/// <summary> /// Se encarga de forwardear una funcion cuando no se está interceptando. Tambien aplica los filtros de match and replace /// </summary> private void AutoForwardFunction() { /* Prepares the function to apply 'matchs and replaces' */ if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Send".ToLower()) { Core.ProcessFunctions.send s = new Core.ProcessFunctions.send(Program.data.currentFunction); byte[] sendBuffer = s.GetBuffer(); if (sendBuffer != null && sendBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.send.PrepareFunction(Program.data.currentFunction, sendBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!Recv".ToLower()) { Core.ProcessFunctions.recv r = new Core.ProcessFunctions.recv(Program.data.currentFunction); byte[] recvBuffer = r.GetBuffer(); if (recvBuffer != null && recvBuffer.Length>0) Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!SendTo".ToLower()) { Core.ProcessFunctions.sendto st = new Core.ProcessFunctions.sendto(Program.data.currentFunction); byte[] sendToBuffer = st.GetBuffer(); if (sendToBuffer != null && sendToBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, sendToBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!RecvFrom".ToLower()) { Core.ProcessFunctions.recvfrom rf = new Core.ProcessFunctions.recvfrom(Program.data.currentFunction); byte[] recvFromBuffer = rf.GetBuffer(); if (recvFromBuffer != null && recvFromBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.recv.PrepareFunction(Program.data.currentFunction, recvFromBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASend".ToLower()) { Core.ProcessFunctions.WSAsend wsas = new Core.ProcessFunctions.WSAsend(Program.data.currentFunction); byte[] wsasBuffer = wsas.GetBuffer(); if (wsasBuffer != null && wsasBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.WSAsend.PrepareFunction(Program.data.currentFunction, wsasBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSASendTo".ToLower()) throw new Exception("not implemented"); else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecv".ToLower()) { Core.ProcessFunctions.WSArecv wsar = new Core.ProcessFunctions.WSArecv(Program.data.currentFunction); byte[] wsarBuffer = wsar.GetBuffer(); if (wsarBuffer != null && wsarBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, wsarBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!EncryptMessage".ToLower()) { Core.ProcessFunctions.EncryptMessage encMessage = new Core.ProcessFunctions.EncryptMessage(Program.data.currentFunction); byte[] encMessageBuffer = encMessage.GetBuffer(); if (encMessageBuffer != null && encMessageBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, encMessageBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "Secur32.dll!DecryptMessage".ToLower()) { Core.ProcessFunctions.DecryptMessage decMessage = new Core.ProcessFunctions.DecryptMessage(Program.data.currentFunction); byte[] decMessageBuffer = decMessage.GetBuffer(); if (decMessageBuffer != null && decMessageBuffer.Length > 0) Program.data.currentFunction = Core.ProcessFunctions.WSArecv.PrepareFunction(Program.data.currentFunction, decMessageBuffer); } else if (Program.data.currentFunction.Hook.FunctionName.ToLower() == "WS2_32.dll!WSARecvFrom".ToLower()) throw new Exception("not implemented"); else throw new Exception("Unknow handler"); Program.data.currentFunction.status = wrappers.FunctionWrapper.Status.Forwarded; //Program.data.AceptingNewFunctions = true; }
private bool ProcessWSASend(FunctionWrapper f) { Core.ProcessFunctions.WSAsend wsaSend = new Core.ProcessFunctions.WSAsend(f); byte[] buffer = wsaSend.GetBuffer(); DynamicFileByteProvider dynamicFileByteProvider; mStream = new MemoryStream(); mStream.Write(buffer, 0, buffer.Length); mStream.Seek(0, SeekOrigin.Begin); dynamicFileByteProvider = new DynamicFileByteProvider(mStream); hexBox.Invoke(new MethodInvoker(delegate { hexBox.ByteProvider = dynamicFileByteProvider; })); Search(0); return true; }