STRLCPY/Offensive-Rust

added pelib
winsecurity committed 1 year ago

7b2347e5

1 parent 29cf3f57

■ ■ ■ ■ ■ ■

pelib/.gitignore

1 + /target
2 +

All occurrences

■ ■ ■ ■ ■ ■

pelib/.vscode/launch.json

1	+	{
2	+	// Use IntelliSense to learn about possible attributes.
3	+	// Hover to view descriptions of existing attributes.
4	+	// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
5	+	"version": "0.2.0",
6	+	"configurations": [
7	+	{
8	+	"type": "lldb",
9	+	"request": "launch",
10	+	"name": "Debug executable 'pelib'",
11	+	"cargo": {
12	+	"args": [
13	+	"build",
14	+	"--bin=pelib",
15	+	"--package=pelib"
16	+	],
17	+	"filter": {
18	+	"name": "pelib",
19	+	"kind": "bin"
20	+	}
21	+	},
22	+	"args": [],
23	+	"cwd": "${workspaceFolder}"
24	+	},
25	+	{
26	+	"type": "lldb",
27	+	"request": "launch",
28	+	"name": "Debug unit tests in executable 'pelib'",
29	+	"cargo": {
30	+	"args": [
31	+	"test",
32	+	"--no-run",
33	+	"--bin=pelib",
34	+	"--package=pelib"
35	+	],
36	+	"filter": {
37	+	"name": "pelib",
38	+	"kind": "bin"
39	+	}
40	+	},
41	+	"args": [],
42	+	"cwd": "${workspaceFolder}"
43	+	}
44	+	]
45	+	}

■ ■ ■ ■ ■ ■

pelib/Cargo.lock

1	+	# This file is automatically @generated by Cargo.
2	+	# It is not intended for manual editing.
3	+	version = 3
4	+
5	+	[[package]]
6	+	name = "pelib"
7	+	version = "0.1.0"
8	+	dependencies = [
9	+	"winapi",
10	+	]
11	+
12	+	[[package]]
13	+	name = "winapi"
14	+	version = "0.3.9"
15	+	source = "registry+https://github.com/rust-lang/crates.io-index"
16	+	checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
17	+	dependencies = [
18	+	"winapi-i686-pc-windows-gnu",
19	+	"winapi-x86_64-pc-windows-gnu",
20	+	]
21	+
22	+	[[package]]
23	+	name = "winapi-i686-pc-windows-gnu"
24	+	version = "0.4.0"
25	+	source = "registry+https://github.com/rust-lang/crates.io-index"
26	+	checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
27	+
28	+	[[package]]
29	+	name = "winapi-x86_64-pc-windows-gnu"
30	+	version = "0.4.0"
31	+	source = "registry+https://github.com/rust-lang/crates.io-index"
32	+	checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
33	+

■ ■ ■ ■ ■ ■

pelib/Cargo.toml

1	+	[package]
2	+	name = "pelib"
3	+	version = "0.1.0"
4	+	edition = "2021"
5	+
6	+	# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7	+
8	+	[dependencies]
9	+	[target.'cfg(windows)'.dependencies]
10	+	winapi = { version = "0.3", features = ["winuser",
11	+	"memoryapi",
12	+	"processthreadsapi"] }

