contrast-agent 3.8.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (500) hide show
  1. checksums.yaml +7 -0
  2. data/.clang-format +5 -0
  3. data/.dockerignore +10 -0
  4. data/.gitignore +58 -0
  5. data/.gitmodules +6 -0
  6. data/.rspec +6 -0
  7. data/.simplecov +4 -0
  8. data/Gemfile +7 -0
  9. data/LICENSE.txt +12 -0
  10. data/Rakefile +15 -0
  11. data/exe/contrast_service +29 -0
  12. data/ext/build_funchook.rb +48 -0
  13. data/ext/cs__assess_active_record_named/cs__active_record_named.c +47 -0
  14. data/ext/cs__assess_active_record_named/cs__active_record_named.h +10 -0
  15. data/ext/cs__assess_active_record_named/extconf.rb +2 -0
  16. data/ext/cs__assess_array/cs__assess_array.c +38 -0
  17. data/ext/cs__assess_array/cs__assess_array.h +9 -0
  18. data/ext/cs__assess_array/extconf.rb +2 -0
  19. data/ext/cs__assess_basic_object/cs__assess_basic_object.c +50 -0
  20. data/ext/cs__assess_basic_object/cs__assess_basic_object.h +17 -0
  21. data/ext/cs__assess_basic_object/extconf.rb +2 -0
  22. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.c +86 -0
  23. data/ext/cs__assess_fiber_track/cs__assess_fiber_track.h +34 -0
  24. data/ext/cs__assess_fiber_track/extconf.rb +2 -0
  25. data/ext/cs__assess_hash/cs__assess_hash.c +64 -0
  26. data/ext/cs__assess_hash/cs__assess_hash.h +24 -0
  27. data/ext/cs__assess_hash/extconf.rb +2 -0
  28. data/ext/cs__assess_kernel/cs__assess_kernel.c +36 -0
  29. data/ext/cs__assess_kernel/cs__assess_kernel.h +10 -0
  30. data/ext/cs__assess_kernel/extconf.rb +2 -0
  31. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.c +47 -0
  32. data/ext/cs__assess_marshal_module/cs__assess_marshal_module.h +18 -0
  33. data/ext/cs__assess_marshal_module/extconf.rb +2 -0
  34. data/ext/cs__assess_module/cs__assess_module.c +78 -0
  35. data/ext/cs__assess_module/cs__assess_module.h +25 -0
  36. data/ext/cs__assess_module/extconf.rb +2 -0
  37. data/ext/cs__assess_regexp/cs__assess_regexp.c +48 -0
  38. data/ext/cs__assess_regexp/cs__assess_regexp.h +22 -0
  39. data/ext/cs__assess_regexp/extconf.rb +2 -0
  40. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.c +63 -0
  41. data/ext/cs__assess_regexp_track/cs__assess_regexp_track.h +29 -0
  42. data/ext/cs__assess_regexp_track/extconf.rb +2 -0
  43. data/ext/cs__assess_string/cs__assess_string.c +38 -0
  44. data/ext/cs__assess_string/cs__assess_string.h +19 -0
  45. data/ext/cs__assess_string/extconf.rb +2 -0
  46. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.c +31 -0
  47. data/ext/cs__assess_string_interpolation26/cs__assess_string_interpolation26.h +13 -0
  48. data/ext/cs__assess_string_interpolation26/extconf.rb +2 -0
  49. data/ext/cs__common/cs__common.c +60 -0
  50. data/ext/cs__common/cs__common.h +28 -0
  51. data/ext/cs__common/extconf.rb +20 -0
  52. data/ext/cs__contrast_patch/cs__contrast_patch.c +445 -0
  53. data/ext/cs__contrast_patch/cs__contrast_patch.h +196 -0
  54. data/ext/cs__contrast_patch/extconf.rb +2 -0
  55. data/ext/cs__protect_kernel/cs__protect_kernel.c +37 -0
