Class: Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessSubsystem::Image

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb

Overview

Interacts with loading, unloading, enumerating, and querying image files in the context of a given process.

Instance Method Summary collapse

Constructor Details

#initialize(process) ⇒ Image

Initializes the image instance.



31
32
33
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 31

def initialize(process)
  self.process = process
end

Instance Method Details

#[](key) ⇒ Object

Returns the image base address associated with the supplied image name.



38
39
40
41
42
43
44
45
46
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 38

def [](key)
  each_image { |i|
    if (i['name'].downcase == key.downcase)
      return i['base']
    end
  }

  return nil
end

#each_image(&block) ⇒ Object

Enumerates through each image in the process.



96
97
98
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 96

def each_image(&block)
  get_images.each(&block)
end

#get_imagesObject

Returns an array of images in the process with hash objects that have keys for ‘name’, ‘path’, and ‘base’.



104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 104

def get_images
  request = Packet.create_request('stdapi_sys_process_image_get_images')
  images  = []

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)

  response = process.client.send_request(request)

  response.each(TLV_TYPE_IMAGE_GROUP) { |i|
    images <<
      {
        'name' => i.get_tlv_value(TLV_TYPE_IMAGE_NAME),
        'base' => i.get_tlv_value(TLV_TYPE_IMAGE_BASE),
        'path' => i.get_tlv_value(TLV_TYPE_IMAGE_FILE_PATH)
      }
  }

  return images
end

#get_procedure_address(image_file, procedure) ⇒ Object

Returns the address of the procedure that is found in the supplied library.



66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 66

def get_procedure_address(image_file, procedure)
  request = Packet.create_request('stdapi_sys_process_image_get_proc_address')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_FILE, image_file)
  request.add_tlv(TLV_TYPE_PROCEDURE_NAME, procedure)

  response = process.client.send_request(request)

  return response.get_tlv_value(TLV_TYPE_PROCEDURE_ADDRESS)
end

#load(image_path) ⇒ Object

Loads an image file into the context of the process.



51
52
53
54
55
56
57
58
59
60
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 51

def load(image_path)
  request = Packet.create_request('stdapi_sys_process_image_load')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_FILE_PATH, image_path)

  response = process.client.send_request(request)

  return response.get_tlv_value(TLV_TYPE_IMAGE_BASE)
end

#unload(base) ⇒ Object

Unloads an image file that is loaded into the address space of the process by its base address.



82
83
84
85
86
87
88
89
90
91
 
# File 'lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb', line 82

def unload(base)
  request = Packet.create_request('stdapi_sys_process_image_unload')

  request.add_tlv(TLV_TYPE_HANDLE, process.handle)
  request.add_tlv(TLV_TYPE_IMAGE_BASE, base)

  response = process.client.send_request(request)

  return true
end