Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Thread

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb

Overview

Interfaces with a process’ executing threads by enumerating, opening, and creating threads.

Instance Method Summary collapse

Constructor Details

#initialize(process) ⇒ Thread

Initializes a thread instance that operates in the context of the supplied process instance.



33
34
35
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 33

def initialize(process)
	self.process = process
end

Instance Method Details

#create(entry, parameter = nil, suspended = false) ⇒ Object

Creates a new thread in the context of the process and returns a Sys::Thread instance.



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 80

def create(entry, parameter = nil, suspended = false)
	request = Packet.create_request('stdapi_sys_process_thread_create')
	creation_flags = 0

	request.add_tlv(TLV_TYPE_PROCESS_HANDLE, process.handle)
	request.add_tlv(TLV_TYPE_ENTRY_POINT, entry)

	# Are we passing a parameter to the entry point of the thread?
	if (parameter != nil)
		request.add_tlv(TLV_TYPE_ENTRY_PARAMETER, parameter)
	end

	# Should we create the thread suspended?
	if (suspended)
		creation_flags |= CREATE_SUSPENDED
	end

	request.add_tlv(TLV_TYPE_CREATION_FLAGS, creation_flags)

	# Transmit the request
	response = process.client.send_request(request)	


	thread_id     = response.get_tlv_value(TLV_TYPE_THREAD_ID)
	thread_handle = response.get_tlv_value(TLV_TYPE_THREAD_HANDLE)

	# Create a thread class instance
	return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread.new(
			process, thread_handle, thread_id)
end

#each_thread(&block) ⇒ Object

Enumerate through each thread identifier.



114
115
116
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 114

def each_thread(&block)
	get_threads.each(&block)
end

#get_threadsObject

Returns an array of thread identifiers.



121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 121

def get_threads
	request = Packet.create_request('stdapi_sys_process_thread_get_threads')
	threads = []

	request.add_tlv(TLV_TYPE_PID, process.pid)

	response = process.client.send_request(request)

	response.each(TLV_TYPE_THREAD_ID) { |thr|
		threads << thr.value
	}

	return threads
end

#open(tid, access = THREAD_ALL) ⇒ Object

Opens an existing thread that is running within the context of the process and returns a Sys::Thread instance.



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 47

def open(tid, access = THREAD_ALL)
	request = Packet.create_request('stdapi_sys_process_thread_open')
	real    = 0

	# Translate access
	if (access & THREAD_READ)
		real |= THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE
	end

	if (access & THREAD_WRITE)
		real |= THREAD_SET_CONTEXT | THREAD_SET_INFORMATION | THREAD_SET_THREAD_TOKEN | THREAD_IMPERSONATE | THREAD_DIRECT_IMPERSONATION
	end

	if (access & THREAD_EXECUTE)
		real |= THREAD_TERMINATE | THREAD_SUSPEND_RESUME | SYNCHRONIZE
	end

	# Add the thread identifier and permissions
	request.add_tlv(TLV_TYPE_THREAD_ID, tid)
	request.add_tlv(TLV_TYPE_THREAD_PERMS, real)

	# Transmit the request
	response = process.client.send_request(request)

	# Create a thread class instance
	return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread.new(
			process, response.get_tlv_value(TLV_TYPE_THREAD_HANDLE), tid)
end