crash.software
Projects
Pull Requests
Issues
Builds
SearchAvailableExe
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY SearchAvailableExe Commits 7a418915
🤬
  • ■ ■ ■ ■ ■ ■
    SearchAvailableExe/SearchAvailableExe.cpp
    skipped 70 lines
    71 71   return false;
    72 72  }
    73 73   
     74 +bool isAvailable(const PResultInfo result) {
     75 + if (result->exploitDllPath == "")
     76 + return true;
     77 + 
     78 + return false;
     79 +}
     80 + 
    74 81  static int validate_dllCount(opt_arg* arg, void* args) {
    75 82   char* str = (char*)args;
    76 83   
    skipped 108 lines
    185 192   HANDLE hThread = CreateThread(NULL, 0, MonitorThread, NULL, 0, NULL);
    186 193   
    187 194   //运行目标程序,判断是否会加载hook的dll
    188  - RunPE();
     195 + std::vector<std::thread> threads;
     196 + for (const auto& result : results) {
     197 + threads.push_back(std::thread(RunPE, result));
     198 + }
     199 + for (auto& thread : threads)
     200 + thread.join();
    189 201   
    190 202   TerminateThread(hThread, 0);
     203 + 
     204 + results.erase(std::remove_if(results.begin(), results.end(), isAvailable), results.end());
    191 205  
    192 206   *output << "找到可利用白文件:" << results.size() << "个" << endl;
    193 207   
    skipped 35 lines
  • ■ ■ ■ ■
    SearchAvailableExe/SearchAvailableExe.vcxproj.user
    1 1  <?xml version="1.0" encoding="utf-8"?>
    2 2  <Project ToolsVersion="Current" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
    3 3   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    4  - <LocalDebuggerCommandArguments>-i "D:\Program Files (x86)\VMware\VMware Workstation\tools-upgraders\VMwareToolsUpgrader.exe"</LocalDebuggerCommandArguments>
     4 + <LocalDebuggerCommandArguments>-i "D:"</LocalDebuggerCommandArguments>
    5 5   <DebuggerFlavor>WindowsLocalDebugger</DebuggerFlavor>
    6 6   </PropertyGroup>
    7 7   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    skipped 4 lines
  • ■ ■ ■ ■ ■ ■
    SearchAvailableExe/Tools.cpp
    skipped 799 lines
    800 800   return exitCode;
    801 801  }
    802 802   
    803  -void RunPE() {
     803 +void RunPE(PResultInfo result) {
    804 804   std::string currentPath = GetCurrentPath();
    805 805   
    806  - for (auto it = results.begin(); it != results.end();) {
    807  - PResultInfo result = *it;
     806 + string folderPath = CreateRandomFolder(currentPath);
    808 807   
    809  - string folderPath = CreateRandomFolder(currentPath);
     808 + string runFilePath = CopyFileToFolder(result->filePath, folderPath, result->isCreateWindow, NULL);
    810 809   
    811  - string runFilePath = CopyFileToFolder(result->filePath, folderPath, result->isCreateWindow, NULL);
     810 + map<DWORD, std::string> hookDllMap;
     811 + bool flag;
     812 + DWORD exitCode = 0x22222222;
    812 813   
    813  - map<DWORD, std::string> hookDllMap;
    814  - bool flag;
    815  - DWORD exitCode = 0x22222222;
     814 + for (const auto& dll : result->preLoadDlls) {
     815 + CopyFileToFolder(result->fileDir + dll, folderPath, true, exitCode);
     816 + hookDllMap[exitCode] = dll;
     817 + exitCode++;
     818 + }
    816 819   
    817  - for (const auto& dll : result->preLoadDlls) {
    818  - CopyFileToFolder(result->fileDir + dll, folderPath, true, exitCode);
    819  - hookDllMap[exitCode] = dll;
    820  - exitCode++;
    821  - }
    822  - 
    823  - for (const auto& dll : result->postLoadDlls) {
    824  - CopyFileToFolder(result->fileDir + dll, folderPath, true, exitCode);
    825  - hookDllMap[exitCode] = dll;
    826  - exitCode++;
    827  - }
     820 + for (const auto& dll : result->postLoadDlls) {
     821 + CopyFileToFolder(result->fileDir + dll, folderPath, true, exitCode);
     822 + hookDllMap[exitCode] = dll;
     823 + exitCode++;
     824 + }
    828 825   
    829  - DWORD retExitCode = TestCreateProcess(runFilePath);
    830  - result->exploitDllPath = hookDllMap[retExitCode];
     826 + DWORD retExitCode = TestCreateProcess(runFilePath);
     827 + result->exploitDllPath = hookDllMap[retExitCode];
    831 828   
    832  - DeleteDirectory(folderPath.c_str());
     829 + DeleteDirectory(folderPath.c_str());
    833 830   
    834  - if (result->exploitDllPath == "")
    835  - it = results.erase(it);
    836  - else {
    837  - ++it;
    838  - //DeleteDirectory(folderPath.c_str());
    839  - }
    840  - }
     831 + //if (result->exploitDllPath == "")
     832 + // it = results.erase(it);
     833 + //else {
     834 + // ++it;
     835 + // //DeleteDirectory(folderPath.c_str());
     836 + //}
    841 837  }
  • ■ ■ ■ ■
    SearchAvailableExe/Tools.h
    skipped 38 lines
    39 39  BOOL VerifyFileSignature(LPCWSTR filePath);
    40 40  std::wstring ConvertToWideString(const char* input);
    41 41  string wstring2string(wstring wstr);
    42  -void RunPE();
     42 +void RunPE(PResultInfo result);
    43 43   
Please wait...
Page is in error, reload to recover