■ ■ ■ ■ ■ ■

pelib/src/main.rs

1	+	use std::fmt::Write;
2	+	use std::io::Read;
3	+	use winapi::um::memoryapi::{VirtualAlloc, VirtualFree, WriteProcessMemory};
4	+	use winapi::um::processthreadsapi::GetCurrentProcess;
5	+	use winapi::{ctypes::c_void, um::memoryapi::ReadProcessMemory};
6	+
7	+	use std::alloc::{alloc, Layout};
8	+
9	+
10	+	pub fn FillStructureFromArray<T, U>(base: &mut T, arr: &[U]) -> usize {
11	+	unsafe {
12	+	println!("{}",std::mem::size_of::<T>());
13	+	println!("{}",std::mem::size_of_val(arr));
14	+	if std::mem::size_of::<T>() != std::mem::size_of_val(arr) {
15	+	println!("{}", std::mem::size_of::<T>());
16	+	println!("{}", std::mem::size_of_val(arr));
17	+	panic!("sizes are not equal to copy");
18	+	}
19	+
20	+	let mut handle = GetCurrentProcess();
21	+	let mut byteswritten = 0;
22	+	let res = WriteProcessMemory(
23	+	handle,
24	+	base as mut _ as mut c_void,
25	+	arr as const _ as const c_void,
26	+	std::mem::size_of::<T>(),
27	+	&mut byteswritten,
28	+	);
29	+
30	+	return byteswritten;
31	+	}
32	+	}
33	+
34	+	pub fn FillStructureFromMemory<T>(dest: &mut T,src: const c_void,prochandle: mut c_void,) -> usize {
35	+	unsafe {
36	+	let bytestoread: usize = std::mem::size_of::<T>();
37	+	println!("size of structure is {}",bytestoread);
38	+	let mut buffer: Vec<u8> = vec![0; bytestoread];
39	+	let mut byteswritten = 0;
40	+
41	+	let res = ReadProcessMemory(
42	+	prochandle,
43	+	src,
44	+	buffer.as_mut_ptr() as *mut c_void,
45	+	bytestoread,
46	+	&mut byteswritten,
47	+	);
48	+
49	+	FillStructureFromArray(dest, &buffer);
50	+
51	+	return byteswritten;
52	+	}
53	+	}
54	+
55	+
56	+
57	+	fn main() {
58	+	use std::fs::File;
59	+	let filepath = r#"D:\red teaming tools\calc2.exe"#;
60	+	let mut buffer = Vec::new();
61	+
62	+	let mut fd = File::open(filepath).unwrap();
63	+	fd.read_to_end(&mut buffer);
64	+
65	+	//println!("{:#?}", String::from_utf8_lossy(&buffer[0..2]));
66	+
67	+	unsafe {
68	+	let baseptr = VirtualAlloc(std::ptr::null_mut(), buffer.len(), 0x00001000, 0x40);
69	+
70	+	std::ptr::copy(buffer.as_ptr(), baseptr as *mut u8, buffer.len());
71	+
72	+	let mut dosheader = IMAGE_DOS_HEADER::default();
73	+	FillStructureFromMemory(
74	+	&mut dosheader,
75	+	baseptr as *const c_void,
76	+	GetCurrentProcess(),
77	+	);
78	+	println!("magic bytes: {:x?}", dosheader.e_magic);
79	+
80	+	println!("baseptr: {:x?}",baseptr);
81	+	println!("baseptr + elfanew: {:x?}",(baseptr as isize)+dosheader.e_lfanew as isize);
82	+	let mut ntheader = IMAGE_NT_HEADERS64::default();
83	+	FillStructureFromMemory(&mut ntheader, ((baseptr as isize)+dosheader.e_lfanew as isize) as *const c_void, GetCurrentProcess());
84	+	println!("signature: {:x?}",ntheader.Signature);
85	+
86	+	println!("number of sections: {:x?}",ntheader.FileHeader.NumberOfSections);
87	+
88	+	VirtualFree(baseptr, 0, 0x00008000);
89	+	}
90	+	}
91	+
92	+	#[repr(C)]
93	+	pub union chars_or_originalfirstthunk {
94	+	Characteristics: u32,
95	+	OriginalFirstThunk: u32,
96	+	}
97	+
98	+	#[derive(Debug, Clone, Default)]
99	+	#[repr(C)]
100	+	pub struct IMAGE_IMPORT_DESCRIPTOR {
101	+	Characteristics_or_OriginalFirstThunk: u32,
102	+
103	+	TimeDateStamp: u32,
104	+
105	+	ForwarderChain: u32,
106	+
107	+	Name: u32,
108	+
109	+	FirstThunk: u32,
110	+	}
