lib works, now for frontend

This commit is contained in:
pozm 2024-02-11 17:16:11 +00:00
parent aaf92cd109
commit a4f3a7abd7
No known key found for this signature in database
GPG Key ID: 5AB655AFC8AAA822
5 changed files with 22 additions and 22 deletions

View File

@ -9,9 +9,9 @@ use poggers::{
use retour::static_detour;
// *const i32, *const i32, *const i32, bool
type open_and_parse_t = unsafe extern "fastcall" fn(*const i32, *const i32, *const i32, bool) -> ();
type open_and_parse_t = unsafe extern "fastcall" fn(*const i32, *const i32, *const u8, bool) -> ();
static_detour! {
pub static OpenAndParse: unsafe extern "fastcall" fn(*const i32, *const i32, *const i32, bool) -> ();
pub static OpenAndParse: unsafe extern "fastcall" fn(*const i32, *const i32, *const u8, bool) -> ();
}
#[poggers_derive::create_entry(no_free)]
@ -29,7 +29,6 @@ pub fn main() {
let modd = proc.get_base_module().unwrap();
println!("sending data, waiting for sig ver");
std::thread::sleep(Duration::from_secs(2));
sock.send(&buf);
let mut sig_type = [0; 4];
@ -42,20 +41,19 @@ pub fn main() {
let mut addr_offset = [0; 4];
unsafe { std::ptr::copy(ptr_to_fn, addr_offset.as_mut_ptr(), 4) };
let by = i32::from_ne_bytes(addr_offset);
println!("addr offset = {:x?}", addr_offset);
let fn_ptr = (addr + by as isize + 5) as *const c_void;
println!("fnptr = {:x?}", fn_ptr);
println!("sig found: {:x} {:p}", addr, ptr_to_fn);
println!("sig found: {:x} ", addr);
let sock2 = sock.try_clone().unwrap();
unsafe {
let open_and_parse = std::mem::transmute::<isize, open_and_parse_t>(fn_ptr as isize);
let opp = OpenAndParse
.initialize(open_and_parse, move |this, base, key, mode| {
println!("open and parse called {key:?}");
let mut key: *const u8 = std::ptr::null();
// std::arch::asm!("mov {}, r8", out(reg) key);
// println!("key = {:?}", key);
let mut read_key = [0u8; 32];
let ptr_to_key = (key as usize + 8) as *const *const u8;
std::ptr::copy(*ptr_to_key, read_key.as_mut_ptr(), 32);
sock2.send(read_key.as_slice());
})
.unwrap();
opp.enable();

View File

@ -6,6 +6,7 @@ use std::{
io::Read,
mem::{size_of, transmute},
net::UdpSocket,
path::Path,
ptr::{addr_of, null, null_mut},
time::Duration,
};
@ -39,6 +40,10 @@ fn create_pstr(c_str: &CStr) -> PSTR {
}
pub unsafe fn spawn_and_inject(proc: &str) {
let pth = Path::new(proc);
if !pth.is_file() {
panic!("file does not exist");
}
let cmd_line_c = CString::new(proc).expect("invalid cstr");
let start_up_info = STARTUPINFOA {
..Default::default()
@ -83,12 +88,7 @@ pub unsafe fn spawn_and_inject(proc: &str) {
);
let code_entry =
image_base_addr.wrapping_add((*nt_hdrs).OptionalHeader.AddressOfEntryPoint as usize);
println!(
"entry = {:p} B = {:X} C = {:p}",
code_entry,
(*nt_hdrs).OptionalHeader.AddressOfEntryPoint,
image_base_addr
);
println!("entry = {:p}", code_entry,);
let entry_insts: [u8; 2] = proc
.read(code_entry as usize)
.expect("failed to read entry");
@ -97,7 +97,6 @@ pub unsafe fn spawn_and_inject(proc: &str) {
//
// resume the thread
ResumeThread(proc_info.hThread);
// ResumeThread(proc_info.hThread);
// wait until trapped... and inject
let sock = UdpSocket::bind("127.0.0.1:28713").expect("failed to bind socket");
{
@ -112,12 +111,15 @@ pub unsafe fn spawn_and_inject(proc: &str) {
let _ = sock.recv(&mut []);
}
// we're done. let's kill the process.
println!("done, running code after enter..",);
let mut inp = String::new();
std::io::stdin().read_line(&mut inp);
println!("done, running code",);
proc.write(code_entry as usize, &entry_insts);
println!("waiting for call.");
let _ = sock.recv(&mut []);
println!("complete.");
let mut key = [0; 32];
let _ = sock.recv(&mut key);
println!("recieved key: ");
for val in key {
print!("{:x}", val);
}
println!("\ncomplete.");
TerminateProcess(proc_info.hProcess, 1);
}

View File

@ -2,6 +2,6 @@ use gdke::spawn_and_inject;
fn main() {
unsafe {
spawn_and_inject("./z421.exe");
spawn_and_inject(&std::env::args().nth(1).unwrap());
}
}

BIN
z421.exe Normal file

Binary file not shown.

BIN
z421.pck Normal file

Binary file not shown.