/* Finds the pointers to target functions by searching their patterns in the .text section of the current module
*/
BOOL FindTargetFunctions(DWORD* pLdiscSend, DWORD* pTermData)
{
UCHAR modulePath[MAX_PATH];
DWORD moduleBaseAddress;
DWORD textSectionAddress;
DWORD textSectionSize;
DWORD numBytes;
GetModuleFileName(NULL, modulePath, MAX_PATH);
sprintf(buffer, "[+] [%i] Target path: %s\n", processID, modulePath);
WritePipeMessage(logPipe, buffer);
moduleBaseAddress = GetModuleBaseAddress();
if(GetTextSection(modulePath, &textSectionAddress, &textSectionSize) == FALSE) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find .text section\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
} else {
sprintf(buffer, "[+] [%i] Base address: %08x\n", processID, moduleBaseAddress);
WritePipeMessage(logPipe, buffer);
sprintf(buffer, "[+] [%i] .text start address: %08x\n", processID, textSectionAddress);
WritePipeMessage(logPipe, buffer);
sprintf(buffer, "[+] [%i] .text size: %08x\n", processID, textSectionSize);
WritePipeMessage(logPipe, buffer);
}
/* Find ldisc_send() address in .text section of Putty.exe */
HexStringToBytes(LDISC_SEND_SIGN1, buffer);
*pLdiscSend = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(LDISC_SEND_SIGN1) / 2);
if (*pLdiscSend == 0) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find ldisc_send()\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
}
/* Find term_data() address in .text section of Putty.exe */
/* Try all signatures */
HexStringToBytes(TERM_DATA_SIGN1, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN1) / 2);
if (*pTermData == 0) {
HexStringToBytes(TERM_DATA_SIGN2, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN2) / 2);
if (*pTermData == 0) {
HexStringToBytes(TERM_DATA_SIGN3, buffer);
*pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize,
(const unsigned char*)buffer, strlen(TERM_DATA_SIGN3) / 2);
if (*pTermData == 0) {
sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find term_data()\n");
WritePipeMessage(logPipe, buffer);
return FALSE;
}
}
}
return TRUE;
}
static int ProcessRawProfile(const char* profile, size_t profile_len,
MetadataPayload* const payload) {
const char* src = profile;
char* end;
int expected_length;
if (profile == NULL || profile_len == 0) return 0;
// ImageMagick formats 'raw profiles' as
// '\n<name>\n<length>(%8lu)\n<hex payload>\n'.
if (*src != '\n') {
fprintf(stderr, "Malformed raw profile, expected '\\n' got '\\x%.2X'\n",
*src);
return 0;
}
++src;
// skip the profile name and extract the length.
while (*src != '\0' && *src++ != '\n') {}
expected_length = (int)strtol(src, &end, 10);
if (*end != '\n') {
fprintf(stderr, "Malformed raw profile, expected '\\n' got '\\x%.2X'\n",
*end);
return 0;
}
++end;
// 'end' now points to the profile payload.
