private bool ProcessDecryptMessage(FunctionWrapper f) { Core.ProcessFunctions.DecryptMessage fDecryptMessage = new Core.ProcessFunctions.DecryptMessage(f); byte[] buffer = fDecryptMessage.GetBuffer(); if (buffer == null) { lbFunction.Invoke(new MethodInvoker(delegate { lbFunction.Text = ""; })); f.status = FunctionWrapper.Status.Forwarded; return false; } DynamicFileByteProvider dynamicFileByteProvider; mStream = new MemoryStream(); mStream.Write(buffer, 0, buffer.Length); mStream.Seek(0, SeekOrigin.Begin); dynamicFileByteProvider = new DynamicFileByteProvider(mStream); hexBox.Invoke(new MethodInvoker(delegate { hexBox.ByteProvider = dynamicFileByteProvider; })); Search(0); return true; }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam lpBuffers = f.callInfo.Params().GetAt(1); Nektra.Deviare2.INktParam dwBufferCount = f.callInfo.Params().GetAt(2); Nektra.Deviare2.INktParam lpNumberOfBytesRecvd = f.callInfo.Params().GetAt(3); // Numero de estructuras ulong nStructs = dwBufferCount.Memory().Read(dwBufferCount.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedWord); // Puntero a donde apunta la lista de estructuras IntPtr lpwsabuf = new IntPtr(lpBuffers.Memory().Read(lpBuffers.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); // len. No la leemos de la estructura WSABUF sino de WSARecv Nektra.Deviare2.INktParam NumberOfBytesRecvd = lpNumberOfBytesRecvd.Evaluate(); // *buf IntPtr pBuffer = new IntPtr(lpBuffers.Memory().Read(lpwsabuf + 4, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); // Modificamos el buffer Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffer, buffer); // Modificamos el tamaño lpNumberOfBytesRecvd.Value = buffer.Length; return f; }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam lWsabuf = f.callInfo.Params().GetAt(1).Evaluate(); Nektra.Deviare2.INktParam lwsaSend = f.callInfo.Params().GetAt(3).Evaluate(); Nektra.Deviare2.INktParam len = lWsabuf.Fields().GetAt(0); Nektra.Deviare2.INktParam pBuff = lWsabuf.Fields().GetAt(1); foreach (MatchAndReplace.MatchAndReplace match in Program.data.GetReplaceList()) { if (!match.enabled) continue; if (match.replaceOutcomming) { bool changed; do { buffer = Searcher.Searcher.ReplaceBytes(buffer, match.match, match.replace, out changed); } while (changed); } } len.Value = buffer.Length; pBuff.Value = buffer; return f; }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam PSecBufferDesc = f.callInfo.Params().GetAt(2); Nektra.Deviare2.INktProcessMemory PSecBufferMemory = PSecBufferDesc.Memory(); /* typedef struct _SecBufferDesc { ULONG ulVersion; ULONG cBuffers; PSecBuffer pBuffers; } SecBufferDesc, *PSecBufferDesc; */ Nektra.Deviare2.INktParam _SecBufferDesc = PSecBufferDesc.Evaluate(); // estructura Nektra.Deviare2.INktParam cBuffers = _SecBufferDesc.Fields().GetAt(1); Nektra.Deviare2.INktParam pBuffers = _SecBufferDesc.Fields().GetAt(2); for (int i = 0; i < (int)cBuffers.Value; i++) { int offsetStructure = 12; int bytesLeidos; byte[] arBuffType = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 4 + (offsetStructure * i), (int)4, out bytesLeidos); int buffType = BitConverter.ToInt32(arBuffType, 0); if (buffType == 1) // SECBUFFER_DATA { byte[] arCbBuffer = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), (int)4, out bytesLeidos); int cbBuffer = BitConverter.ToInt32(arCbBuffer, 0); byte[] arBufferEntryPoint = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 8 + (offsetStructure * i), (int)4, out bytesLeidos); int bufferEntryPoint = BitConverter.ToInt32(arBufferEntryPoint, 0); IntPtr ptrBufferEntryPoint = new IntPtr(bufferEntryPoint); // escribimos el buffer en memoria Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, ptrBufferEntryPoint, buffer); // escribimos la longitud en memoria Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), BitConverter.GetBytes(buffer.Length)); // pfffff... mas me vale no crear un buffer con mayor longitud, porque se podrían sobrescribir zonas de memoria de esta estructura y crashear return f; } } return f; }
