Class: Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::DLL

Inherits:
Object
  • Object
show all
Includes:
DLLHelper
Defined in:
lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

Overview

Represents a DLL, e.g. kernel32.dll

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from DLLHelper

#asciiz_to_str, #assemble_buffer, #param_to_number, #str_to_ascii_z, #str_to_uni_z, #uniz_to_str

Constructor Details

#initialize(dll_path, win_consts) ⇒ DLL


49
50
51
52
53
54
55
56
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 49

def initialize(dll_path, win_consts)
  @dll_path = dll_path

  # needed by DLLHelper
  @win_consts = win_consts

  self.functions = {}
end

Instance Attribute Details

#dll_pathObject (readonly)

Returns the value of attribute dll_path


47
48
49
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 47

def dll_path
  @dll_path
end

#functionsObject

Returns the value of attribute functions


46
47
48
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 46

def functions
  @functions
end

Instance Method Details

#add_function(name, return_type, params, windows_name = nil, calling_conv = "stdcall") ⇒ Object

Define a function for this DLL.

Every function argument is described by a tuple (type,name,direction)

Example:

add_function("MessageBoxW",   # name
  "DWORD",                    # return value
  [                           # params
 ["DWORD","hWnd","in"],
   ["PWCHAR","lpText","in"],
   ["PWCHAR","lpCaption","in"],
   ["DWORD","uType","in"],
  ])

Use windows_name when the actual windows name is different from the ruby variable. You might need to do this for example when the actual func name is [email protected] or when you want to create an alternative version of an existing function.

When the new function is called it will return a list containing the return value and all inout params. See #call_function.


110
111
112
113
114
115
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 110

def add_function(name, return_type, params, windows_name=nil, calling_conv="stdcall")
  if windows_name == nil
    windows_name = name
  end
  @functions[name] = DLLFunction.new(return_type, params, windows_name, calling_conv)
end

#call_function(func_symbol, args, client) ⇒ Object

Perform a function call in this DLL on the remote system.

Returns a Hash containing the return value, the result of GetLastError(), and any inout parameters.

Raises an exception if func_symbol is not a known function in this DLL, i.e., it hasn't been defined in a Def.


75
76
77
78
79
80
81
82
83
84
85
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 75

def call_function(func_symbol, args, client)
  func_name = func_symbol.to_s

  unless known_function_names.include? func_name
    raise "DLL-function #{func_name} not found. Known functions: #{PP.pp(known_function_names, '')}"
  end

  function = get_function(func_name)

  return process_function_call(function, args, client)
end

#get_function(name) ⇒ Object


62
63
64
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 62

def get_function(name)
  return functions[name]
end

#known_function_namesObject


58
59
60
# File 'lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb', line 58

def known_function_names
  return functions.keys
end