealth dll (while attaching to process)"); else logString("Injection of stealth dll failed (while attaching to process)!"); } catch (const std::exception& e) { logString(e.what()); } }
int main() { { /*<<create injector with deduced `interface`>>*/ auto injector = di::make_injector( di::deduce<implementation>() ); /*<<create `example`>>*/ injector.create<example>(); } { /*<<create injector with deduced `interface`>>*/ using injector = di::injector< implementation >; /*<<create `example`>>*/ injector().create<example>(); } return 0; }
int main() { fruit::NormalizedComponent<fruit::Required<fruit::Annotated<Annotation, X>>> normalizedComponent(getComponent()); fruit::Injector<> injector(normalizedComponent, fruit::Component<>(fruit::createComponent())); return 0; }
INJECT_CODEPAYLOAD InjectLibrary::createLoadLibCode() { size_t s, e; void* source; __asm { mov s, offset _start mov e, offset _end mov source, offset _start jmp _end // we only want to copy this code - not execute it so jump over it _start: // create standard stack frame push ebp mov ebp, esp push esi push edi mov esi, [ebp+8] // get first param, ESI now points to strcut mov edi, [esi] // get loadlibrary pointer lea ecx, [esi+4] // get addres of dll filename push ecx call edi // call loadlibrary lea ecx, [esi+MAX_PATH+4] // let EBX point to the handle entry in our struct mov [ecx], eax // save handle xor eax, eax pop edi pop esi pop ebp ret _end: } INJECT_CODEPAYLOAD tmpPayload; tmpPayload.size = e - s; tmpPayload.code = malloc(tmpPayload.size); // Copying code from code section should always work. memcpy(tmpPayload.code, source, tmpPayload.size); return tmpPayload; } #pragma warning(default : 4731 4740) // Inject code into remote process to load the library. bool InjectLibrary::injectLib() { GenericInjector injector(process_); INJECT_DATAPAYLOAD data = createLoadLibData(); INJECT_CODEPAYLOAD code = createLoadLibCode(); injector.doInjection(data, code); free(data.data); free(code.code); // Read back dll handle. char* readAddress = (char*)injector.getAddrOfData(); readAddress += MAX_PATH + sizeof(HANDLE); HMODULE hRemoteDll; process_.readMemory(readAddress, (void*)&hRemoteDll, sizeof(HMODULE)); hDll_ = hRemoteDll; return (hDll_ == 0 ? false : true); }
int main() { fruit::NormalizedComponent<> normalizedComponent(fruit::createComponent()); fruit::Injector<X> injector(normalizedComponent, fruit::Component<>(fruit::createComponent())); return 0; }
int main() { fruit::NormalizedComponent<XAnnot> normalizedComponent(fruit::createComponent()); fruit::Injector<XAnnot> injector(normalizedComponent, getComponent()); return 0; }
int main() { fruit::NormalizedComponent<> normalizedComponent(fruit::createComponent()); fruit::Injector<X> injector(std::move(normalizedComponent), fruit::createComponent()); return 0; }
//------------------------------------------------------- void OdbcPersistor::RestoreAll() { int connectionAttempts = 0; bool errorReported = false; EntityIdSet restoredObjects; const int binaryLargeSize = Safir::Dob::PersistenceParameters::BinaryDataColumnSize(); const int binarySmallSize = Safir::Dob::PersistenceParameters::BinarySmallDataColumnSize(); const int xmlSize = Safir::Dob::PersistenceParameters::XmlDataColumnSize(); SQLHDBC getAllConnection = SQL_NULL_HANDLE; bool isConnected = false; bool getAllIsValid = false; SQLHSTMT getAllStatement = SQL_NULL_HANDLE; Safir::Dob::Typesystem::Int64 typeId = 0; Safir::Dob::Typesystem::Int64 instance = 0; Safir::Dob::Typesystem::Int64 handlerId = 0; boost::scoped_array<unsigned char> storeBinarySmallData(new unsigned char[binarySmallSize]); SQLLEN currentSmallDataSize = 0; boost::scoped_array<unsigned char> storeBinaryLargeData(new unsigned char[binaryLargeSize]); SQLLEN currentLargeDataSize = 0; boost::scoped_array<char> xmlBuffer(new char[xmlSize]); boost::scoped_array<wchar_t> xmlBufferW(new wchar_t[xmlSize / sizeof(wchar_t)]); SQLLEN currentXmlSize = 0; const boost::chrono::steady_clock::time_point startTime = boost::chrono::steady_clock::now(); const SQLRETURN ret = ::SQLAllocHandle(SQL_HANDLE_DBC, m_environment, &getAllConnection); if (!SQL_SUCCEEDED(ret)) { OdbcHelper::ThrowException(SQL_HANDLE_ENV, m_environment); } bool done = false; while (!done) { try { ConnectIfNeeded(getAllConnection, isConnected, connectionAttempts); for (;;) { //getAll statement execution (will loop here until we successfully execute) if (!getAllIsValid) { m_helper.AllocStatement(&getAllStatement, getAllConnection); m_helper.Prepare( getAllStatement, "SELECT typeId, instance, handlerid, xmlData, binaryData, binarySmallData " "FROM PersistentEntity"); m_helper.BindColumnInt64(getAllStatement, 1, &typeId); m_helper.BindColumnInt64(getAllStatement, 2, &instance); m_helper.BindColumnInt64(getAllStatement, 3, &handlerId); if (Safir::Dob::PersistenceParameters::TextColumnsAreUtf8()) { BindColumnString(getAllStatement, 4, xmlSize, xmlBuffer.get(), ¤tXmlSize); } else { BindColumnStringW(getAllStatement, 4, xmlSize / sizeof(wchar_t), xmlBufferW.get(), ¤tXmlSize); } m_helper.BindColumnBinary(getAllStatement, 5, binaryLargeSize, storeBinaryLargeData.get(), ¤tLargeDataSize); m_helper.BindColumnBinary(getAllStatement, 