Пример #1
0
/* Finds the pointers to target functions by searching their patterns in the .text section of the current module
 */
BOOL FindTargetFunctions(DWORD* pLdiscSend, DWORD* pTermData)
{
    UCHAR   modulePath[MAX_PATH];
    DWORD   moduleBaseAddress;
    DWORD   textSectionAddress;
    DWORD   textSectionSize;
    DWORD   numBytes;

    GetModuleFileName(NULL, modulePath, MAX_PATH);
    sprintf(buffer, "[+] [%i] Target path: %s\n", processID, modulePath);
    WritePipeMessage(logPipe, buffer);    

    moduleBaseAddress = GetModuleBaseAddress();
    if(GetTextSection(modulePath, &textSectionAddress, &textSectionSize) == FALSE) {
        sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find .text section\n");
        WritePipeMessage(logPipe, buffer);
        return FALSE;
    } else {
        sprintf(buffer, "[+] [%i] Base address: %08x\n", processID, moduleBaseAddress);
        WritePipeMessage(logPipe, buffer);
        sprintf(buffer, "[+] [%i] .text start address: %08x\n", processID, textSectionAddress);
        WritePipeMessage(logPipe, buffer);
        sprintf(buffer, "[+] [%i] .text size: %08x\n", processID, textSectionSize);
        WritePipeMessage(logPipe, buffer);
    }
    
    /* Find ldisc_send() address in .text section of Putty.exe */
    HexStringToBytes(LDISC_SEND_SIGN1, buffer);    
    *pLdiscSend = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, 
                                (const unsigned char*)buffer, strlen(LDISC_SEND_SIGN1) / 2);
    if (*pLdiscSend == 0) {
        sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find ldisc_send()\n");
        WritePipeMessage(logPipe, buffer);
        return FALSE;
    }    
    
    /* Find term_data() address in .text section of Putty.exe */
    /* Try all signatures */
    HexStringToBytes(TERM_DATA_SIGN1, buffer);    
    *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, 
                                (const unsigned char*)buffer, strlen(TERM_DATA_SIGN1) / 2);
    if (*pTermData == 0) {
        HexStringToBytes(TERM_DATA_SIGN2, buffer);    
        *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, 
                                    (const unsigned char*)buffer, strlen(TERM_DATA_SIGN2) / 2);
        if (*pTermData == 0) {
            HexStringToBytes(TERM_DATA_SIGN3, buffer);    
            *pTermData = (DWORD)memmem((const unsigned char*)(moduleBaseAddress + textSectionAddress), textSectionSize, 
                                        (const unsigned char*)buffer, strlen(TERM_DATA_SIGN3) / 2);
            if (*pTermData == 0) {
                sprintf(buffer, "[-] [%i] %s\n", processID, "Could not find term_data()\n");
                WritePipeMessage(logPipe, buffer);
                return FALSE;
            }
        }
    }
    
    return TRUE;
}
Пример #2
0
static int ProcessRawProfile(const char* profile, size_t profile_len,
                             MetadataPayload* const payload) {
  const char* src = profile;
  char* end;
  int expected_length;

  if (profile == NULL || profile_len == 0) return 0;

  // ImageMagick formats 'raw profiles' as
  // '\n<name>\n<length>(%8lu)\n<hex payload>\n'.
  if (*src != '\n') {
    fprintf(stderr, "Malformed raw profile, expected '\\n' got '\\x%.2X'\n",
            *src);
    return 0;
  }
  ++src;
  // skip the profile name and extract the length.
  while (*src != '\0' && *src++ != '\n') {}
  expected_length = (int)strtol(src, &end, 10);
  if (*end != '\n') {
    fprintf(stderr, "Malformed raw profile, expected '\\n' got '\\x%.2X'\n",
            *end);
    return 0;
  }
  ++end;

  // 'end' now points to the profile payload.
  payload->bytes = HexStringToBytes(end, expected_length);
  if (payload->bytes == NULL) return 0;
  payload->size = expected_length;
  return 1;
}
Пример #3
0
int main()
{
    int success;

