chore: display for Vec<u8>, project structure

2023-03-27 21:08:50 +02:00 · 2023-03-27 21:08:50 +02:00 · 45d3f8d734
commit 45d3f8d734
parent 29c9a403f4
3 changed files with 32 additions and 5 deletions
--- a/src/needle/executors.rs
+++ b/src/needle/executors.rs
@ -1,6 +1,6 @@
-use nix::{unistd::Pid, Result, libc::{PROT_READ, MAP_PRIVATE, MAP_ANON, PROT_WRITE}, sys::{ptrace, wait::waitpid}};
+use nix::{unistd::Pid, Result, libc::{PROT_READ, MAP_PRIVATE, MAP_ANON, PROT_EXEC}, sys::{ptrace, wait::waitpid}};
-use crate::{syscalls::RemoteMMap, senders::write_buffer, injector::RemoteOperation};
+use crate::{syscalls::RemoteMMap, senders::{write_buffer, read_buffer, ByteVec}, injector::RemoteOperation};
 pub struct RemoteShellcode<'a> {
 	code: &'a [u8],
@ -16,16 +16,21 @@ impl RemoteOperation for RemoteShellcode<'_> {
 	fn inject(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
 		let original_regs = ptrace::getregs(pid)?;
 		let ptr = RemoteMMap::args(
-			0, self.code.len(), PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0
+			0, self.code.len() + 1, PROT_READ | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0
 		).inject(pid, syscall)?;
 		println!("Obtained area @ 0x{:X}", ptr);
 		let mut shellcode = self.code.to_vec();
 		shellcode.push(0xCC); // is this the debugger trap?
 		write_buffer(pid, ptr as usize, shellcode.as_slice())?;
 		let shellcode = read_buffer(pid, ptr as usize, self.code.len() + 1)?;
 		println!("Copied shellcode {}", ByteVec::from(shellcode));
 		let mut regs = original_regs.clone();
 		regs.rip = ptr;
 		ptrace::setregs(pid, regs)?;
 		ptrace::cont(pid, None)?;
 		waitpid(pid, None)?;
 		let after_regs = ptrace::getregs(pid)?;
 		println!("Executed shellcode (RIP: 0x{:X}", after_regs.rip);
 		ptrace::setregs(pid, original_regs)?;
 		Ok(ptr)
 	}
--- a/src/needle/main.rs
+++ b/src/needle/main.rs
@ -2,6 +2,7 @@ mod syscalls;
 mod executors;
 mod senders;
 mod injector;
 mod explorers;
 use injector::{RemoteOperation, step_to_syscall};
 use nix::{Result, {sys::{ptrace, wait::waitpid}, unistd::Pid}};
@ -18,12 +19,14 @@ struct NeedleArgs {
 	pid: i32,
 }
 const SHELLCODE : [u8; 2] = [0x90, 0x90];
 pub fn nasty_stuff(pid: Pid) -> Result<()> {
 	let syscall_addr = step_to_syscall(pid)?;
 	let mut msg = RemoteString::new("injected!\n\0".into());
 	msg.inject(pid, syscall_addr)?;
 	RemoteWrite::args(1, msg).inject(pid, syscall_addr)?;
-	RemoteShellcode::new(&[0u8]).inject(pid, syscall_addr)?;
+	RemoteShellcode::new(&SHELLCODE).inject(pid, syscall_addr)?;
 	Ok(())
 }
--- a/src/needle/senders.rs
+++ b/src/needle/senders.rs
@ -1,4 +1,4 @@
-use std::ffi::c_void;
+use std::{ffi::c_void, fmt::Display};
 use nix::{Result, unistd::Pid, sys::ptrace, libc::{PROT_READ, PROT_WRITE, MAP_PRIVATE, MAP_ANON}};
@ -6,6 +6,25 @@ use crate::{injector::RemoteOperation, syscalls::RemoteMMap};
 const WORD_SIZE : usize = 32;
 pub struct ByteVec(pub Vec<u8>);
 impl From<Vec<u8>> for ByteVec {
 	fn from(value: Vec<u8>) -> Self {
 		ByteVec(value)
 	}
 }
 impl Display for ByteVec {
 	fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
 		write!(f, "[ ")?;
 		for el in self.0.iter() {
 			write!(f, "0x{:x} ", el)?;
 		}
 		write!(f, "]")?;
 		Ok(())
 	}
 }
 #[allow(unused)]
 pub fn read_buffer(pid: Pid, addr: usize, size: usize) -> Result<Vec<u8>> {
 	let mut out = vec![];