feat: added revert method to injectors
This commit is contained in:
parent
1a4cd5ab3b
commit
f567080751
5 changed files with 26 additions and 4 deletions
|
@ -1,14 +1,15 @@
|
|||
use nix::{unistd::Pid, Result, libc::{PROT_READ, MAP_PRIVATE, MAP_ANON, PROT_EXEC}, sys::{ptrace, wait::waitpid}};
|
||||
|
||||
use crate::{syscalls::RemoteMMap, senders::{write_buffer, read_buffer, ByteVec}, injector::RemoteOperation};
|
||||
use crate::{syscalls::{RemoteMMap, RemoteMUnmap}, senders::{write_buffer, read_buffer, ByteVec}, injector::RemoteOperation};
|
||||
|
||||
pub struct RemoteShellcode<'a> {
|
||||
code: &'a [u8],
|
||||
ptr: Option<u64>,
|
||||
}
|
||||
|
||||
impl<'a> RemoteShellcode<'a> {
|
||||
pub fn new(code: &'a [u8]) -> Self {
|
||||
RemoteShellcode { code }
|
||||
RemoteShellcode { code, ptr: None }
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -19,6 +20,7 @@ impl RemoteOperation for RemoteShellcode<'_> {
|
|||
0, self.code.len() + 1, PROT_READ | PROT_EXEC, MAP_PRIVATE | MAP_ANON, -1, 0
|
||||
).inject(pid, syscall)?;
|
||||
println!("Obtained area @ 0x{:X}", ptr);
|
||||
self.ptr = Some(ptr);
|
||||
let mut shellcode = self.code.to_vec();
|
||||
shellcode.push(0xCC); // is this the debugger trap?
|
||||
write_buffer(pid, ptr as usize, shellcode.as_slice())?;
|
||||
|
@ -33,4 +35,12 @@ impl RemoteOperation for RemoteShellcode<'_> {
|
|||
println!("Executed shellcode (RIP: 0x{:X})", after_regs.rip);
|
||||
Ok(ptr)
|
||||
}
|
||||
|
||||
fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
|
||||
if let Some(ptr) = self.ptr {
|
||||
return RemoteMUnmap::args(ptr as usize, self.code.len() + 1)
|
||||
.inject(pid, syscall);
|
||||
}
|
||||
Ok(0)
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
use std::{ffi::c_void, path::{Path, PathBuf}, io::{ErrorKind, Error}};
|
||||
|
||||
use elf::{ElfBytes, endian::AnyEndian, abi::{PT_LOAD, ET_EXEC}};
|
||||
use elf::{ElfBytes, endian::AnyEndian};
|
||||
use nix::{unistd::Pid, sys::{ptrace, wait::waitpid}};
|
||||
use proc_maps::get_process_maps;
|
||||
|
||||
|
|
|
@ -2,4 +2,5 @@ use nix::{Result, unistd::Pid};
|
|||
|
||||
pub trait RemoteOperation {
|
||||
fn inject(&mut self, pid: Pid, syscall: usize) -> Result<u64>;
|
||||
fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64>;
|
||||
}
|
||||
|
|
|
@ -2,7 +2,7 @@ use std::{ffi::c_void, fmt::Display, mem::size_of};
|
|||
|
||||
use nix::{Result, unistd::Pid, sys::ptrace, libc::{PROT_READ, PROT_WRITE, MAP_PRIVATE, MAP_ANON}};
|
||||
|
||||
use crate::{injector::RemoteOperation, syscalls::RemoteMMap};
|
||||
use crate::{injector::RemoteOperation, syscalls::{RemoteMMap, RemoteMUnmap}};
|
||||
|
||||
const WORD_SIZE : usize = size_of::<usize>();
|
||||
|
||||
|
@ -75,5 +75,13 @@ impl RemoteOperation for RemoteString {
|
|||
self.ptr = Some(ptr as usize);
|
||||
Ok(ptr)
|
||||
}
|
||||
|
||||
fn revert(&mut self, pid: Pid, syscall: usize) -> Result<u64> {
|
||||
if let Some(ptr) = self.ptr {
|
||||
return RemoteMUnmap::args(ptr, self.txt.len())
|
||||
.inject(pid, syscall);
|
||||
}
|
||||
Ok(0)
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -27,6 +27,8 @@ impl<T> RemoteOperation for T where T: RemoteSyscall {
|
|||
regs = ptrace::getregs(pid)?;
|
||||
Ok(regs.rax)
|
||||
}
|
||||
|
||||
fn revert(&mut self, _pid: Pid, _syscall: usize) -> Result<u64> { Ok(0) }
|
||||
}
|
||||
|
||||
pub struct RemoteMMap {
|
||||
|
@ -99,6 +101,7 @@ pub struct RemoteWrite {
|
|||
len: u64,
|
||||
}
|
||||
|
||||
#[allow(unused)]
|
||||
impl RemoteWrite {
|
||||
pub fn args(fd: i64, ptr: u64, len: u64) -> Self {
|
||||
RemoteWrite { fd, ptr, len }
|
||||
|
|
Loading…
Reference in a new issue