STRLCPY/SearchAvailableExe

新增过滤参数loadtype，过滤dll加载方式
maoku committed 2 months ago

d7289966

1 parent f8c34d79

■ ■ ■ ■ ■ ■

SearchAvailableExe/SearchAvailableExe.cpp

		skipped 74 lines
75	75		if (result->exploitDllPath == "")
76	76		return true;
77	77
	78	+	if ((c.loadType == 1 && result->loadType != 1) \|\| (c.loadType == 2 && result->loadType != 2))
	79	+	return true;
	80	+
78	81		return false;
79	82		}
80	83
		skipped 33 lines
114	117		printf(" -c,--count: <count> Controls the output of the number of DLLs loaded by white programs, only outputting if the count is less than or equal to a specified value. The default value is 1.\n");
115	118		printf(" -b,--bit: <count> Select the output bitness, supporting 32, 64, and 96 bits. The default is 96 bits, while also outputting information for 32 and 64-bit white programs.\n");
116	119		printf(" -s,--save: <bool> Whether to save available files, default is not to save.\n");
	120	+	printf(" -l,--load: <loadType> Dll loading method, 1 for static loading, 2 for dynamic loading, and 3 for both static and dynamic loading. Default value is 3.\n");
117	121		exit(0);
118	122		}
119	123
		skipped 34 lines
154	158
155	159		c.dllCount = 1;
156	160		c.bit = 96;
	161	+	c.loadType = 3;
157	162
158	163		get_opt(argc, argv, OPT_TYPE_NONE, NULL, "h;?", "help", usage);
159	164		get_opt(argc, argv, OPT_TYPE_STRING, c.output, "o", "output", NULL);
		skipped 2 lines
162	167		get_opt(argc, argv, OPT_TYPE_DEC, &c.dllCount, "c", "count", validate_dllCount);
163	168		get_opt(argc, argv, OPT_TYPE_DEC, &c.bit, "b", "bit", validate_bit);
164	169		get_opt(argc, argv, OPT_TYPE_FLAG, &c.isSaveFile, "s", "save", NULL);
	170	+	get_opt(argc, argv, OPT_TYPE_DEC, &c.loadType, "l", "load", NULL);
165	171
166	172		ostream* output = &cout;
167	173		ofstream outputFile;
		skipped 42 lines
210	216
211	217		for (const auto& result : results) {
212	218		*output << result->filePath << endl;
213		-	*output << "程序位数: " << result->bit << " 目录是否可写: " << result->isWrite << endl;
	219	+	*output << "程序位数: " << result->bit << " 目录是否可写: " << (result->isWrite==1 ? "是" : "否") << " Dll加载方式: " << (result->loadType == 1 ? "静态加载" : "动态加载") << endl;
214	220		*output << "可利用DLL: " << result->exploitDllPath << endl;
215	221
216	222		if (result->preLoadDlls.size() + result->postLoadDlls.size() > 1) {
		skipped 32 lines

■ ■ ■ ■ ■ ■

SearchAvailableExe/Tools.cpp

		skipped 901 lines
902	902		exitCode++;
903	903		}
904	904
	905	+	exitCode = 0x33333333;
905	906		for (const auto& dll : result->postLoadDlls) {
906	907		CopyFileToFolder(result->fileDir + dll, folderPath, true, exitCode);
907	908		hookDllMap[exitCode] = dll;
		skipped 4 lines
912	913		result->exploitDllPath = hookDllMap[retExitCode];
913	914
914	915		if (result->exploitDllPath != "") {
	916	+	if (retExitCode >= 0x33333333)
	917	+	result->loadType = 2;
	918	+	else
	919	+	result->loadType = 1;
	920	+
915	921		string hookFilePath = currentPath + "\\TestLoad_x86.dll";
916	922		if (result->bit == 64)
917	923		hookFilePath = currentPath + "\\TestLoad_x64.dll";
		skipped 18 lines

■ ■ ■ ■ ■ ■

SearchAvailableExe/Tools.h

		skipped 25 lines
26	26		vector<char*> preLoadDlls;
27	27		vector<char*> postLoadDlls;
28	28		string exploitDllPath;
	29	+	int loadType;
29	30		} ResultInfo, * PResultInfo;
30	31
31	32		#define STRING_MAX 256
		skipped 4 lines
36	37		int dllCount;
37	38		int bit;
38	39		bool isSaveFile;
	40	+	int loadType;
39	41		} ARG_CONFIG, * PARG_CONFIG;
40	42
41	43		BOOL VerifyFileSignature(LPCWSTR filePath);
		skipped 4 lines

新增过滤参数loadtype，过滤dll加载方式