  56. data/ext/cs__protect_kernel/cs__protect_kernel.h +11 -0
  57. data/ext/cs__protect_kernel/extconf.rb +2 -0
  58. data/ext/cs__scope/cs__scope.c +96 -0
  59. data/ext/cs__scope/cs__scope.h +33 -0
  60. data/ext/cs__scope/extconf.rb +2 -0
  61. data/ext/extconf_common.rb +49 -0
  62. data/funchook/LICENSE +360 -0
  63. data/funchook/Makefile +29 -0
  64. data/funchook/Makefile.in +29 -0
  65. data/funchook/README.md +121 -0
  66. data/funchook/appveyor.yml +42 -0
  67. data/funchook/autogen.sh +3 -0
  68. data/funchook/autom4te.cache/output.0 +4976 -0
  69. data/funchook/autom4te.cache/requests +78 -0
  70. data/funchook/autom4te.cache/traces.0 +364 -0
  71. data/funchook/config.guess +1530 -0
  72. data/funchook/config.log +490 -0
  73. data/funchook/config.status +1016 -0
  74. data/funchook/config.sub +1773 -0
  75. data/funchook/configure +4976 -0
  76. data/funchook/configure.ac +59 -0
  77. data/funchook/distorm/COPYING +26 -0
  78. data/funchook/distorm/MANIFEST +25 -0
  79. data/funchook/distorm/MANIFEST.in +4 -0
  80. data/funchook/distorm/README.md +12 -0
  81. data/funchook/distorm/disOps/disOps.py +795 -0
  82. data/funchook/distorm/disOps/x86db.py +404 -0
  83. data/funchook/distorm/disOps/x86header.py +247 -0
  84. data/funchook/distorm/disOps/x86sets.py +1664 -0
  85. data/funchook/distorm/examples/cs/TestdiStorm/Program.cs +79 -0
  86. data/funchook/distorm/examples/cs/TestdiStorm/Properties/AssemblyInfo.cs +36 -0
  87. data/funchook/distorm/examples/cs/TestdiStorm/TestdiStorm.csproj +69 -0
  88. data/funchook/distorm/examples/cs/distorm-net.sln +26 -0
  89. data/funchook/distorm/examples/cs/distorm-net/CodeInfo.cs +23 -0
  90. data/funchook/distorm/examples/cs/distorm-net/DecodedInst.cs +15 -0
  91. data/funchook/distorm/examples/cs/distorm-net/DecodedResult.cs +14 -0
  92. data/funchook/distorm/examples/cs/distorm-net/DecomposedInst.cs +36 -0
  93. data/funchook/distorm/examples/cs/distorm-net/DecomposedResult.cs +14 -0
  94. data/funchook/distorm/examples/cs/distorm-net/Opcodes.cs +1268 -0
  95. data/funchook/distorm/examples/cs/distorm-net/Opcodes.tt +37 -0
  96. data/funchook/distorm/examples/cs/distorm-net/Operand.cs +25 -0
  97. data/funchook/distorm/examples/cs/distorm-net/Properties/AssemblyInfo.cs +36 -0
  98. data/funchook/distorm/examples/cs/distorm-net/diStorm3.cs +411 -0
  99. data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj +80 -0
  100. data/funchook/distorm/examples/cs/readme +3 -0
  101. data/funchook/distorm/examples/ddk/README +48 -0
  102. data/funchook/distorm/examples/ddk/distorm.ini +11 -0
  103. data/funchook/distorm/examples/ddk/dummy.c +15 -0
  104. data/funchook/distorm/examples/ddk/main.c +91 -0
  105. data/funchook/distorm/examples/ddk/makefile +1 -0
  106. data/funchook/distorm/examples/ddk/sources +10 -0
  107. data/funchook/distorm/examples/java/Makefile +23 -0
  108. data/funchook/distorm/examples/java/distorm/src/Main.java +43 -0
  109. data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java +27 -0
  110. data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java +32 -0
