예제 #1
0
        private void displayPayload(object shellcode)
        {
            shellcode_RTB.Clear();
            payload = shellcode as GrayStorm.dataBox;
            if (shellcode is GrayStorm.dataBox)
            {
                if (disassemble_CB.Checked)
                {
                    beaEngine.disassemble disasm = new beaEngine.disassemble();
                    unsafe
                    {
                        //Prevent garbage collector from relocating a movable variable for the duration of the disassembly and get the IntPtr of a byte array.
                        fixed(byte *pointer = payload.data)
                        {
                            IntPtr offset = (IntPtr)pointer;

                            disasm.disassembler(payload.data, this.shellcode_RTB, offset);
                        }
                    }
                }
                else
                {
                    foreach (byte opcode in payload.data)
                    {
                        shellcode_RTB.AppendText(String.Format("0x{0:X2}\n", opcode));
                    }
                }
            }
        }
예제 #2
0
        public void dumpAsm_BT_Click(object sender, EventArgs e)
        {
            editor_RTB.Clear();
            IntPtr trueIntPtr = IntPtr.Zero;
            Delegate targetMethodDelegate = null;

            if (domainTraverser.currentMethod == null || domainTraverser.currentMethod.Name.Contains("Dispose"))
                return;
            int containedIndex = methodHelpers.containedInList(domainTraverser.currentMethod);
            if (containedIndex == -1 || methodHelpers.StorageInformationArrayList[containedIndex].dumped != true)
            {
                byte[] memory;
                if (containedIndex != -1)
                {
                    memory = assemblyHelpers.DumpAFunction(methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr);
                    grayStorm._addrOfMethod_TB.Text = methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr.ToString("X");
                    if (memory == null)
                    {
                        editor_RTB.AppendText(String.Format("COULD NOT READ MEMORY\n"));
                        return;
                    }
                    else
                    {
                        methodHelpers.StorageInformationArrayList[containedIndex].memory = memory;
                        methodHelpers.StorageInformationArrayList[containedIndex].dumped = true;
                    }
                }
                else
                {
                    methodInvoking invokeMethods = new methodInvoking();
                    System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(domainTraverser.currentMethod.MethodHandle); //JIT the method!
                    grayStorm._addrOfMethod_TB.Text = domainTraverser.currentMethod.MethodHandle.GetFunctionPointer().ToString("X");
                    targetMethodDelegate = invokeMethods.getMethodDelegate(domainTraverser.currentMethod); //Get the Delegate of the method.
                    trueIntPtr = invokeMethods.getIntPtrFromDelegate(targetMethodDelegate);
                    memory = assemblyHelpers.DumpAFunction(trueIntPtr);
                    if (memory == null)
                    {
                        editor_RTB.AppendText(String.Format("COULD NOT READ MEMORY\n"));
                        return;
                    }
                    else
                    {
                        currentMethod = new StorageInformation();
                        currentMethod.memory = memory;
                        currentMethod.methodSignature = domainTraverser.currentMethod;
                        currentMethod.dumped = true;
                        currentMethod.methodIntPtr = trueIntPtr;
                        currentMethod.oldMethod = currentMethod.memory;
                        currentMethod.methodDelegate = targetMethodDelegate;
                        methodHelpers.StorageInformationArrayList.Add(currentMethod);
                        containedIndex = methodHelpers.StorageInformationArrayList.Count - 1;
                        grayStorm._addrOfMethod_TB.Text = methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr.ToString("X");
                    }
                }
            }

            if (disassemble_CB.Checked)
            {
                beaEngine.disassemble disasm = new beaEngine.disassemble();
                disasm.disassembler(methodHelpers.StorageInformationArrayList[containedIndex].memory, this.editor_RTB, methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr);
            }
            else
            {
                foreach (byte b in methodHelpers.StorageInformationArrayList[containedIndex].memory)
                {
                    editor_RTB.AppendText(String.Format("0x{0:X2}\n", b));
                }
            }
        }
예제 #3
0
        public void dumpAsm_BT_Click(object sender, EventArgs e)
        {
            editor_RTB.Clear();
            IntPtr   trueIntPtr           = IntPtr.Zero;
            Delegate targetMethodDelegate = null;

