Module: Msf::ReflectiveDLLLoader

Overview

This mixin contains functionality which loads a Reflective DLL from disk into memory and finds the offset of the reflective loader's entry point.

Instance Method Summary collapse

Instance Method Details

#load_rdi_dll(dll_path) ⇒ Array

Load a reflectively-injectable DLL from disk and find the offset to the ReflectiveLoader function inside the DLL.

Parameters:

  • dll_path

    Path to the DLL to load.

Returns:

  • (Array)

    Tuple of DLL contents and offset to the ReflectiveLoader function within the DLL.


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/msf/core/reflective_dll_loader.rb', line 22

def load_rdi_dll(dll_path)
  dll = ''
  offset = nil

  ::File.open(dll_path, 'rb') { |f| dll = f.read }

  pe = Rex::PeParsey::Pe.new(Rex::ImageSource::Memory.new(dll))

  pe.exports.entries.each do |e|
    if e.name =~ /^\S*ReflectiveLoader\S*/
      offset = pe.rva_to_file_offset(e.rva)
      break
    end
  end

  unless offset
    raise "Cannot find the ReflectiveLoader entry point in #{dll_path}"
  end

  return dll, offset
end