111	+
112	+	#[repr(C)]
113	+	pub union IMAGE_THUNK_DATA32 {
114	+	pub ForwarderString: u32,
115	+
116	+	pub Function: u32,
117	+
118	+	pub Ordinal: u32,
119	+
120	+	pub AddressOfData: u32,
121	+	}
122	+
123	+	#[derive(Debug, Clone, Default)]
124	+	#[repr(C)]
125	+	pub struct IMAGE_EXPORT_DIRECTORY {
126	+	pub Characteristics: u32,
127	+	pub TimeDateStamp: u32,
128	+	pub MajorVersion: u16,
129	+	pub MinorVersion: u16,
130	+	pub Name: u32,
131	+	pub Base: u32,
132	+	pub NumberOfFnctions: u32,
133	+	pub NumberOfNames: u32,
134	+	pub AddressOfFunctions: u32, // RVA from base of image
135	+	pub AddressOfNames: u32, // RVA from base of image
136	+	pub AddressOfNameOrdinals: u32, // RVA from base of image
137	+	}
138	+
139	+	#[derive(Debug, Default, Clone)]
140	+	#[repr(C)]
141	+	pub struct IMAGE_OPTIONAL_HEADER64 {
142	+	Magic: u16,
143	+
144	+	MajorLinkerVersion: u8,
145	+
146	+	MinorLinkerVersion: u8,
147	+
148	+	SizeOfCode: u32,
149	+
150	+	SizeOfInitializedData: u32,
151	+
152	+	SizeOfUninitializedData: u32,
153	+
154	+	AddressOfEntryPoint: u32,
155	+
156	+	BaseOfCode: u32,
157	+
158	+	ImageBase: i64,
159	+
160	+	SectionAlignment: u32,
161	+
162	+	FileAlignment: u32,
163	+
164	+	MajorOperatingSystemVersion: u16,
165	+
166	+	MinorOperatingSystemVersion: u16,
167	+
168	+	MajorImageVersion: u16,
169	+
170	+	MinorImageVersion: u16,
171	+
172	+	MajorSubsystemVersion: u16,
173	+
174	+	MinorSubsystemVersion: u16,
175	+
176	+	Win32VersionValue: u32,
177	+
178	+	SizeOfImage: u32,
179	+
180	+	SizeOfHeaders: u32,
181	+
182	+	CheckSum: u32,
183	+
184	+	Subsystem: u16,
185	+
186	+	DllCharacteristics: u16,
187	+
188	+	SizeOfStackReserve: u64,
189	+
190	+	SizeOfStackCommit: u64,
191	+
192	+	SizeOfHeapReserve: u64,
193	+
194	+	SizeOfHeapCommit: u64,
195	+
196	+	LoaderFlags: u32,
197	+
198	+	NumberOfRvaAndSizes: u32,
199	+
200	+	ExportTable: IMAGE_DATA_DIRECTORY,
201	+
202	+	ImportTable: IMAGE_DATA_DIRECTORY,
203	+
204	+	ResourceTable: IMAGE_DATA_DIRECTORY,
205	+
206	+	ExceptionTable: IMAGE_DATA_DIRECTORY,
207	+
208	+	CertificateTable: IMAGE_DATA_DIRECTORY,
209	+
210	+	BaseRelocationTable: IMAGE_DATA_DIRECTORY,
211	+
212	+	Debug: IMAGE_DATA_DIRECTORY,
213	+
214	+	Architecture: IMAGE_DATA_DIRECTORY,
215	+
216	+	GlobalPtr: IMAGE_DATA_DIRECTORY,
217	+
218	+	TLSTable: IMAGE_DATA_DIRECTORY,
219	+	LoadConfigTable: IMAGE_DATA_DIRECTORY,
220	+	BoundImport: IMAGE_DATA_DIRECTORY,
221	+
222	+	IAT: IMAGE_DATA_DIRECTORY,
223	+
224	+	DelayImportDescriptor: IMAGE_DATA_DIRECTORY,
225	+	CLRRuntimeHeader: IMAGE_DATA_DIRECTORY,
226	+
227	+	Reserved: IMAGE_DATA_DIRECTORY,
228	+	}
229	+
230	+	#[derive(Debug, Default, Clone)]
231	+	#[repr(C)]
232	+	pub struct IMAGE_OPTIONAL_HEADER32 {
233	+	Magic: u16,
234	+
235	+	MajorLinkerVersion: u8,
236	+
237	+	MinorLinkerVersion: u8,
238	+
239	+	SizeOfCode: u32,
240	+
241	+	SizeOfInitializedData: u32,
242	+
243	+	SizeOfUninitializedData: u32,
244	+
245	+	AddressOfEntryPoint: u32,
246	+
247	+	BaseOfCode: u32,
248	+
249	+	// PE32 contains this additional field
250	+	BaseOfData: u32,
251	+
252	+	ImageBase: u32,
253	+
254	+	SectionAlignment: u32,
255	+
256	+	FileAlignment: u32,
257	+
258	+	MajorOperatingSystemVersion: u16,
259	+
260	+	MinorOperatingSystemVersion: u16,
261	+
262	+	MajorImageVersion: u16,
263	+