    //HexToValue TEST
    success = 1;
    if( HexToValue( 'd' ) != HexToValue( 'D' ) )
        success = 0;
    if( HexToValue( 'Z' ) != 255 )
        success = 0;
    if( HexToValue( 'b' ) != 11 )
        success = 0;
    if( HexToValue( '4' ) != 4 )
        success = 0;
    evaluate("HEXTOVALUE",success);
    //EOT
    //HEXTOBYTE
    success = 1;
    if( HexToByte( '1', '2' ) != 0x12 )
        success = 0;
    if( HexToByte( 'a', 'B' ) != 0xAB )
        success = 0;
    if( HexToByte( '3', '4' ) != 0x34 )
        success = 0;
    if( HexToByte( '1', '2' ) != 0x12 )
        success = 0;
    evaluate("HEXTOBYTE",success);
    //EOT
    //B64ToValue
    success = 1;
    if( B64ToValue( 'a' ) != 26 )
        success = 0;
    if( B64ToValue( 'B' ) != 1 )
        success = 0;
    if( B64ToValue( '+' ) != 62 )
        success = 0;
    if( B64ToValue( 'Z' ) != 25 )
        success = 0;
    evaluate("B64ToVal",success);
    //EOT
    //ValueToHex
    success = 1;
    if( ValueToHex(3) != '3' )
        success = 0;
    if( ValueToHex(11) != 'B' )
        success = 0;
    if( ValueToHex(18) != -1 )
        success = 0;
    evaluate("ValueToHex",success);
    //EOT
    //ValueToB64
    success = 1;
    if( ValueToB64(3) != 'D' )
        success = 0;
    if( ValueToB64(42) != 'q' )
        success = 0;
    if( ValueToB64(55) != '3' )
        success = 0;
    if( ValueToB64(62) != '+' )
        success = 0;
    if( ValueToB64(63) != '/' )
        success = 0;
    if( ValueToB64(66) != -1 )
        success = 0;
    evaluate("ValueToB64",success);
    //B64ToBytes
    success = 1;

    byte_t *b = malloc(3);
    
    if( ( B64ToBytes( b, "TWlL" ) != 0) )
        success = 0;
    if( b[0] != 0x4D || b[1] != 0x69 || b[2] != 0x4B )
        success = 0;
    
    if( ( B64ToBytes( b, "Z29z" ) != 0) )
        success = 0;
    if( b[0] != 0x67 || b[1] != 0x6F || b[2] != 0x73 )
        success = 0;

    if( ( B64ToBytes( b, "YQ==" ) != 0) )
        success = 0;
    if( b[0] != 0x61 || b[1] != 0x00 || b[2] != 0x00 )
        success = 0;

    if( ( B64ToBytes( b, "YWM=" ) != 0) )
        success = 0;
    if( b[0] != 0x61 || b[1] != 0x63 || b[2] != 0x00 )
        success = 0;
    evaluate("B64ToBytes",success);
    //EOT
    //ByteToHex
    success = 1;
    char b2h[3];
    b2h[2] = '\0';
    ByteToHex( b2h ,0xAF );
    if( b2h[0] != 'A' || b2h[1] != 'F' )
        success = 0;

    ByteToHex( b2h ,0x02 );
    if( b2h[0] != '0' || b2h[1] != '2' )
        success = 0;

    evaluate("ByteToHex",success);
    //EOT
    //BytesToB64
    char b2b[4];
    BytesToB64( b2b, (unsigned char *)"gat", 3);
    if( b2b[0] != 'Z' || b2b[1] != '2' || b2b[2] != 'F' || b2b[3] != '0' )
        success = 0;
    BytesToB64( b2b, (unsigned char *)"pa", 2);
    if( b2b[0] != 'c' || b2b[1] != 'G' || b2b[2] != 'E' || b2b[3] != '=' )
        success = 0;
    BytesToB64( b2b, (unsigned char *)"g", 1);
    if( b2b[0] != 'Z' || b2b[1] != 'w' || b2b[2] != '=' || b2b[3] != '=' )
        success = 0;
    evaluate("BytesToB64",success);
    //EOT
    //HexStringToBytes
    success = 1;

    byte_t *dest;
    int temp = HexStringToBytes( &dest, LOREMHEX );
    char * str;
    BytesToString( &str, dest, (size_t)temp );

    if( strcmp( str, LOREM ) )
        success = 0;
    free(dest);
    free(str);
    evaluate("HexStringToBytes",success);
    //EOT
    //B64StringToBytes
    success = 1;

    temp = B64StringToBytes( &dest, LOREMB64 );
    BytesToString( &str, dest, (size_t)temp );

    if( strcmp( str, LOREM ) )
        success = 0;
    free(dest);
    free(str);
    evaluate("B64StringToBytes",success);
    //EOT
    //BytesToHexString
    success = 1;

    dest = (byte_t *) LOREM;
    BytesToHexString( &str, dest, strlen( LOREM ) );
    if( strcmp( LOREMHEX, str ) )
        success = 0;
    evaluate("BytesToHexString",success);



    //BytesToB64String
    success = 1;
    
    BytesToB64String( &str, (byte_t *)LOREM, strlen(LOREM) );
    
    if( strcmp( LOREMB64, str ) )
        success = 0;

    evaluate("B64StringToBytes",success);
    free(str);


    BytesToB64String( &str, (byte_t *)"A", 1 );
    if( strcmp( str, "QQ==" ) )
        success = 0;
    free(str);


    BytesToB64String( &str, (byte_t *)"AB", 2 );
    if( strcmp( str, "QUI=" ) )
        success = 0;
    free(str);


