public void ExportedFunctions_Should_Be_Exported()
{
var exportedFunctions = new List <ExportedFunction> {
new ExportedFunction("print5", (env, args) => { Printer.Print("5");
return(ObjectFactory.Null); }, (0, 0))
};
_settings = new ScriptSettings(exportedFunctions);
_settings.Functions.Should().HaveCount(1);
}
private IntPtr GetFunctionAddress(Module module, ExportedFunction exportedFunction)
{
// Determine if the function is forwarded to another function
if (exportedFunction.ForwarderString is null)
{
return(module.BaseAddress + exportedFunction.Offset);
}
// Get the module and function that the function is forwarded to
var forwardedData = exportedFunction.ForwarderString.Split(".");
var forwardedModule = ResolveDllName($"{forwardedData[0]}.dll");
var forwardedFunction = forwardedData[1];
return(GetFunctionAddress(forwardedModule, forwardedFunction));
}
private void ExportGeneralFunctions()
{
_environment.ExportFunction(new ExportedFunction("print", Print, (1, 1)));
_environment.ExportFunction(new ExportedFunction("random", RandomNum, (1, 2)));
_environment.ExportFunction(new ExportedFunction("error", Error, (1, 1)));
}
static void Main(string[] args)
{
byte[] data = null;
byte[] userData = System.Text.Encoding.Default.GetBytes("None\0");
if (args.Length < 1)
{
Console.WriteLine("\n[!] Usage:\n\n\tDotNetLoader.exe <DLL File>\n\tDotNetLoader.exe <Shellcode Bin>");
return;
}
try
{
data = System.IO.File.ReadAllBytes(args[0]);
}
catch
{
Console.WriteLine("\n[!] Failed to load file");
Environment.Exit(0);
}
byte[] shellcode;
if (data[0] == 'M' && data[1] == 'Z')
{
// 0x30627745 - 'SayHello' - FunctionToHash.py
shellcode = ConvertToShellcode(data, 0x30627745, userData);
Console.WriteLine("[+] Converted DLL to shellcode");
}
else
{
shellcode = data;
}
GCHandle scHandle = GCHandle.Alloc(shellcode, GCHandleType.Pinned);
IntPtr scPointer = scHandle.AddrOfPinnedObject();
if (!Native.VirtualProtect(scPointer, (UIntPtr)shellcode.Length, Native.PAGE_EXECUTE_READWRITE, out uint flOldProtect))
{
Console.WriteLine("[!] Failed to set memory flags");
return;
}
ReflectiveLoader reflectiveLoader = (ReflectiveLoader)Marshal.GetDelegateForFunctionPointer(scPointer, typeof(ReflectiveLoader));
Console.WriteLine("[+] Executing RDI");
IntPtr peLocation = reflectiveLoader();
IntPtr expFunctionLocation = PE.GetProcAddressR(peLocation, "SayGoodbye");
if (expFunctionLocation != IntPtr.Zero)
{
ExportedFunction exportedFunction = (ExportedFunction)Marshal.GetDelegateForFunctionPointer(expFunctionLocation, typeof(ExportedFunction));
GCHandle userDataHandle = GCHandle.Alloc(userData, GCHandleType.Pinned);
IntPtr userDataPointer = userDataHandle.AddrOfPinnedObject();
Console.WriteLine("[+] Calling exported function");
exportedFunction(userDataPointer, (uint)userData.Length);
}
}
public static List <Module> GetModules(string contents, string fileName)
{
var currentAst = new TypeScriptAST();
var modules = new List <Module>();
currentAst.MakeAST(contents, fileName);
foreach (var functionDeclaration in currentAst.RootNode.Children.OfType <FunctionDeclaration>().Where(f => f.Modifiers != null && f.Modifiers.Any(m => m.Kind == SyntaxKind.ExportKeyword)))
{
var module = new ExportedFunction(functionDeclaration.IdentifierStr);
modules.Add(module);
}
foreach (var classDeclaration in currentAst.GetDescendants().OfType <ClassDeclaration>())
{
Module module = null;
if (classDeclaration.Decorators != null)
{
foreach (var decorator in classDeclaration.Decorators)
{
if (decorator.Expression is CallExpression)
{
var callExpression = (CallExpression)decorator.Expression;
switch (callExpression.IdentifierStr)
{
case "NgModule":
{
module = new AngularModule(classDeclaration.IdentifierStr);
modules.Add(module);
}
break;
case "Component":
{
module = new Page(classDeclaration.IdentifierStr);
modules.Add(module);
}
break;
case "Pipe":
{
module = new Pipe(classDeclaration.IdentifierStr);
modules.Add(module);
}
break;
case "Directive":
{
module = new Directive(classDeclaration.IdentifierStr);
modules.Add(module);
}
break;
case "Injectable":
{
module = new Provider(classDeclaration.IdentifierStr);
modules.Add(module);
}
break;
default:
{
DebugUtils.Break();
break;
}
}
}
else
{
DebugUtils.Break();
}
}
}
if (module == null)
{
module = new ESModule(classDeclaration.IdentifierStr);
modules.Add(module);
}
}
return(modules);
}
public void Add(ExportedFunction function)
{
_functions.Add(function);
}
public void ExportedFunction_Should_Be_Available_For_Use_In_Script()
{
var toIncrease = 6;
var settings = new ScriptSettings(new List <ExportedFunction> {
new ExportedFunction("increaseBy3", IncreaseBy3, (1, 1))
});
