public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(); // Send CMD_END client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_END(0))); // Expect ACK client.Expect(Puppet.PACKET_TYPE.ACK); }
public void Invoke(Dictionary <string, object> options) { string verdict = (string)options["verdict"]; Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (client.hookOep == 0 || (client.hookPhase != 0 && verdict == "reject")) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } client.SendVerdict(verdict); }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true); // Send CMD_PS client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_PS(0))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } Logger.I(Program.GetResourceString("Commands.Ps.Header")); Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items.Clear(); }); // Obtain entries Puppet.PACKET_INTEGER pktInt; while (true) { pktInt = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER)); if ((Int64)pktInt.data == -1) { break; } string name = Puppet.Util.DeserializeString(client.Expect(Puppet.PACKET_TYPE.STRING)); Logger.I(Program.GetResourceString("Commands.Ps.Format", pktInt.data, name)); Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items.Add(new ListViewItem(new string[] { pktInt.data.ToString(), name })); }); } Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items[0].Selected = true; Me.UseWaitCursor = false; }); }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); // Send CMD_LOADDLL packets client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_LOADDLL(0))); client.Send(Puppet.Util.SerializeString((string)options["module"])); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (client.hookOep == 0) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } string expr = (string)options["expr"]; string result = Program.GetResourceString( "Threads.Client.Eval", expr, Threads.EvalEngine.EvalString(client, expr) ); Logger.I(result); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.txtHookedResults.Text += (result + Environment.NewLine)); }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); // Does not allow suspending a hooked process if (client.hookOep != 0) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // Send CMD_BREAK client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_BREAK(0))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true); // Send CMD_KILL Puppet.PACKET_CMD_KILL pktKill = new Puppet.PACKET_CMD_KILL(0); pktKill.pid = (UInt32)(int)options["pid"]; client.Send(Puppet.Util.Serialize(pktKill)); if ((bool)options["killAll"]) { client.Send(Puppet.Util.SerializeString((string)options["name"])); } // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { int id = (int)options["id"]; Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (id >= client.hooks.Count || client.hooks[id].name == null) { throw new ArgumentException(Program.GetResourceString("Commands.Unhook.NotFound")); } Threads.HookEntry entry = client.hooks[id]; // If client is under the current hook, cancel the operation with TargetNotApplicable if (client.hookOep == entry.oep) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // Prepare & send CMD_UNHOOK packets client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_UNHOOK(0))); client.Send(Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.oep))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } // Remove entry from client's hooks //client.hooks.Remove(entry); // This will cause following hooks' IDs change client.hooks[id] = new Threads.HookEntry(); Logger.I(Program.GetResourceString("Commands.Unhook.Uninstalled", id, entry.name)); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks()); }
public void Invoke(Dictionary <string, object> options) { int target = (int)options["target"]; bool lastDoll = (bool)options["lastDoll"]; bool lastMonitor = (bool)options["lastMonitor"]; if (target == -1 && !lastDoll && !lastMonitor) { Logger.I(Program.GetResourceString("Commands.Target.Header")); for (int i = 0; i < Threads.Client.theInstances.Count; i++) { Threads.Client instance = Threads.Client.theInstances[i]; Logger.I(Program.GetResourceString("Commands.Target.Format", (i == Threads.CmdEngine.theInstance.target) ? '*' : ' ', i, instance.clientName, instance.GetTypeString(), instance.GetStatusString(), instance.pid, instance.bits )); } return; } if (lastDoll) { target = Threads.CmdEngine.theInstance.targetLastDoll; } else if (lastMonitor) { target = Threads.CmdEngine.theInstance.targetLastMonitor; } if (target < 0 || target >= Threads.Client.theInstances.Count || Threads.Client.theInstances[target].isDead) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotAvailable")); } int targetLast = Threads.CmdEngine.theInstance.target; Threads.CmdEngine.theInstance.target = target; Threads.Client clientLast = Threads.Client.theInstances[targetLast]; if (clientLast.isMonitor) { Threads.CmdEngine.theInstance.targetLastMonitor = clientLast.isDead ? target : targetLast; } else { Threads.CmdEngine.theInstance.targetLastDoll = clientLast.isDead ? target : targetLast; } Threads.Client client = Threads.Client.theInstances[target]; Logger.I(Program.GetResourceString("Commands.Target.CurrentTarget", target, client.clientName, client.GetTypeString(), client.GetStatusString() )); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiTargets()); }
public void Invoke(Dictionary <string, object> options) { Threads.HookEntry entry = (Threads.HookEntry)options["entry"]; Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (entry.name == null) { Logger.I(Program.GetResourceString("Commands.Hook.Header")); for (int i = 0; i < client.hooks.Count; i++) { Threads.HookEntry hook = client.hooks[i]; // Skip the removed hooks if (hook.name == null) { continue; } Logger.I(Program.GetResourceString("Commands.Hook.Format", i, client.OepToString(hook.oep), hook.name )); } return; } // Check convention or fill in default values string[] conventions = (client.bits == 32 ? conventionsX86 : conventionsX64); if (entry.convention == null) { entry.convention = conventions[0]; } else if (Array.IndexOf(conventions, entry.convention) < 0) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // If the hook already exists, overwrite anything but OEP instead foreach (Threads.HookEntry hook in client.hooks) { if (hook.name == entry.name) { Logger.W(Program.GetResourceString("Commands.Hook.HookExists", entry.name)); entry.oep = hook.oep; client.hooks[client.hooks.IndexOf(hook)] = entry; return; } } // Prepare CMD_HOOK packets Puppet.PACKET_CMD_HOOK pktHook = new Puppet.PACKET_CMD_HOOK(0); byte[] bufMethod; switch (entry.addrMode) { case "symbol": pktHook.method = 0; bufMethod = Puppet.Util.SerializeString(entry.symbol); break; case "pattern": pktHook.method = 1; bufMethod = Puppet.Util.SerializeBinary(entry.pattern); break; case "addr": pktHook.method = 2; bufMethod = Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.addr)); break; default: // Input is sanitized so this should not happen throw new ArgumentException(); } // Send packets client.Send(Puppet.Util.Serialize(pktHook)); client.Send(bufMethod); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } // Fill OEP into entry Puppet.PACKET_INTEGER pktOep; pktOep = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER)); entry.oep = pktOep.data; // Add entry to client's hooks int id = client.hooks.Count; client.hooks.Add(entry); Logger.I(Program.GetResourceString("Commands.Hook.Installed", id, entry.name, client.OepToString(entry.oep))); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks()); }