    BytesToB64String( &str,(byte_t *)"ABC", 3 );
    if( strcmp( str, "QUJD" ) )
        success = 0;
    free(str);

    evaluate("B64StringToBytes",success);
    //eot
    









    return 0;
}
Пример #4
0
ErrorCode CDispLRegFilter::BuildRegFilter(XmlData::Element* element)
{
	m_Name = element->getAttribute(WSTR("name"));
	m_Src = element->getAttribute(WSTR("src"));

	XmlData::Node* node = element->get_firstChild();
	while (node)
	{
		XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
		if (element)
		{
			String tagName = element->get_tagName();

			if (tagName == L"inputpin" ||
				tagName == L"outputpin")
			{
				CLRegPin* pRegPin = new CLRegPin;

				if (tagName == L"inputpin")
				{
					pRegPin->m_dir = PINDIR_INPUT;
				}
				else// if (!wcscmp(tagName, L"outputpin"))
				{
					pRegPin->m_dir = PINDIR_OUTPUT;
				}

				String minOccurs = element->getAttribute(WSTR("minOccurs"));
				String maxOccurs = element->getAttribute(WSTR("maxOccurs"));

				pRegPin->m_name = element->getAttribute(WSTR("name"));

				XmlData::Element* mediaTypes = GetElementByTagNameNS(element, NULL, WSTR("mediatypes"), false);
				if (mediaTypes)
				{
					XmlData::Node* node = mediaTypes->get_firstChild();
					while (node)
					{
						XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
						if (element)
						{
							String tagName = element->get_tagName();
							if (tagName == "mediatype")
							{
								CLRegMediaType* pRegMediaType = new CLRegMediaType;

								String majortype = element->getAttribute(WSTR("majortype"));
								if (majortype.Compare(WSTR("stream")) == 0)
								{
									pRegMediaType->m_majortype = LMEDIATYPE_Stream;

									XmlData::Element* streamcontent = GetElementByTagNameNS(element, NULL, WSTR("streamcontent"), false);
									if (streamcontent)
									{
										XmlData::Node* node = streamcontent->get_firstChild();
										while (node)
										{
											XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
											if (element)
											{
												String tagName = element->get_tagName();

												if (tagName == "match")
												{
													CMatch match;

													XmlData::Node* node = element->get_firstChild();
													while (node)
													{
														XmlData::Element* element = dynamic_cast<XmlData::Element*>(node);
														if (element)
														{
															String tagName = element->get_tagName();

															if (tagName == "pattern")
															{
																String value = element->getAttribute(WSTR("value"));
																if (value != NULL)
																{
																	BytePattern pattern;
																	
																	String offset = element->getAttribute(WSTR("offset"));
																	if (offset != NULL)
																		//pattern.m_offset = _wtoi64(offset.c_str());
																		pattern.m_offset = str2int(CString(offset));
																	else
																		pattern.m_offset = 0;

																	String v = stripspaces(value);
																	pattern.m_length = v.GetLength()/2;
																	pattern.m_value = new uint8[pattern.m_length];

																	HexStringToBytes(CStringw(v), pattern.m_value, pattern.m_length);

																	pattern.m_mask = new uint8[pattern.m_length];

																	String mask = element->getAttribute(WSTR("mask"));

																	int masklen;
																	if (mask != NULL)
																	{
																		v = stripspaces(mask);
																		masklen = MIN(v.GetLength()/2, pattern.m_length);
																		HexStringToBytes(CStringw(v), pattern.m_mask, masklen);
																	}
																	else
																		masklen = 0;

																	while (masklen < pattern.m_length)	// Fill rest with 0xFF
																	{
																		pattern.m_mask[masklen++] = 0xFF;
																	}

																	match.m_patterns.Add(pattern);
																}
															}
														}

														node = node->get_nextSibling();
													}

													pRegMediaType->m_streamcontent.m_matches.Add(match);
												}
											}

											node = node->get_nextSibling();
										}
									}
								}
								else if (majortype.Compare(WSTR("video")) == 0)
								{
									pRegMediaType->m_majortype = LMEDIATYPE_Video;
								}
								else if (majortype.Compare(WSTR("audio")) == 0)
								{
									pRegMediaType->m_majortype = LMEDIATYPE_Audio;
								}
								else if (majortype.Compare(WSTR("scene")) == 0)
								{
									pRegMediaType->m_majortype = LMEDIATYPE_Scene;
								}
								else
								{
									// TODO
									ASSERT(0);
								}

								pRegPin->m_mediaTypes.Add(pRegMediaType);
							}
						}

						node = node->get_nextSibling();
					}
				}

				m_RegPins.Add(pRegPin);
			}
		}

		node = node->get_nextSibling();
	}

	return 0;
}