feat: added revert method to injectors

2023-03-28 22:31:17 +02:00 · 2023-03-28 22:31:17 +02:00 · f567080751
commit f567080751
parent 1a4cd5ab3b
5 changed files with 26 additions and 4 deletions
--- a/src/needle/executors.rs
+++ b/src/needle/executors.rs
@ -1,14 +1,15 @@
 use nix::{unistd::Pid, Result, libc::{PROT_READ, MAP_PRIVATE, MAP_ANON, PROT_EXEC}, sys::{ptrace, wait::waitpid}};

-use crate::{syscalls::RemoteMMap, senders::{write_buffer, read_buffer, ByteVec}, injector::RemoteOperation};
+use crate::{syscalls::{RemoteMMap, RemoteMUnmap}, senders::{write_buffer, read_buffer, ByteVec}, injector::RemoteOperation};

 pub struct RemoteShellcode<'a> {
 	code: &'a [u8],
+	ptr: Option<u64>,
 }

 impl<'a> RemoteShellcode<'a> {
 	pub fn new(code: &'a [u8]) -> Self {
-		RemoteShellcode { code }
+		RemoteShellcode { code, ptr: None }
 	}
 }

@ -19,6 +20,7 @@ impl RemoteOperation for RemoteShellcode<'_> {
 			0, self.code.len() + 1, PROT_READ | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0
 		).inject(pid, syscall)?;
 		println!("Obtained area @ 0x{:X}", ptr);
+		self.ptr = Some(ptr);
 		let mut shellcode = self.code.to_vec();
 		shellcode.push(0xCC); // is this the debugger trap?
 		write_buffer(pid, ptr as usize, shellcode.as_slice())?;
@ -33,4 +35,12 @@ impl RemoteOperation for RemoteShellcode<'_> {
 		println!("Executed shellcode (RIP: 0x{:X})", after_regs.rip);
 		Ok(ptr)
 	}
+
+	fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
+		if let Some(ptr) = self.ptr {
+			return RemoteMUnmap::args(ptr as usize, self.code.len() + 1)
+				.inject(pid, syscall);
+		}
+		Ok(0)
+	}
 }
--- a/src/needle/explorers.rs
+++ b/src/needle/explorers.rs
@ -1,6 +1,6 @@
 use std::{ffi::c_void, path::{Path, PathBuf}, io::{ErrorKind, Error}};

-use elf::{ElfBytes, endian::AnyEndian, abi::{PT_LOAD, ET_EXEC}};
+use elf::{ElfBytes, endian::AnyEndian};
 use nix::{unistd::Pid, sys::{ptrace, wait::waitpid}};
 use proc_maps::get_process_maps;

--- a/src/needle/injector.rs
+++ b/src/needle/injector.rs
@ -2,4 +2,5 @@ use nix::{Result, unistd::Pid};

 pub trait RemoteOperation {
 	fn inject(&mut self, pid: Pid, syscall: usize) -> Result<u64>;
+	fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64>;
 }
--- a/src/needle/senders.rs
+++ b/src/needle/senders.rs
@ -2,7 +2,7 @@ use std::{ffi::c_void, fmt::Display, mem::size_of};

 use nix::{Result, unistd::Pid, sys::ptrace, libc::{PROT_READ, PROT_WRITE, MAP_PRIVATE, MAP_ANON}};

-use crate::{injector::RemoteOperation, syscalls::RemoteMMap};
+use crate::{injector::RemoteOperation, syscalls::{RemoteMMap, RemoteMUnmap}};

 const WORD_SIZE : usize = size_of::<usize>();

@ -75,5 +75,13 @@ impl RemoteOperation for RemoteString {
 		self.ptr = Some(ptr as usize);
 		Ok(ptr)
 	}
+
+	fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
+		if let Some(ptr) = self.ptr {
+			return RemoteMUnmap::args(ptr, self.txt.len())
+				.inject(pid, syscall);
+		}
+		Ok(0)
+	}
 }

--- a/src/needle/syscalls.rs
+++ b/src/needle/syscalls.rs
@ -27,6 +27,8 @@ impl<T> RemoteOperation for T where T: RemoteSyscall {
 		regs = ptrace::getregs(pid)?;
 		Ok(regs.rax)
 	}
+
+	fn revert(&mut self, _pid: Pid, _syscall: usize) -> Result<u64> { Ok(0) }
 }

 pub struct RemoteMMap {
@ -99,6 +101,7 @@ pub struct RemoteWrite {
 	len: u64,
 }

+#[allow(unused)]
 impl RemoteWrite {
 	pub fn args(fd: i64, ptr: u64, len: u64) -> Self {
 		RemoteWrite { fd, ptr, len }