Class: Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::DLL

Inherits:

Object

• Object
• Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::DLL

Includes:

DLLHelper

Defined in:

lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

Overview

Represents a DLL, e.g. kernel32.dll

Instance Attribute Summary

• #dll_path ⇒ Object readonly

  Returns the value of attribute dll_path.

• #functions ⇒ Object

  Returns the value of attribute functions.

Instance Method Summary

• #add_function(name, return_type, params, windows_name = nil, calling_conv = "stdcall") ⇒ Object

  Define a function for this DLL.

• #call_function(func_symbol, args, client) ⇒ Object

  Perform a function call in this DLL on the remote system.

• #get_function(name) ⇒ Object
• #initialize(dll_path, win_consts) ⇒ DLL constructor

  A new instance of DLL.

• #known_function_names ⇒ Object

Methods included from DLLHelper

#asciiz_to_str, #assemble_buffer, #param_to_number, #str_to_ascii_z, #str_to_uni_z, #uniz_to_str

Constructor Details

#initialize(dll_path, win_consts) ⇒ DLL

Returns a new instance of DLL.

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 49

def initialize(dll_path, win_consts)
  @dll_path = dll_path

  # needed by DLLHelper
  @win_consts = win_consts

  self.functions = {}
end

Instance Attribute Details

#dll_path ⇒ Object (readonly)

Returns the value of attribute dll_path.

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 47

def dll_path
  @dll_path
end

#functions ⇒ Object

Returns the value of attribute functions.

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 46

def functions
  @functions
end

Instance Method Details

#add_function(name, return_type, params, windows_name = nil, calling_conv = "stdcall") ⇒ Object

Define a function for this DLL.

Every function argument is described by a tuple (type,name,direction)

Example:

add_function("MessageBoxW",   # name
  "DWORD",                    # return value
  [                           # params
 ["DWORD","hWnd","in"],
   ["PWCHAR","lpText","in"],
   ["PWCHAR","lpCaption","in"],
   ["DWORD","uType","in"],
  ])

Use windows_name when the actual windows name is different from the ruby variable. You might need to do this for example when the actual func name is myFunc@4 or when you want to create an alternative version of an existing function.

When the new function is called it will return a list containing the return value and all inout params. See #call_function.

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 110

def add_function(name, return_type, params, windows_name=nil, calling_conv="stdcall")
  if windows_name == nil
    windows_name = name
  end
  @functions[name] = DLLFunction.new(return_type, params, windows_name, calling_conv)
end

#call_function(func_symbol, args, client) ⇒ Object

Perform a function call in this DLL on the remote system.

Returns a Hash containing the return value, the result of GetLastError(), and any inout parameters.

Raises an exception if func_symbol is not a known function in this DLL, i.e., it hasn’t been defined in a Def.

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 75

def call_function(func_symbol, args, client)
  func_name = func_symbol.to_s

  unless known_function_names.include? func_name
    raise "DLL-function #{func_name} not found. Known functions: #{PP.pp(known_function_names, '')}"
  end

  function = get_function(func_name)

  return process_function_call(function, args, client)
end

#get_function(name) ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 62

def get_function(name)
  return functions[name]
end

#known_function_names ⇒ Object

# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 58

def known_function_names
  return functions.keys
end