  111. data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java +11 -0
  112. data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java +89 -0
  113. data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedResult.java +11 -0
  114. data/funchook/distorm/examples/java/distorm/src/diStorm3/OpcodeEnum.java +131 -0
  115. data/funchook/distorm/examples/java/distorm/src/diStorm3/Opcodes.java +1123 -0
  116. data/funchook/distorm/examples/java/distorm/src/diStorm3/Operand.java +24 -0
  117. data/funchook/distorm/examples/java/distorm/src/diStorm3/distorm3.java +41 -0
  118. data/funchook/distorm/examples/java/jdistorm.c +405 -0
  119. data/funchook/distorm/examples/java/jdistorm.h +40 -0
  120. data/funchook/distorm/examples/java/jdistorm.sln +20 -0
  121. data/funchook/distorm/examples/java/jdistorm.vcproj +208 -0
  122. data/funchook/distorm/examples/linux/Makefile +15 -0
  123. data/funchook/distorm/examples/linux/main.c +181 -0
  124. data/funchook/distorm/examples/tests/Makefile +15 -0
  125. data/funchook/distorm/examples/tests/main.cpp +42 -0
  126. data/funchook/distorm/examples/tests/main.py +66 -0
  127. data/funchook/distorm/examples/tests/test_distorm3.py +1672 -0
  128. data/funchook/distorm/examples/tests/tests.sln +20 -0
  129. data/funchook/distorm/examples/tests/tests.vcxproj +82 -0
  130. data/funchook/distorm/examples/tests/tests.vcxproj.filters +22 -0
  131. data/funchook/distorm/examples/win32/disasm.sln +25 -0
  132. data/funchook/distorm/examples/win32/disasm.vcxproj +201 -0
  133. data/funchook/distorm/examples/win32/disasm.vcxproj.filters +14 -0
  134. data/funchook/distorm/examples/win32/main.cpp +163 -0
  135. data/funchook/distorm/include/distorm.h +482 -0
  136. data/funchook/distorm/include/mnemonics.h +301 -0
  137. data/funchook/distorm/make/linux/Makefile +28 -0
  138. data/funchook/distorm/make/mac/Makefile +24 -0
  139. data/funchook/distorm/make/win32/cdistorm.vcxproj +239 -0
  140. data/funchook/distorm/make/win32/cdistorm.vcxproj.filters +80 -0
  141. data/funchook/distorm/make/win32/distorm.sln +25 -0
  142. data/funchook/distorm/make/win32/resource.h +14 -0
  143. data/funchook/distorm/make/win32/resource.rc +99 -0
  144. data/funchook/distorm/python/distorm3/__init__.py +957 -0
  145. data/funchook/distorm/python/distorm3/sample.py +51 -0
  146. data/funchook/distorm/setup.cfg +10 -0
  147. data/funchook/distorm/setup.py +266 -0
  148. data/funchook/distorm/src/config.h +169 -0
  149. data/funchook/distorm/src/decoder.c +641 -0
  150. data/funchook/distorm/src/decoder.h +33 -0
  151. data/funchook/distorm/src/distorm.c +413 -0
  152. data/funchook/distorm/src/instructions.c +597 -0
  153. data/funchook/distorm/src/instructions.h +463 -0
  154. data/funchook/distorm/src/insts.c +7939 -0
  155. data/funchook/distorm/src/insts.h +64 -0
  156. data/funchook/distorm/src/mnemonics.c +284 -0
  157. data/funchook/distorm/src/operands.c +1290 -0
  158. data/funchook/distorm/src/operands.h +28 -0
  159. data/funchook/distorm/src/prefix.c +368 -0
  160. data/funchook/distorm/src/prefix.h +64 -0