payload->bytes = HexStringToBytes(end, expected_length);
if (payload->bytes == NULL) return 0;
payload->size = expected_length;
return 1;
}
int main()
{
int success;
//HexToValue TEST
success = 1;
if( HexToValue( 'd' ) != HexToValue( 'D' ) )
success = 0;
if( HexToValue( 'Z' ) != 255 )
success = 0;
if( HexToValue( 'b' ) != 11 )
success = 0;
if( HexToValue( '4' ) != 4 )
success = 0;
evaluate("HEXTOVALUE",success);
//EOT
//HEXTOBYTE
success = 1;
if( HexToByte( '1', '2' ) != 0x12 )
success = 0;
if( HexToByte( 'a', 'B' ) != 0xAB )
success = 0;
if( HexToByte( '3', '4' ) != 0x34 )
success = 0;
if( HexToByte( '1', '2' ) != 0x12 )
success = 0;
evaluate("HEXTOBYTE",success);
//EOT
//B64ToValue
success = 1;
if( B64ToValue( 'a' ) != 26 )
success = 0;
if( B64ToValue( 'B' ) != 1 )
success = 0;
if( B64ToValue( '+' ) != 62 )
success = 0;
if( B64ToValue( 'Z' ) != 25 )
success = 0;
evaluate("B64ToVal",success);
//EOT
//ValueToHex
success = 1;
if( ValueToHex(3) != '3' )
success = 0;
if( ValueToHex(11) != 'B' )
success = 0;
if( ValueToHex(18) != -1 )
success = 0;
evaluate("ValueToHex",success);
//EOT
//ValueToB64
success = 1;
if( ValueToB64(3) != 'D' )
success = 0;
if( ValueToB64(42) != 'q' )
success = 0;
if( ValueToB64(55) != '3' )
success = 0;
if( ValueToB64(62) != '+' )
success = 0;
if( ValueToB64(63) != '/' )
success = 0;
if( ValueToB64(66) != -1 )
success = 0;
evaluate("ValueToB64",success);
//B64ToBytes
success = 1;
byte_t *b = malloc(3);
if( ( B64ToBytes( b, "TWlL" ) != 0) )
success = 0;
if( b[0] != 0x4D || b[1] != 0x69 || b[2] != 0x4B )
success = 0;
if( ( B64ToBytes( b, "Z29z" ) != 0) )
success = 0;
if( b[0] != 0x67 || b[1] != 0x6F || b[2] != 0x73 )
success = 0;
if( ( B64ToBytes( b, "YQ==" ) != 0) )
success = 0;
if( b[0] != 0x61 || b[1] != 0x00 || b[2] != 0x00 )
success = 0;
if( ( B64ToBytes( b, "YWM=" ) != 0) )
success = 0;
if( b[0] != 0x61 || b[1] != 0x63 || b[2] != 0x00 )
success = 0;
evaluate("B64ToBytes",success);
//EOT
//ByteToHex
success = 1;
char b2h[3];
b2h[2] = '\0';
ByteToHex( b2h ,0xAF );
if( b2h[0] != 'A' || b2h[1] != 'F' )
success = 0;
ByteToHex( b2h ,0x02 );
if( b2h[0] != '0' || b2h[1] != '2' )
success = 0;
evaluate("ByteToHex",success);
//EOT
//BytesToB64
char b2b[4];
BytesToB64( b2b, (unsigned char *)"gat", 3);
if( b2b[0] != 'Z' || b2b[1] != '2' || b2b[2] != 'F' || b2b[3] != '0' )
success = 0;
BytesToB64( b2b, (unsigned char *)"pa", 2);
if( b2b[0] != 'c' || b2b[1] != 'G' || b2b[2] != 'E' || b2b[3] != '=' )
success = 0;
BytesToB64( b2b, (unsigned char *)"g", 1);
if( b2b[0] != 'Z' || b2b[1] != 'w' || b2b[2] != '=' || b2b[3] != '=' )
success = 0;
evaluate("BytesToB64",success);
//EOT
//HexStringToBytes
success = 1;
byte_t *dest;
int temp = HexStringToBytes( &dest, LOREMHEX );
char * str;
BytesToString( &str, dest, (size_t)temp );
if( strcmp( str, LOREM ) )
success = 0;
free(dest);
free(str);
evaluate("HexStringToBytes",success);
//EOT
//B64StringToBytes
success = 1;
temp = B64StringToBytes( &dest, LOREMB64 );
BytesToString( &str, dest, (size_t)temp );
if( strcmp( str, LOREM ) )
success = 0;
free(dest);
free(str);
evaluate("B64StringToBytes",success);
//EOT
//BytesToHexString
success = 1;
dest = (byte_t *) LOREM;
BytesToHexString( &str, dest, strlen( LOREM ) );
if( strcmp( LOREMHEX, str ) )
success = 0;
evaluate("BytesToHexString",success);
//BytesToB64String
success = 1;
BytesToB64String( &str, (byte_t *)LOREM, strlen(LOREM) );
if( strcmp( LOREMB64, str ) )
success = 0;
evaluate("B64StringToBytes",success);
free(str);
BytesToB64String( &str, (byte_t *)"A", 1 );
if( strcmp( str, "QQ==" ) )
success = 0;
