Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Thread

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb

Overview

Interfaces with a process’ executing threads by enumerating, opening, and creating threads.

Instance Method Summary collapse

Constructor Details

#initialize(process) ⇒ Thread

Initializes a thread instance that operates in the context of the supplied process instance.



33
34
35
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 33

def initialize(process)
  self.process = process
end

Instance Method Details

#create(entry, parameter = nil, suspended = false) ⇒ Object

Creates a new thread in the context of the process and returns a Sys::Thread instance.



80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 80

def create(entry, parameter = nil, suspended = false)
  request = Packet.create_request('stdapi_sys_process_thread_create')
  creation_flags = 0

  request.add_tlv(TLV_TYPE_PROCESS_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_ENTRY_POINT, entry)

  # Are we passing a parameter to the entry point of the thread?
  if (parameter != nil)
    request.add_tlv(TLV_TYPE_ENTRY_PARAMETER, parameter)
  end

  # Should we create the thread suspended?
  if (suspended)
    creation_flags |= CREATE_SUSPENDED
  end

  request.add_tlv(TLV_TYPE_CREATION_FLAGS, creation_flags)

  # Transmit the request
  response = process.client.send_request(request)


  thread_id     = response.get_tlv_value(TLV_TYPE_THREAD_ID)
  thread_handle = response.get_tlv_value(TLV_TYPE_THREAD_HANDLE)

  # Create a thread class instance
  return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread.new(
      process, thread_handle, thread_id)
end

#each_thread(&block) ⇒ Object

Enumerate through each thread identifier.



114
115
116
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 114

def each_thread(&block)
  get_threads.each(&block)
end

#get_threadsObject

Returns an array of thread identifiers.



121
122
123
124
125
126
127
128
129
130
131
132
133
134
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 121

def get_threads
  request = Packet.create_request('stdapi_sys_process_thread_get_threads')
  threads = []

  request.add_tlv(TLV_TYPE_PID, process.pid)

  response = process.client.send_request(request)

  response.each(TLV_TYPE_THREAD_ID) { |thr|
    threads << thr.value
  }

  return threads
end

#open(tid, access = THREAD_ALL) ⇒ Object

Opens an existing thread that is running within the context of the process and returns a Sys::Thread instance.



47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb', line 47

def open(tid, access = THREAD_ALL)
  request = Packet.create_request('stdapi_sys_process_thread_open')
  real    = 0

  # Translate access
  if (access & THREAD_READ)
    real |= THREAD_GET_CONTEXT | THREAD_QUERY_INFORMATION | SYNCHRONIZE
  end

  if (access & THREAD_WRITE)
    real |= THREAD_SET_CONTEXT | THREAD_SET_INFORMATION | THREAD_SET_THREAD_TOKEN | THREAD_IMPERSONATE | THREAD_DIRECT_IMPERSONATION
  end

  if (access & THREAD_EXECUTE)
    real |= THREAD_TERMINATE | THREAD_SUSPEND_RESUME | SYNCHRONIZE
  end

  # Add the thread identifier and permissions
  request.add_tlv(TLV_TYPE_THREAD_ID, tid)
  request.add_tlv(TLV_TYPE_THREAD_PERMS, real)

  # Transmit the request
  response = process.client.send_request(request)

  # Create a thread class instance
  return Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread.new(
      process, response.get_tlv_value(TLV_TYPE_THREAD_HANDLE), tid)
end