private bool ProcessSend(FunctionWrapper f) { Core.ProcessFunctions.send fSend = new Core.ProcessFunctions.send(f); byte[] buffer = fSend.GetBuffer(); DynamicFileByteProvider dynamicFileByteProvider; mStream = new MemoryStream(); mStream.Write(buffer, 0, buffer.Length); mStream.Seek(0, SeekOrigin.Begin); dynamicFileByteProvider = new DynamicFileByteProvider(mStream); hexBox.Invoke(new MethodInvoker(delegate { hexBox.ByteProvider = dynamicFileByteProvider; })); Search(0); return true; }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { foreach (MatchAndReplace.MatchAndReplace match in Program.data.GetReplaceList()) { if (!match.enabled) continue; if (match.replaceOutcomming) { bool changed; do { buffer = Searcher.Searcher.ReplaceBytes(buffer, match.match, match.replace, out changed); } while (changed); } } f.callInfo.Params().GetAt(2).Value = buffer.Length; ; f.callInfo.Params().GetAt(1).set_ValueAt(0, buffer); return f; }
public sendto(FunctionWrapper function) { // ¿Quien usa esta api? counter strike global offensiv this.function = function; }
private bool ProcessWSARecvFrom(FunctionWrapper f) { f.status = FunctionWrapper.Status.Forwarded; //Program.data.AceptingNewFunctions = true; lbFunction.Invoke(new MethodInvoker(delegate { lbFunction.Text = ""; })); return true; throw new Exception("Not implemented"); }
private bool ProcessWSARecv(FunctionWrapper f) { Core.ProcessFunctions.WSArecv fWSArecv = new Core.ProcessFunctions.WSArecv(f); byte[] buffer = fWSArecv.GetBuffer(); // Esto ocurre cuando la funcion devuelve -1 bytes leidos. Cuando no quedan mas datos que leer. // O cuando la primera estructura de wsabuff tiene una longitud de 0 bytes (aunque la segunda tenga datos, se omiten, forwardeando el paquete) if (buffer == null || buffer.Length == 0) { lbFunction.Invoke(new MethodInvoker(delegate { lbFunction.Text = ""; })); // Hacemos forward de la función y aceptamos nuevas f.status = FunctionWrapper.Status.Forwarded; //Program.data.AceptingNewFunctions = true; return false; } DynamicFileByteProvider dynamicFileByteProvider; mStream = new MemoryStream(); mStream.Write(buffer, 0, buffer.Length); mStream.Seek(0, SeekOrigin.Begin); dynamicFileByteProvider = new DynamicFileByteProvider(mStream); hexBox.Invoke(new MethodInvoker(delegate { hexBox.ByteProvider = dynamicFileByteProvider; })); Search(0); return true; }
private bool ProcessRecvFrom(FunctionWrapper f) { Core.ProcessFunctions.recvfrom fRecvfrom = new Core.ProcessFunctions.recvfrom(f); byte[] buffer = fRecvfrom.GetBuffer(); // Esto ocurre cuando la funcion devuelve -1 bytes leidos. Cuando no quedan mas datos que leer. if (buffer == null || buffer.Length == 0) { // Hacemos forward de la función y aceptamos nuevas f.status = FunctionWrapper.Status.Forwarded; //Program.data.AceptingNewFunctions = true; lbFunction.Invoke(new MethodInvoker(delegate { lbFunction.Text = ""; })); return false; } DynamicFileByteProvider dynamicFileByteProvider; mStream = new MemoryStream(); mStream.Write(buffer, 0, buffer.Length); mStream.Seek(0, SeekOrigin.Begin); dynamicFileByteProvider = new DynamicFileByteProvider(mStream); hexBox.Invoke(new MethodInvoker(delegate { hexBox.ByteProvider = dynamicFileByteProvider; })); Search(0); return true; }
public WSArecv(FunctionWrapper function) { // ¿Quien usa esta api? Apache2 this.function = function; }
public EncryptMessage(FunctionWrapper function) { this.function = function; }
public recv(FunctionWrapper function) { // ¿Quien usa esta api? xchat2 this.function = function; }
public recvfrom(FunctionWrapper function) { // ¿Quien usa esta api? this.function = function; }
public WSAsend(FunctionWrapper function) { // ¿Quien usa esta api? Apache¿? this.function = function; }