Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Image

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb

Overview

Interacts with loading, unloading, enumerating, and querying image files in the context of a given process.

Instance Method Summary collapse

Constructor Details

#initialize(process) ⇒ Image

Initializes the image instance.



32
33
34
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 32

def initialize(process)
  self.process = process
end

Instance Method Details

#[](key) ⇒ Object

Returns the image base address associated with the supplied image name.



39
40
41
42
43
44
45
46
47
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 39

def [](key)
  each_image { |i|
    if (i['name'].downcase == key.downcase)
      return i['base']
    end
  }

  return nil
end

#each_image(&block) ⇒ Object

Enumerates through each image in the process.



97
98
99
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 97

def each_image(&block)
  get_images.each(&block)
end

#get_imagesObject

Returns an array of images in the process with hash objects that have keys for ‘name’, ‘path’, and ‘base’.



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 105

def get_images
  request = Packet.create_request('stdapi_sys_process_image_get_images')
  images  = []

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)

  response = process.client.send_request(request)

  response.each(TLV_TYPE_IMAGE_GROUP) { |i|
    images <<
      {
        'name' => i.get_tlv_value(TLV_TYPE_IMAGE_NAME),
        'base' => i.get_tlv_value(TLV_TYPE_IMAGE_BASE),
        'path' => i.get_tlv_value(TLV_TYPE_IMAGE_FILE_PATH)
      }
  }

  return images
end

#get_procedure_address(image_file, procedure) ⇒ Object

Returns the address of the procedure that is found in the supplied library.



67
68
69
70
71
72
73
74
75
76
77
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 67

def get_procedure_address(image_file, procedure)
  request = Packet.create_request('stdapi_sys_process_image_get_proc_address')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_FILE, image_file)
  request.add_tlv(TLV_TYPE_PROCEDURE_NAME, procedure)

  response = process.client.send_request(request)

  return response.get_tlv_value(TLV_TYPE_PROCEDURE_ADDRESS)
end

#load(image_path) ⇒ Object

Loads an image file into the context of the process.



52
53
54
55
56
57
58
59
60
61
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 52

def load(image_path)
  request = Packet.create_request('stdapi_sys_process_image_load')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_FILE_PATH, image_path)

  response = process.client.send_request(request)

  return response.get_tlv_value(TLV_TYPE_IMAGE_BASE)
end

#unload(base) ⇒ Object

Unloads an image file that is loaded into the address space of the process by its base address.



83
84
85
86
87
88
89
90
91
92
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 83

def unload(base)
  request = Packet.create_request('stdapi_sys_process_image_unload')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_BASE, base)

  response = process.client.send_request(request)

  return true
end