  161. data/funchook/distorm/src/textdefs.c +172 -0
  162. data/funchook/distorm/src/textdefs.h +57 -0
  163. data/funchook/distorm/src/wstring.c +47 -0
  164. data/funchook/distorm/src/wstring.h +35 -0
  165. data/funchook/distorm/src/x86defs.h +82 -0
  166. data/funchook/include/funchook.h +123 -0
  167. data/funchook/install-sh +527 -0
  168. data/funchook/src/Makefile +70 -0
  169. data/funchook/src/Makefile.in +70 -0
  170. data/funchook/src/__strerror.h +109 -0
  171. data/funchook/src/config.h +101 -0
  172. data/funchook/src/config.h.in +100 -0
  173. data/funchook/src/decoder.o +0 -0
  174. data/funchook/src/distorm.o +0 -0
  175. data/funchook/src/funchook.c +440 -0
  176. data/funchook/src/funchook.o +0 -0
  177. data/funchook/src/funchook_internal.h +155 -0
  178. data/funchook/src/funchook_io.c +182 -0
  179. data/funchook/src/funchook_io.h +64 -0
  180. data/funchook/src/funchook_io.o +0 -0
  181. data/funchook/src/funchook_syscall.S +134 -0
  182. data/funchook/src/funchook_syscall.o +0 -0
  183. data/funchook/src/funchook_unix.c +480 -0
  184. data/funchook/src/funchook_unix.o +0 -0
  185. data/funchook/src/funchook_windows.c +397 -0
  186. data/funchook/src/funchook_x86.c +622 -0
  187. data/funchook/src/funchook_x86.o +0 -0
  188. data/funchook/src/instructions.o +0 -0
  189. data/funchook/src/insts.o +0 -0
  190. data/funchook/src/libfunchook.so +0 -0
  191. data/funchook/src/mnemonics.o +0 -0
  192. data/funchook/src/operands.o +0 -0
  193. data/funchook/src/os_func.c +115 -0
  194. data/funchook/src/os_func.h +75 -0
  195. data/funchook/src/os_func.o +0 -0
  196. data/funchook/src/os_func_unix.c +94 -0
  197. data/funchook/src/os_func_unix.o +0 -0
  198. data/funchook/src/os_func_windows.c +32 -0
  199. data/funchook/src/prefix.o +0 -0
  200. data/funchook/src/printf_base.c +1688 -0
  201. data/funchook/src/printf_base.h +46 -0
  202. data/funchook/src/printf_base.o +0 -0
  203. data/funchook/src/textdefs.o +0 -0
  204. data/funchook/src/wstring.o +0 -0
  205. data/funchook/test/Makefile +43 -0
  206. data/funchook/test/Makefile.in +43 -0
  207. data/funchook/test/funchook_test +0 -0
  208. data/funchook/test/libfunchook_test.c +25 -0
  209. data/funchook/test/libfunchook_test.so +0 -0
  210. data/funchook/test/libfunchook_test2.c +18 -0
  211. data/funchook/test/suffix.list +600 -0
  212. data/funchook/test/test_main.c +430 -0
  213. data/funchook/test/test_main.o +0 -0
  214. data/funchook/test/x86_64_test.S +10 -0
  215. data/funchook/test/x86_64_test.o +0 -0
  216. data/funchook/test/x86_test.S +339 -0
  217. data/funchook/win32/config.h +1 -0
  218. data/funchook/win32/funchook.sln +52 -0
  219. data/funchook/win32/funchook.vcxproj +188 -0
  220. data/funchook/win32/funchook.vcxproj.filters +84 -0
  221. data/funchook/win32/funchook_test.vcxproj +170 -0
  222. data/funchook/win32/funchook_test.vcxproj.filters +22 -0
  223. data/funchook/win32/funchook_test_dll.vcxproj +184 -0
  224. data/funchook/win32/funchook_test_dll.vcxproj.filters +30 -0