264	+	MinorImageVersion: u16,
265	+
266	+	MajorSubsystemVersion: u16,
267	+
268	+	MinorSubsystemVersion: u16,
269	+
270	+	Win32VersionValue: u32,
271	+
272	+	SizeOfImage: u32,
273	+
274	+	SizeOfHeaders: u32,
275	+
276	+	CheckSum: u32,
277	+
278	+	Subsystem: u32,
279	+
280	+	DllCharacteristics: u16,
281	+
282	+	SizeOfStackReserve: u32,
283	+
284	+	SizeOfStackCommit: u32,
285	+
286	+	SizeOfHeapReserve: u32,
287	+
288	+	SizeOfHeapCommit: u32,
289	+
290	+	LoaderFlags: u32,
291	+
292	+	NumberOfRvaAndSizes: u32,
293	+
294	+	ExportTable: IMAGE_DATA_DIRECTORY,
295	+
296	+	ImportTable: IMAGE_DATA_DIRECTORY,
297	+
298	+	ResourceTable: IMAGE_DATA_DIRECTORY,
299	+
300	+	ExceptionTable: IMAGE_DATA_DIRECTORY,
301	+
302	+	CertificateTable: IMAGE_DATA_DIRECTORY,
303	+
304	+	BaseRelocationTable: IMAGE_DATA_DIRECTORY,
305	+
306	+	Debug: IMAGE_DATA_DIRECTORY,
307	+
308	+	Architecture: IMAGE_DATA_DIRECTORY,
309	+
310	+	GlobalPtr: IMAGE_DATA_DIRECTORY,
311	+
312	+	TLSTable: IMAGE_DATA_DIRECTORY,
313	+	LoadConfigTable: IMAGE_DATA_DIRECTORY,
314	+	BoundImport: IMAGE_DATA_DIRECTORY,
315	+
316	+	IAT: IMAGE_DATA_DIRECTORY,
317	+
318	+	DelayImportDescriptor: IMAGE_DATA_DIRECTORY,
319	+	CLRRuntimeHeader: IMAGE_DATA_DIRECTORY,
320	+
321	+	Reserved: IMAGE_DATA_DIRECTORY,
322	+	}
323	+
324	+	#[derive(Debug, Default, Clone)]
325	+	#[repr(C)]
326	+	pub struct IMAGE_FILE_HEADER {
327	+	Machine: u16,
328	+	NumberOfSections: u16,
329	+	TimeDateStamp: u32,
330	+	PointerToSymbolTable: u32,
331	+	NumberOfSymbols: u32,
332	+	SizeOfOptionalHeader: u16,
333	+	Characteristics: u16,
334	+	}
335	+
336	+	#[derive(Debug, Default, Clone)]
337	+	#[repr(C)]
338	+	pub struct IMAGE_DATA_DIRECTORY {
339	+	VirtualAddress: u32,
340	+	Size: u32,
341	+	}
342	+
343	+	#[derive(Debug, Default, Clone)]
344	+	#[repr(C)]
345	+	pub struct IMAGE_NT_HEADERS32 {
346	+	Signature: u32,
347	+
348	+	FileHeader: IMAGE_FILE_HEADER,
349	+
350	+	OptionalHeader: IMAGE_OPTIONAL_HEADER32,
351	+	}
352	+
353	+	#[derive(Debug, Default, Clone)]
354	+	#[repr(C)]
355	+	pub struct IMAGE_NT_HEADERS64 {
356	+	Signature: u32,
357	+
358	+	FileHeader: IMAGE_FILE_HEADER,
359	+
360	+	OptionalHeader: IMAGE_OPTIONAL_HEADER64,
361	+	}
362	+
363	+	#[derive(Debug, Default, Clone)]
364	+	#[repr(C)]
365	+
366	+	pub struct IMAGE_DOS_HEADER {
367	+	e_magic: [u8; 2], // Magic number
368	+	e_cblp: u16, // Bytes on last page of file
369	+	e_cp: u16, // Pages in file
370	+	e_crlc: u16, // Relocations
371	+	e_cparhdr: u16, // Size of header in paragraphs
372	+	e_minalloc: u16, // Minimum extra paragraphs needed
373	+	e_maxalloc: u16, // Maximum extra paragraphs needed
374	+	e_ss: u16, // Initial (relative) SS value
375	+	e_sp: u16, // Initial SP value
376	+	e_csum: u16, // Checksum
377	+	e_ip: u16, // Initial IP value
378	+	e_cs: u16, // Initial (relative) CS value
379	+	e_lfarlc: u16, // File address of relocation table
380	+	e_ovno: u16, // Overlay number
381	+	e_res1: [u16; 4], // Reserved words
382	+	e_oemid: u16, // OEM identifier (for e_oeminfo)
383	+	e_oeminfo: u16, // OEM information, e_oemid specific
384	+	e_res2: [u16; 10], // Reserved words
385	+	e_lfanew: i32, // File address of new exe header
386	+	}
387	+

■ ■ ■ ■ ■ ■

pelib/src/mylib.rs

1 +

All occurrences

	1	+	/target
	2	+

added pelib