public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient();
// Send CMD_END
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_END(0)));
// Expect ACK
client.Expect(Puppet.PACKET_TYPE.ACK);
}
public void Invoke(Dictionary <string, object> options)
{
string verdict = (string)options["verdict"];
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
if (client.hookOep == 0 || (client.hookPhase != 0 && verdict == "reject"))
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable"));
}
client.SendVerdict(verdict);
}
public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true);
// Send CMD_PS
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_PS(0)));
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
Logger.I(Program.GetResourceString("Commands.Ps.Header"));
Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) =>
{
Me.lstPs.Items.Clear();
});
// Obtain entries
Puppet.PACKET_INTEGER pktInt;
while (true)
{
pktInt = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER));
if ((Int64)pktInt.data == -1)
{
break;
}
string name = Puppet.Util.DeserializeString(client.Expect(Puppet.PACKET_TYPE.STRING));
Logger.I(Program.GetResourceString("Commands.Ps.Format", pktInt.data, name));
Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) =>
{
Me.lstPs.Items.Add(new ListViewItem(new string[] {
pktInt.data.ToString(),
name
}));
});
}
Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) =>
{
Me.lstPs.Items[0].Selected = true;
Me.UseWaitCursor = false;
});
}
public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
// Send CMD_LOADDLL packets
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_LOADDLL(0)));
client.Send(Puppet.Util.SerializeString((string)options["module"]));
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
}
public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
if (client.hookOep == 0)
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable"));
}
string expr = (string)options["expr"];
string result = Program.GetResourceString(
"Threads.Client.Eval",
expr,
Threads.EvalEngine.EvalString(client, expr)
);
Logger.I(result);
Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.txtHookedResults.Text += (result + Environment.NewLine));
}
public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
// Does not allow suspending a hooked process
if (client.hookOep != 0)
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable"));
}
// Send CMD_BREAK
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_BREAK(0)));
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
}
public void Invoke(Dictionary <string, object> options)
{
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true);
// Send CMD_KILL
Puppet.PACKET_CMD_KILL pktKill = new Puppet.PACKET_CMD_KILL(0);
pktKill.pid = (UInt32)(int)options["pid"];
client.Send(Puppet.Util.Serialize(pktKill));
if ((bool)options["killAll"])
{
client.Send(Puppet.Util.SerializeString((string)options["name"]));
}
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
}
public void Invoke(Dictionary <string, object> options)
{
int id = (int)options["id"];
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
if (id >= client.hooks.Count || client.hooks[id].name == null)
{
throw new ArgumentException(Program.GetResourceString("Commands.Unhook.NotFound"));
}
Threads.HookEntry entry = client.hooks[id];
// If client is under the current hook, cancel the operation with TargetNotApplicable
if (client.hookOep == entry.oep)
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable"));
}
// Prepare & send CMD_UNHOOK packets
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_UNHOOK(0)));
client.Send(Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.oep)));
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
// Remove entry from client's hooks
//client.hooks.Remove(entry); // This will cause following hooks' IDs change
client.hooks[id] = new Threads.HookEntry();
Logger.I(Program.GetResourceString("Commands.Unhook.Uninstalled", id, entry.name));
Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks());
}
public void Invoke(Dictionary <string, object> options)
{
int target = (int)options["target"];
bool lastDoll = (bool)options["lastDoll"];
bool lastMonitor = (bool)options["lastMonitor"];
if (target == -1 && !lastDoll && !lastMonitor)
{
Logger.I(Program.GetResourceString("Commands.Target.Header"));
for (int i = 0; i < Threads.Client.theInstances.Count; i++)
{
Threads.Client instance = Threads.Client.theInstances[i];
Logger.I(Program.GetResourceString("Commands.Target.Format",
(i == Threads.CmdEngine.theInstance.target) ? '*' : ' ',
i,
instance.clientName,
instance.GetTypeString(),
instance.GetStatusString(),
instance.pid,
instance.bits
));
}
return;
}
if (lastDoll)
{
target = Threads.CmdEngine.theInstance.targetLastDoll;
}
else if (lastMonitor)
{
target = Threads.CmdEngine.theInstance.targetLastMonitor;
}
if (target < 0 || target >= Threads.Client.theInstances.Count || Threads.Client.theInstances[target].isDead)
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotAvailable"));
}
int targetLast = Threads.CmdEngine.theInstance.target;
Threads.CmdEngine.theInstance.target = target;
Threads.Client clientLast = Threads.Client.theInstances[targetLast];
if (clientLast.isMonitor)
{
Threads.CmdEngine.theInstance.targetLastMonitor = clientLast.isDead ? target : targetLast;
}
else
{
Threads.CmdEngine.theInstance.targetLastDoll = clientLast.isDead ? target : targetLast;
}
Threads.Client client = Threads.Client.theInstances[target];
Logger.I(Program.GetResourceString("Commands.Target.CurrentTarget",
target,
client.clientName,
client.GetTypeString(),
client.GetStatusString()
));
Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiTargets());
}
public void Invoke(Dictionary <string, object> options)
{
Threads.HookEntry entry = (Threads.HookEntry)options["entry"];
Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false);
if (entry.name == null)
{
Logger.I(Program.GetResourceString("Commands.Hook.Header"));
for (int i = 0; i < client.hooks.Count; i++)
{
Threads.HookEntry hook = client.hooks[i];
// Skip the removed hooks
if (hook.name == null)
{
continue;
}
Logger.I(Program.GetResourceString("Commands.Hook.Format",
i,
client.OepToString(hook.oep),
hook.name
));
}
return;
}
// Check convention or fill in default values
string[] conventions = (client.bits == 32 ? conventionsX86 : conventionsX64);
if (entry.convention == null)
{
entry.convention = conventions[0];
}
else if (Array.IndexOf(conventions, entry.convention) < 0)
{
throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable"));
}
// If the hook already exists, overwrite anything but OEP instead
foreach (Threads.HookEntry hook in client.hooks)
{
if (hook.name == entry.name)
{
Logger.W(Program.GetResourceString("Commands.Hook.HookExists", entry.name));
entry.oep = hook.oep;
client.hooks[client.hooks.IndexOf(hook)] = entry;
return;
}
}
// Prepare CMD_HOOK packets
Puppet.PACKET_CMD_HOOK pktHook = new Puppet.PACKET_CMD_HOOK(0);
byte[] bufMethod;
switch (entry.addrMode)
{
case "symbol":
pktHook.method = 0;
bufMethod = Puppet.Util.SerializeString(entry.symbol);
break;
case "pattern":
pktHook.method = 1;
bufMethod = Puppet.Util.SerializeBinary(entry.pattern);
break;
case "addr":
pktHook.method = 2;
bufMethod = Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.addr));
break;
default:
// Input is sanitized so this should not happen
throw new ArgumentException();
}
// Send packets
client.Send(Puppet.Util.Serialize(pktHook));
client.Send(bufMethod);
// Expect ACK(0)
Puppet.PACKET_ACK pktAck;
pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK));
if (pktAck.status != 0)
{
throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status));
}
// Fill OEP into entry
Puppet.PACKET_INTEGER pktOep;
pktOep = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER));
entry.oep = pktOep.data;
// Add entry to client's hooks
int id = client.hooks.Count;
client.hooks.Add(entry);
Logger.I(Program.GetResourceString("Commands.Hook.Installed", id, entry.name, client.OepToString(entry.oep)));
Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks());
}
