public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); // Send CMD_LOADDLL packets client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_LOADDLL(0))); client.Send(Puppet.Util.SerializeString((string)options["module"])); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(); // Send CMD_END client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_END(0))); // Expect ACK client.Expect(Puppet.PACKET_TYPE.ACK); }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true); // Send CMD_KILL Puppet.PACKET_CMD_KILL pktKill = new Puppet.PACKET_CMD_KILL(0); pktKill.pid = (UInt32)(int)options["pid"]; client.Send(Puppet.Util.Serialize(pktKill)); if ((bool)options["killAll"]) { client.Send(Puppet.Util.SerializeString((string)options["name"])); } // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(true); // Send CMD_PS client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_PS(0))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } Logger.I(Program.GetResourceString("Commands.Ps.Header")); Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items.Clear(); }); // Obtain entries Puppet.PACKET_INTEGER pktInt; while (true) { pktInt = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER)); if ((Int64)pktInt.data == -1) { break; } string name = Puppet.Util.DeserializeString(client.Expect(Puppet.PACKET_TYPE.STRING)); Logger.I(Program.GetResourceString("Commands.Ps.Format", pktInt.data, name)); Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items.Add(new ListViewItem(new string[] { pktInt.data.ToString(), name })); }); } Threads.Gui.theInstance.InvokeOn((FDlgBrowsePID Me) => { Me.lstPs.Items[0].Selected = true; Me.UseWaitCursor = false; }); }
public void Invoke(Dictionary <string, object> options) { int id = (int)options["id"]; Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (id >= client.hooks.Count || client.hooks[id].name == null) { throw new ArgumentException(Program.GetResourceString("Commands.Unhook.NotFound")); } Threads.HookEntry entry = client.hooks[id]; // If client is under the current hook, cancel the operation with TargetNotApplicable if (client.hookOep == entry.oep) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // Prepare & send CMD_UNHOOK packets client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_UNHOOK(0))); client.Send(Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.oep))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } // Remove entry from client's hooks //client.hooks.Remove(entry); // This will cause following hooks' IDs change client.hooks[id] = new Threads.HookEntry(); Logger.I(Program.GetResourceString("Commands.Unhook.Uninstalled", id, entry.name)); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks()); }
public void Invoke(Dictionary <string, object> options) { Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); // Does not allow suspending a hooked process if (client.hookOep != 0) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // Send CMD_BREAK client.Send(Puppet.Util.Serialize(new Puppet.PACKET_CMD_BREAK(0))); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } }
public void Invoke(Dictionary <string, object> options) { Threads.HookEntry entry = (Threads.HookEntry)options["entry"]; Threads.Client client = Threads.CmdEngine.theInstance.GetTargetClient(false); if (entry.name == null) { Logger.I(Program.GetResourceString("Commands.Hook.Header")); for (int i = 0; i < client.hooks.Count; i++) { Threads.HookEntry hook = client.hooks[i]; // Skip the removed hooks if (hook.name == null) { continue; } Logger.I(Program.GetResourceString("Commands.Hook.Format", i, client.OepToString(hook.oep), hook.name )); } return; } // Check convention or fill in default values string[] conventions = (client.bits == 32 ? conventionsX86 : conventionsX64); if (entry.convention == null) { entry.convention = conventions[0]; } else if (Array.IndexOf(conventions, entry.convention) < 0) { throw new ArgumentException(Program.GetResourceString("Threads.CmdEngine.TargetNotApplicable")); } // If the hook already exists, overwrite anything but OEP instead foreach (Threads.HookEntry hook in client.hooks) { if (hook.name == entry.name) { Logger.W(Program.GetResourceString("Commands.Hook.HookExists", entry.name)); entry.oep = hook.oep; client.hooks[client.hooks.IndexOf(hook)] = entry; return; } } // Prepare CMD_HOOK packets Puppet.PACKET_CMD_HOOK pktHook = new Puppet.PACKET_CMD_HOOK(0); byte[] bufMethod; switch (entry.addrMode) { case "symbol": pktHook.method = 0; bufMethod = Puppet.Util.SerializeString(entry.symbol); break; case "pattern": pktHook.method = 1; bufMethod = Puppet.Util.SerializeBinary(entry.pattern); break; case "addr": pktHook.method = 2; bufMethod = Puppet.Util.Serialize(new Puppet.PACKET_INTEGER(entry.addr)); break; default: // Input is sanitized so this should not happen throw new ArgumentException(); } // Send packets client.Send(Puppet.Util.Serialize(pktHook)); client.Send(bufMethod); // Expect ACK(0) Puppet.PACKET_ACK pktAck; pktAck = Puppet.Util.Deserialize <Puppet.PACKET_ACK>(client.Expect(Puppet.PACKET_TYPE.ACK)); if (pktAck.status != 0) { throw new ArgumentException(Util.Win32ErrorToMessage((int)pktAck.status)); } // Fill OEP into entry Puppet.PACKET_INTEGER pktOep; pktOep = Puppet.Util.Deserialize <Puppet.PACKET_INTEGER>(client.Expect(Puppet.PACKET_TYPE.INTEGER)); entry.oep = pktOep.data; // Add entry to client's hooks int id = client.hooks.Count; client.hooks.Add(entry); Logger.I(Program.GetResourceString("Commands.Hook.Installed", id, entry.name, client.OepToString(entry.oep))); Threads.Gui.theInstance.InvokeOn((FMain Me) => Me.RefreshGuiHooks()); }