public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam lWsabuf = f.callInfo.Params().GetAt(1).Evaluate(); Nektra.Deviare2.INktParam lWsaSendTo = f.callInfo.Params().GetAt(3).Evaluate(); Nektra.Deviare2.INktParam len = lWsabuf.Fields().GetAt(0); Nektra.Deviare2.INktParam pBuff = lWsabuf.Fields().GetAt(1); foreach (MatchAndReplace.MatchAndReplace match in Program.data.GetReplaceList()) { if (!match.enabled) { continue; } if (match.replaceOutcomming) { bool changed; do { buffer = Searcher.Searcher.ReplaceBytes(buffer, match.match, match.replace, out changed); } while (changed); } } len.Value = buffer.Length; pBuff.Value = buffer; return(f); }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam lpBuffers = f.callInfo.Params().GetAt(1); Nektra.Deviare2.INktParam dwBufferCount = f.callInfo.Params().GetAt(2); Nektra.Deviare2.INktParam lpNumberOfBytesRecvd = f.callInfo.Params().GetAt(3); // Numero de estructuras ulong nStructs = dwBufferCount.Memory().Read(dwBufferCount.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedWord); // Puntero a donde apunta la lista de estructuras IntPtr lpwsabuf = new IntPtr(lpBuffers.Memory().Read(lpBuffers.Address, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); // len. No la leemos de la estructura WSABUF sino de WSARecv Nektra.Deviare2.INktParam NumberOfBytesRecvd = lpNumberOfBytesRecvd.Evaluate(); // *buf IntPtr pBuffer = new IntPtr(lpBuffers.Memory().Read(lpwsabuf + 4, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); // Modificamos el buffer Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffer, buffer); // Modificamos el tamaño lpNumberOfBytesRecvd.Value = buffer.Length; return(f); }
public static FunctionWrapper PrepareFunction(FunctionWrapper f, byte[] buffer) { Nektra.Deviare2.INktParam PSecBufferDesc = f.callInfo.Params().GetAt(1); Nektra.Deviare2.INktProcessMemory PSecBufferMemory = PSecBufferDesc.Memory(); /* * typedef struct _SecBufferDesc * { * ULONG ulVersion; * ULONG cBuffers; * PSecBuffer pBuffers; * } SecBufferDesc, *PSecBufferDesc; */ Nektra.Deviare2.INktParam _SecBufferDesc = PSecBufferDesc.Evaluate(); // estructura Nektra.Deviare2.INktParam cBuffers = _SecBufferDesc.Fields().GetAt(1); Nektra.Deviare2.INktParam pBuffers = _SecBufferDesc.Fields().GetAt(2); for (int i = 0; i < (int)cBuffers.Value; i++) { int offsetStructure = 12; int bytesLeidos; byte[] arBuffType = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 4 + (offsetStructure * i), (int)4, out bytesLeidos); int buffType = BitConverter.ToInt32(arBuffType, 0); if (buffType == 1) // SECBUFFER_DATA { byte[] arCbBuffer = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), (int)4, out bytesLeidos); int cbBuffer = BitConverter.ToInt32(arCbBuffer, 0); byte[] arBufferEntryPoint = Auxiliar.Memory.ReadMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 8 + (offsetStructure * i), (int)4, out bytesLeidos); int bufferEntryPoint = BitConverter.ToInt32(arBufferEntryPoint, 0); IntPtr ptrBufferEntryPoint = new IntPtr(bufferEntryPoint); // escribimos el buffer en memoria Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, ptrBufferEntryPoint, buffer); // escribimos la longitud en memoria Auxiliar.Memory.WriteMemory(f.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), BitConverter.GetBytes(buffer.Length)); // pfffff... mas me vale no crear un buffer con mayor longitud, porque se podrían sobrescribir zonas de memoria de esta estructura y crashear return(f); } } return(f); }