free(str);
BytesToB64String( &str, (byte_t *)"AB", 2 );
if( strcmp( str, "QUI=" ) )
success = 0;
free(str);
BytesToB64String( &str,(byte_t *)"ABC", 3 );
if( strcmp( str, "QUJD" ) )
success = 0;
free(str);
evaluate("B64StringToBytes",success);
//eot
return 0;
}
ErrorCode CDispLRegFilter::BuildRegFilter(XmlData::Element* element)
{
m_Name = element->getAttribute(WSTR("name"));
m_Src = element->getAttribute(WSTR("src"));
XmlData::Node* node = element->get_firstChild();
while (node)
{
XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
if (element)
{
String tagName = element->get_tagName();
if (tagName == L"inputpin" ||
tagName == L"outputpin")
{
CLRegPin* pRegPin = new CLRegPin;
if (tagName == L"inputpin")
{
pRegPin->m_dir = PINDIR_INPUT;
}
else// if (!wcscmp(tagName, L"outputpin"))
{
pRegPin->m_dir = PINDIR_OUTPUT;
}
String minOccurs = element->getAttribute(WSTR("minOccurs"));
String maxOccurs = element->getAttribute(WSTR("maxOccurs"));
pRegPin->m_name = element->getAttribute(WSTR("name"));
XmlData::Element* mediaTypes = GetElementByTagNameNS(element, NULL, WSTR("mediatypes"), false);
if (mediaTypes)
{
XmlData::Node* node = mediaTypes->get_firstChild();
while (node)
{
XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
if (element)
{
String tagName = element->get_tagName();
if (tagName == "mediatype")
{
CLRegMediaType* pRegMediaType = new CLRegMediaType;
String majortype = element->getAttribute(WSTR("majortype"));
if (majortype.Compare(WSTR("stream")) == 0)
{
pRegMediaType->m_majortype = LMEDIATYPE_Stream;
XmlData::Element* streamcontent = GetElementByTagNameNS(element, NULL, WSTR("streamcontent"), false);
if (streamcontent)
{
XmlData::Node* node = streamcontent->get_firstChild();
while (node)
{
XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
if (element)
{
String tagName = element->get_tagName();
if (tagName == "match")
{
CMatch match;
XmlData::Node* node = element->get_firstChild();
while (node)
{
XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
if (element)
{
String tagName = element->get_tagName();
if (tagName == "pattern")
{
String value = element->getAttribute(WSTR("value"));
if (value != NULL)
{
BytePattern pattern;
String offset = element->getAttribute(WSTR("offset"));
if (offset != NULL)
//pattern.m_offset = _wtoi64(offset.c_str());
pattern.m_offset = str2int(CString(offset));
else
pattern.m_offset = 0;
String v = stripspaces(value);
pattern.m_length = v.GetLength()/2;
pattern.m_value = new uint8[pattern.m_length];
HexStringToBytes(CStringw(v), pattern.m_value, pattern.m_length);
pattern.m_mask = new uint8[pattern.m_length];
String mask = element->getAttribute(WSTR("mask"));
int masklen;
if (mask != NULL)
{
v = stripspaces(mask);
masklen = MIN(v.GetLength()/2, pattern.m_length);
HexStringToBytes(CStringw(v), pattern.m_mask, masklen);
}
else
masklen = 0;
while (masklen < pattern.m_length) // Fill rest with 0xFF
{
pattern.m_mask[masklen++] = 0xFF;
}
match.m_patterns.Add(pattern);
}
}
}
node = node->get_nextSibling();
}
pRegMediaType->m_streamcontent.m_matches.Add(match);
}
}
node = node->get_nextSibling();
}
}
}
else if (majortype.Compare(WSTR("video")) == 0)
{
pRegMediaType->m_majortype = LMEDIATYPE_Video;
}
else if (majortype.Compare(WSTR("audio")) == 0)
{
pRegMediaType->m_majortype = LMEDIATYPE_Audio;
}
else if (majortype.Compare(WSTR("scene")) == 0)
{
pRegMediaType->m_majortype = LMEDIATYPE_Scene;
}
else
{
// TODO
ASSERT(0);
}
pRegPin->m_mediaTypes.Add(pRegMediaType);
}
}
node = node->get_nextSibling();
}
}
m_RegPins.Add(pRegPin);
}
}
node = node->get_nextSibling();
}
return 0;
}