  225. data/funchook/win32/funchook_test_exe.def +3 -0
  226. data/lib/contrast-agent.rb +8 -0
  227. data/lib/contrast.rb +57 -0
  228. data/lib/contrast/agent.rb +80 -0
  229. data/lib/contrast/agent/assess.rb +45 -0
  230. data/lib/contrast/agent/assess/adjusted_span.rb +25 -0
  231. data/lib/contrast/agent/assess/class_reverter.rb +82 -0
  232. data/lib/contrast/agent/assess/contrast_event.rb +398 -0
  233. data/lib/contrast/agent/assess/frozen_properties.rb +41 -0
  234. data/lib/contrast/agent/assess/insulator.rb +53 -0
  235. data/lib/contrast/agent/assess/policy/dynamic_source_factory.rb +78 -0
  236. data/lib/contrast/agent/assess/policy/patcher.rb +85 -0
  237. data/lib/contrast/agent/assess/policy/policy.rb +116 -0
  238. data/lib/contrast/agent/assess/policy/policy_node.rb +289 -0
  239. data/lib/contrast/agent/assess/policy/policy_scanner.rb +44 -0
  240. data/lib/contrast/agent/assess/policy/preshift.rb +94 -0
  241. data/lib/contrast/agent/assess/policy/propagation_method.rb +260 -0
  242. data/lib/contrast/agent/assess/policy/propagation_node.rb +127 -0
  243. data/lib/contrast/agent/assess/policy/propagator.rb +35 -0
  244. data/lib/contrast/agent/assess/policy/propagator/append.rb +54 -0
  245. data/lib/contrast/agent/assess/policy/propagator/base.rb +37 -0
  246. data/lib/contrast/agent/assess/policy/propagator/center.rb +73 -0
  247. data/lib/contrast/agent/assess/policy/propagator/custom.rb +36 -0
  248. data/lib/contrast/agent/assess/policy/propagator/database_write.rb +62 -0
  249. data/lib/contrast/agent/assess/policy/propagator/insert.rb +55 -0
  250. data/lib/contrast/agent/assess/policy/propagator/keep.rb +26 -0
  251. data/lib/contrast/agent/assess/policy/propagator/next.rb +42 -0
  252. data/lib/contrast/agent/assess/policy/propagator/prepend.rb +50 -0
  253. data/lib/contrast/agent/assess/policy/propagator/remove.rb +76 -0
  254. data/lib/contrast/agent/assess/policy/propagator/replace.rb +27 -0
  255. data/lib/contrast/agent/assess/policy/propagator/reverse.rb +38 -0
  256. data/lib/contrast/agent/assess/policy/propagator/select.rb +86 -0
  257. data/lib/contrast/agent/assess/policy/propagator/splat.rb +60 -0
  258. data/lib/contrast/agent/assess/policy/propagator/split.rb +49 -0
  259. data/lib/contrast/agent/assess/policy/propagator/substitution.rb +169 -0
  260. data/lib/contrast/agent/assess/policy/propagator/trim.rb +81 -0
  261. data/lib/contrast/agent/assess/policy/rewriter_patch.rb +79 -0
  262. data/lib/contrast/agent/assess/policy/source_method.rb +209 -0
  263. data/lib/contrast/agent/assess/policy/source_node.rb +62 -0
  264. data/lib/contrast/agent/assess/policy/trigger_method.rb +209 -0
  265. data/lib/contrast/agent/assess/policy/trigger_node.rb +198 -0
  266. data/lib/contrast/agent/assess/policy/trigger_validation/ssrf_validator.rb +77 -0
  267. data/lib/contrast/agent/assess/policy/trigger_validation/trigger_validation.rb +31 -0
  268. data/lib/contrast/agent/assess/policy/trigger_validation/xss_validator.rb +40 -0
  269. data/lib/contrast/agent/assess/properties.rb +392 -0