            if (domainTraverser.currentMethod == null || domainTraverser.currentMethod.Name.Contains("Dispose"))
            {
                return;
            }
            int containedIndex = methodHelpers.containedInList(domainTraverser.currentMethod);

            if (containedIndex == -1 || methodHelpers.StorageInformationArrayList[containedIndex].dumped != true)
            {
                byte[] memory;
                if (containedIndex != -1)
                {
                    memory = assemblyHelpers.DumpAFunction(methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr);
                    grayStorm._addrOfMethod_TB.Text = methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr.ToString("X");
                    if (memory == null)
                    {
                        editor_RTB.AppendText(String.Format("COULD NOT READ MEMORY\n"));
                        return;
                    }
                    else
                    {
                        methodHelpers.StorageInformationArrayList[containedIndex].memory = memory;
                        methodHelpers.StorageInformationArrayList[containedIndex].dumped = true;
                    }
                }
                else
                {
                    methodInvoking invokeMethods = new methodInvoking();
                    System.Runtime.CompilerServices.RuntimeHelpers.PrepareMethod(domainTraverser.currentMethod.MethodHandle); //JIT the method!
                    grayStorm._addrOfMethod_TB.Text = domainTraverser.currentMethod.MethodHandle.GetFunctionPointer().ToString("X");
                    targetMethodDelegate            = invokeMethods.getMethodDelegate(domainTraverser.currentMethod);         //Get the Delegate of the method.
                    trueIntPtr = invokeMethods.getIntPtrFromDelegate(targetMethodDelegate);
                    memory     = assemblyHelpers.DumpAFunction(trueIntPtr);
                    if (memory == null)
                    {
                        editor_RTB.AppendText(String.Format("COULD NOT READ MEMORY\n"));
                        return;
                    }
                    else
                    {
                        currentMethod                 = new StorageInformation();
                        currentMethod.memory          = memory;
                        currentMethod.methodSignature = domainTraverser.currentMethod;
                        currentMethod.dumped          = true;
                        currentMethod.methodIntPtr    = trueIntPtr;
                        currentMethod.oldMethod       = currentMethod.memory;
                        currentMethod.methodDelegate  = targetMethodDelegate;
                        methodHelpers.StorageInformationArrayList.Add(currentMethod);
                        containedIndex = methodHelpers.StorageInformationArrayList.Count - 1;
                        grayStorm._addrOfMethod_TB.Text = methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr.ToString("X");
                    }
                }
            }

            if (disassemble_CB.Checked)
            {
                beaEngine.disassemble disasm = new beaEngine.disassemble();
                disasm.disassembler(methodHelpers.StorageInformationArrayList[containedIndex].memory, this.editor_RTB, methodHelpers.StorageInformationArrayList[containedIndex].methodIntPtr);
            }
            else
            {
                foreach (byte b in methodHelpers.StorageInformationArrayList[containedIndex].memory)
                {
                    editor_RTB.AppendText(String.Format("0x{0:X2}\n", b));
                }
            }
        }
예제 #4
0
        private void displayPayload(object shellcode)
        {
            shellcode_RTB.Clear();
            payload = shellcode as GrayStorm.dataBox;
            if (shellcode is GrayStorm.dataBox)
            {
                if (disassemble_CB.Checked)
                {
                    beaEngine.disassemble disasm = new beaEngine.disassemble();
                    unsafe
                    {
                        //Prevent garbage collector from relocating a movable variable for the duration of the disassembly and get the IntPtr of a byte array.
                        fixed (byte* pointer = payload.data)
                        {
                            IntPtr offset = (IntPtr)pointer;
                            disasm.disassembler(payload.data, this.shellcode_RTB, offset);
                        }
                    }
                }
                else
                {
                    foreach (byte opcode in payload.data)
                    {
                        shellcode_RTB.AppendText(String.Format("0x{0:X2}\n", opcode));

                    }
                }
            }
        }