public byte[] GetBuffer() { if (function.callInfo.Params() == null) { return(null); } Nektra.Deviare2.INktParam PSecBufferDesc = function.callInfo.Params().GetAt(1); Nektra.Deviare2.INktProcessMemory PSecBufferMemory = PSecBufferDesc.Memory(); /* * typedef struct _SecBufferDesc * { * ULONG ulVersion; * ULONG cBuffers; * PSecBuffer pBuffers; * } SecBufferDesc, *PSecBufferDesc; */ Nektra.Deviare2.INktParam _SecBufferDesc = PSecBufferDesc.Evaluate(); // estructura Nektra.Deviare2.INktParam cBuffers = _SecBufferDesc.Fields().GetAt(1); Nektra.Deviare2.INktParam pBuffers = _SecBufferDesc.Fields().GetAt(2); for (int i = 0; i < (int)cBuffers.Value; i++) { int offsetStructure = 12; int bytesLeidos; byte[] arBuffType = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 4 + (offsetStructure * i), (int)4, out bytesLeidos); int buffType = BitConverter.ToInt32(arBuffType, 0); if (buffType == 1) // SECBUFFER_DATA { byte[] arCbBuffer = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 0 + (offsetStructure * i), (int)4, out bytesLeidos); int cbBuffer = BitConverter.ToInt32(arCbBuffer, 0); byte[] arBufferEntryPoint = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffers.PointerVal + 8 + (offsetStructure * i), (int)4, out bytesLeidos); int bufferEntryPoint = BitConverter.ToInt32(arBufferEntryPoint, 0); IntPtr ptrBufferEntryPoint = new IntPtr(bufferEntryPoint); byte[] content = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, ptrBufferEntryPoint, (int)cbBuffer, out bytesLeidos); return(content); } } return(null); }
public byte[] GetBuffer() { Nektra.Deviare2.INktParam lpBuffers = function.callInfo.Params().GetAt(1); Nektra.Deviare2.INktParam dwBufferCount = function.callInfo.Params().GetAt(2); Nektra.Deviare2.INktParam dwFlags = function.callInfo.Params().GetAt(4); Nektra.Deviare2.INktParam lpOverlapped = function.callInfo.Params().GetAt(5); Nektra.Deviare2.INktParam lpCompletionRoutine = function.callInfo.Params().GetAt(6); Nektra.Deviare2.INktProcessMemory Memory = lpBuffers.Memory(); //Lista de estructuras WSABUF IntPtr WSABUFList = lpBuffers.PointerVal; ArrayList buffer = new ArrayList(); //Por cada estructura WSABuf leemos sus datos for (int i = 0; i < (int)dwBufferCount.Value; i++) { //El primer puntero en la lista WSABUFList es la longitud ulong lenBytes = (ulong)Memory.Read(WSABUFList + i * 8, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord); if (lenBytes > 0) { //El segundo puntero en la lista WSABUFList es el buffer en si IntPtr intptrBuffer = new IntPtr(Memory.Read(WSABUFList + 4 + i * 8, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); //Leemos el buffer int readedBytes = 0; byte[] bufferTemp = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, intptrBuffer, (int)lenBytes, out readedBytes); buffer.AddRange(bufferTemp); } else { } } if (buffer.Count == 0) { return(new byte[0]); } else { byte[] arrBuffer = (byte[])buffer.ToArray(typeof(byte)); // Mod de plugins arrBuffer = Program.data.pluginMngr.pluginsApiNotExported.SetSendBuffer(arrBuffer); return(arrBuffer); } }
public byte[] GetBuffer() { Nektra.Deviare2.INktParam lpBuffers = function.callInfo.Params().GetAt(1); Nektra.Deviare2.INktParam dwBufferCount = function.callInfo.Params().GetAt(2); Nektra.Deviare2.INktParam lpNumberOfBytesRecvd = function.callInfo.Params().GetAt(3); Nektra.Deviare2.INktProcessMemory Memory = lpBuffers.Memory(); IntPtr WSABUFList = lpBuffers.PointerVal; // len. No la leemos de la estructura WSABUF sino de WSARecv Nektra.Deviare2.INktParam NumberOfBytesRecvd = lpNumberOfBytesRecvd.Evaluate(); // *buf IntPtr pBuffer = new IntPtr(Memory.Read(WSABUFList + 4, Nektra.Deviare2.eNktDboFundamentalType.ftUnsignedDoubleWord)); int readedBytes = 0; byte[] buffer = Auxiliar.Memory.ReadMemory(function.callInfo.Process().Id, pBuffer, (int)NumberOfBytesRecvd.Value, out readedBytes); // Mod de plugins buffer = Program.data.pluginMngr.pluginsApiNotExported.SetRecvBuffer(buffer); return(buffer); }