  270. data/lib/contrast/agent/assess/rule.rb +18 -0
  271. data/lib/contrast/agent/assess/rule/base.rb +72 -0
  272. data/lib/contrast/agent/assess/rule/csrf.rb +66 -0
  273. data/lib/contrast/agent/assess/rule/csrf/csrf_action.rb +28 -0
  274. data/lib/contrast/agent/assess/rule/csrf/csrf_applicator.rb +69 -0
  275. data/lib/contrast/agent/assess/rule/csrf/csrf_watcher.rb +132 -0
  276. data/lib/contrast/agent/assess/rule/provider.rb +21 -0
  277. data/lib/contrast/agent/assess/rule/provider/hardcoded_key.rb +62 -0
  278. data/lib/contrast/agent/assess/rule/provider/hardcoded_password.rb +73 -0
  279. data/lib/contrast/agent/assess/rule/provider/hardcoded_value_rule.rb +121 -0
  280. data/lib/contrast/agent/assess/rule/redos.rb +68 -0
  281. data/lib/contrast/agent/assess/rule/response_scanning_rule.rb +47 -0
  282. data/lib/contrast/agent/assess/rule/response_watcher.rb +36 -0
  283. data/lib/contrast/agent/assess/rule/watcher.rb +36 -0
  284. data/lib/contrast/agent/assess/tag.rb +151 -0
  285. data/lib/contrast/agent/at_exit_hook.rb +33 -0
  286. data/lib/contrast/agent/class_reopener.rb +195 -0
  287. data/lib/contrast/agent/deadzone/policy/deadzone_node.rb +26 -0
  288. data/lib/contrast/agent/deadzone/policy/policy.rb +57 -0
  289. data/lib/contrast/agent/disable_reaction.rb +24 -0
  290. data/lib/contrast/agent/exclusion_matcher.rb +190 -0
  291. data/lib/contrast/agent/feature_state.rb +379 -0
  292. data/lib/contrast/agent/inventory/policy/policy.rb +32 -0
  293. data/lib/contrast/agent/inventory/policy/trigger_node.rb +22 -0
  294. data/lib/contrast/agent/logger_manager.rb +116 -0
  295. data/lib/contrast/agent/middleware.rb +352 -0
  296. data/lib/contrast/agent/module_data.rb +16 -0
  297. data/lib/contrast/agent/patching/policy/after_load_patch.rb +37 -0
  298. data/lib/contrast/agent/patching/policy/after_load_patcher.rb +58 -0
  299. data/lib/contrast/agent/patching/policy/method_policy.rb +94 -0
  300. data/lib/contrast/agent/patching/policy/module_policy.rb +116 -0
  301. data/lib/contrast/agent/patching/policy/patch.rb +312 -0
  302. data/lib/contrast/agent/patching/policy/patch_status.rb +192 -0
  303. data/lib/contrast/agent/patching/policy/patcher.rb +310 -0
  304. data/lib/contrast/agent/patching/policy/policy.rb +138 -0
  305. data/lib/contrast/agent/patching/policy/policy_node.rb +80 -0
  306. data/lib/contrast/agent/patching/policy/policy_unpatcher.rb +28 -0
  307. data/lib/contrast/agent/patching/policy/trigger_node.rb +81 -0
  308. data/lib/contrast/agent/protect/policy/policy.rb +37 -0
  309. data/lib/contrast/agent/protect/policy/trigger_node.rb +23 -0
  310. data/lib/contrast/agent/protect/rule.rb +58 -0
  311. data/lib/contrast/agent/protect/rule/base.rb +300 -0
  312. data/lib/contrast/agent/protect/rule/base_service.rb +88 -0
  313. data/lib/contrast/agent/protect/rule/cmd_injection.rb +156 -0
  314. data/lib/contrast/agent/protect/rule/csrf.rb +118 -0
  315. data/lib/contrast/agent/protect/rule/csrf/csrf_evaluator.rb +103 -0
  316. data/lib/contrast/agent/protect/rule/csrf/csrf_token_injector.rb +85 -0