6, binarySmallSize, storeBinarySmallData.get(), ¤tSmallDataSize); } try { m_helper.Execute(getAllStatement); break; } catch(const OdbcException& e) { const std::wstring err = Safir::Dob::Typesystem::Utilities::ToWstring(e.what()); m_debug << "Caught a RetryException in GetAll:\n" << err << std::endl; boost::this_thread::sleep_for(RETRY_EXCEPTION_DELAY); } } for (;;) { if (!m_helper.Fetch(getAllStatement)) {//we've got all rows! done = true; break; } const Safir::Dob::Typesystem::EntityId entityId (typeId, Safir::Dob::Typesystem::InstanceId(instance)); const Safir::Dob::Typesystem::HandlerId handler(handlerId); auto findIt = GetPersistentTypes().find(entityId.GetTypeId()); if (findIt == GetPersistentTypes().end()) { //not to be persisted! Remove(entityId); continue; } if (restoredObjects.find(entityId) != restoredObjects.end()) { //already restored this object continue; } try { Safir::Dob::ConnectionAspectInjector injector(m_dobConnection); if (currentXmlSize != SQL_NULL_DATA) { //some xml persistent data set std::wstring xml; if (Safir::Dob::PersistenceParameters::TextColumnsAreUtf8()) { xml = Safir::Dob::Typesystem::Utilities::ToWstring(xmlBuffer.get()); } else { xml = xmlBufferW.get(); } m_debug << "Restoring from xml" << entityId << ", size = " << xml.size() << ". First 100 chars of the data: " << xml.substr(0,100) << std::endl; const Safir::Dob::Typesystem::ObjectPtr object = Safir::Dob::Typesystem::Serialization::ToObject(xml); const Safir::Dob::EntityPtr entity = boost::dynamic_pointer_cast<Safir::Dob::Entity>(object); m_debug << "Successfully deserialized" <<std::endl; injector.InitialSet(entity, entityId.GetInstanceId(), handler); m_debug << "InitialSet successful"<<std::endl; Safir::Dob::Typesystem::BinarySerialization bin; Safir::Dob::Typesystem::Serialization::ToBinary(entity, bin); Store(entityId, handler, bin, true); m_debug << "Stored it as binary" << std::endl; } else if (currentSmallDataSize != SQL_NULL_DATA) { const char * const data = reinterpret_cast<const char * const>(storeBinarySmallData.get()); m_debug << "Restoring " << entityId << " from binary " <<std::endl; Safir::Dob::EntityPtr entity = boost::dynamic_pointer_cast<Safir::Dob::Entity> (Safir::Dob::Typesystem::ObjectFactory::Instance().CreateObject(data)); m_debug << "Successfully deserialized" <<std::endl; injector.InitialSet(entity, entityId.GetInstanceId(), handler); m_debug << "InitialSet successful"<<std::endl; } else { if (currentLargeDataSize != SQL_NULL_DATA) { //some binarypersistent data set const char * const data = reinterpret_cast<const char * const>(storeBinaryLargeData.get()); m_debug << "Restoring " << entityId << " from binary " <<std::endl; Safir::Dob::EntityPtr entity = boost::dynamic_pointer_cast<Safir::Dob::Entity> (Safir::Dob::Typesystem::ObjectFactory::Instance().CreateObject(data)); m_debug << "Successfully deserialized" <<std::endl; injector.InitialSet(entity, entityId.GetInstanceId(), handler); m_debug << "InitialSet successful"<<std::endl; } else { m_debug << "No data set for " << entityId <<std::endl; } } //add the objectid to the list of objectids that we've done, so that we can resume from where //we were in case the db goes down during restore restoredObjects.insert(entityId); } catch(const Safir::Dob::Typesystem::IllegalValueException &) { m_debug << "Could not restore " << entityId.ToString() << ", removing it" << std::endl; Safir::Logging::SendSystemLog(Safir::Logging::Error, L"Failed to restore entity" + entityId.ToString() + L", will remove persisted data."); //we don't want to try it again if the connection fails later. restoredObjects.insert(entityId); //remove the row from the db Remove(entityId); //since we did not remove the objectid from persistentObjects an empty row will be inserted below. } } } catch(const OdbcException& e) { const std::wstring err = Safir::Dob::Typesystem::Utilities::ToWstring(e.what()); m_debug << "Caught a ReconnectException in RestoreAll:\n" << err << std::endl; if (connectionAttempts > REPORT_AFTER_RECONNECTS && !errorReported) { Safir::Logging::SendSystemLog(Safir::Logging::Error, L"RestoreAll: Failed to connect to the database, will keep trying. Exception info: " + err); errorReported = true; } if (isConnected) { Disconnect(getAllConnection); isConnected = false; } getAllIsValid = false; boost::this_thread::sleep_for(RECONNECT_EXCEPTION_DELAY); } } if (errorReported) { Safir::Logging::SendSystemLog(Safir::Logging::Informational, L"Successfully connected to the database"); errorReported = false; connectionAttempts = 0; } try { if (isConnected) { Disconnect(getAllConnection); } FreeConnection(getAllConnection); } catch(const OdbcException& e) { const std::wstring err = Safir::Dob::Typesystem::Utilities::ToWstring(e.what()); Safir::Logging::SendSystemLog(Safir::Logging::Error, L"Whoops. Error while disconnecting the getAllConnection. Ignoring this and moving on. Exception info: " + err); } m_debug << "RestoreAll completed: " << restoredObjects.size() << " objects restored in time " << boost::chrono::steady_clock::now() - startTime << std::endl; }