  317. data/lib/contrast/agent/protect/rule/default_scanner.rb +300 -0
  318. data/lib/contrast/agent/protect/rule/deserialization.rb +193 -0
  319. data/lib/contrast/agent/protect/rule/http_method_tampering.rb +80 -0
  320. data/lib/contrast/agent/protect/rule/no_sqli.rb +101 -0
  321. data/lib/contrast/agent/protect/rule/no_sqli/mongo_no_sql_scanner.rb +40 -0
  322. data/lib/contrast/agent/protect/rule/path_traversal.rb +143 -0
  323. data/lib/contrast/agent/protect/rule/sqli.rb +101 -0
  324. data/lib/contrast/agent/protect/rule/sqli/default_sql_scanner.rb +16 -0
  325. data/lib/contrast/agent/protect/rule/sqli/mysql_sql_scanner.rb +38 -0
  326. data/lib/contrast/agent/protect/rule/sqli/postgres_sql_scanner.rb +22 -0
  327. data/lib/contrast/agent/protect/rule/sqli/sqlite_sql_scanner.rb +19 -0
  328. data/lib/contrast/agent/protect/rule/unsafe_file_upload.rb +20 -0
  329. data/lib/contrast/agent/protect/rule/xss.rb +24 -0
  330. data/lib/contrast/agent/protect/rule/xxe.rb +120 -0
  331. data/lib/contrast/agent/protect/rule/xxe/entity_wrapper.rb +82 -0
  332. data/lib/contrast/agent/railtie.rb +30 -0
  333. data/lib/contrast/agent/reaction_processor.rb +47 -0
  334. data/lib/contrast/agent/request.rb +493 -0
  335. data/lib/contrast/agent/request_context.rb +225 -0
  336. data/lib/contrast/agent/require_state.rb +61 -0
  337. data/lib/contrast/agent/response.rb +215 -0
  338. data/lib/contrast/agent/rewriter.rb +244 -0
  339. data/lib/contrast/agent/scope.rb +28 -0
  340. data/lib/contrast/agent/service_heartbeat.rb +37 -0
  341. data/lib/contrast/agent/settings_state.rb +148 -0
  342. data/lib/contrast/agent/socket_client.rb +125 -0
  343. data/lib/contrast/agent/thread.rb +26 -0
  344. data/lib/contrast/agent/tracepoint_hook.rb +51 -0
  345. data/lib/contrast/agent/version.rb +8 -0
  346. data/lib/contrast/api.rb +17 -0
  347. data/lib/contrast/api/.gitkeep +0 -0
  348. data/lib/contrast/api/connection_status.rb +49 -0
  349. data/lib/contrast/api/socket.rb +43 -0
  350. data/lib/contrast/api/speedracer.rb +206 -0
  351. data/lib/contrast/api/tcp_socket.rb +31 -0
  352. data/lib/contrast/api/unix_socket.rb +25 -0
  353. data/lib/contrast/common_agent_configuration.rb +86 -0
  354. data/lib/contrast/components/agent.rb +85 -0
  355. data/lib/contrast/components/app_context.rb +188 -0
  356. data/lib/contrast/components/assess.rb +67 -0
  357. data/lib/contrast/components/config.rb +135 -0
  358. data/lib/contrast/components/contrast_service.rb +113 -0
  359. data/lib/contrast/components/heap_dump.rb +34 -0
  360. data/lib/contrast/components/interface.rb +178 -0
  361. data/lib/contrast/components/inventory.rb +23 -0
  362. data/lib/contrast/components/logger.rb +92 -0
  363. data/lib/contrast/components/protect.rb +38 -0
  364. data/lib/contrast/components/sampling.rb +41 -0
  365. data/lib/contrast/components/scope.rb +106 -0
  366. data/lib/contrast/components/settings.rb +140 -0
  367. data/lib/contrast/config.rb +33 -0
  368. data/lib/contrast/config/agent_configuration.rb +24 -0
  369. data/lib/contrast/config/application_configuration.rb +27 -0
  370. data/lib/contrast/config/assess_configuration.rb +22 -0
  371. data/lib/contrast/config/assess_rules_configuration.rb +18 -0
  372. data/lib/contrast/config/base_configuration.rb +105 -0
  373. data/lib/contrast/config/default_value.rb +16 -0
  374. data/lib/contrast/config/exception_configuration.rb +21 -0
  375. data/lib/contrast/config/heap_dump_configuration.rb +23 -0
  376. data/lib/contrast/config/inventory_configuration.rb +20 -0
  377. data/lib/contrast/config/logger_configuration.rb +20 -0
  378. data/lib/contrast/config/protect_configuration.rb +20 -0
  379. data/lib/contrast/config/protect_rule_configuration.rb +37 -0
  380. data/lib/contrast/config/protect_rules_configuration.rb +30 -0
  381. data/lib/contrast/config/root_configuration.rb +26 -0
  382. data/lib/contrast/config/ruby_configuration.rb +39 -0
  383. data/lib/contrast/config/sampling_configuration.rb +22 -0
  384. data/lib/contrast/config/server_configuration.rb +23 -0
  385. data/lib/contrast/config/service_configuration.rb +22 -0
  386. data/lib/contrast/configuration.rb +214 -0
  387. data/lib/contrast/core_extensions/assess.rb +51 -0
  388. data/lib/contrast/core_extensions/assess/array.rb +58 -0
  389. data/lib/contrast/core_extensions/assess/assess_extension.rb +145 -0
  390. data/lib/contrast/core_extensions/assess/basic_object.rb +15 -0
  391. data/lib/contrast/core_extensions/assess/erb.rb +42 -0
  392. data/lib/contrast/core_extensions/assess/exec_trigger.rb +48 -0
  393. data/lib/contrast/core_extensions/assess/fiber.rb +125 -0
  394. data/lib/contrast/core_extensions/assess/hash.rb +22 -0
  395. data/lib/contrast/core_extensions/assess/kernel.rb +95 -0
  396. data/lib/contrast/core_extensions/assess/module.rb +14 -0
  397. data/lib/contrast/core_extensions/assess/regexp.rb +206 -0
  398. data/lib/contrast/core_extensions/assess/string.rb +75 -0
  399. data/lib/contrast/core_extensions/assess/tilt_template_trigger.rb +73 -0
  400. data/lib/contrast/core_extensions/delegator.rb +14 -0
  401. data/lib/contrast/core_extensions/eval_trigger.rb +52 -0
  402. data/lib/contrast/core_extensions/inventory.rb +22 -0
  403. data/lib/contrast/core_extensions/inventory/datastores.rb +37 -0
  404. data/lib/contrast/core_extensions/module.rb +42 -0
  405. data/lib/contrast/core_extensions/object.rb +27 -0
  406. data/lib/contrast/core_extensions/protect.rb +20 -0
  407. data/lib/contrast/core_extensions/protect/applies_command_injection_rule.rb +70 -0
  408. data/lib/contrast/core_extensions/protect/applies_deserialization_rule.rb +58 -0
  409. data/lib/contrast/core_extensions/protect/applies_no_sqli_rule.rb +81 -0
  410. data/lib/contrast/core_extensions/protect/applies_path_traversal_rule.rb +119 -0
  411. data/lib/contrast/core_extensions/protect/applies_sqli_rule.rb +63 -0
  412. data/lib/contrast/core_extensions/protect/applies_xxe_rule.rb +141 -0
  413. data/lib/contrast/core_extensions/protect/kernel.rb +30 -0
  414. data/lib/contrast/core_extensions/protect/psych.rb +7 -0
  415. data/lib/contrast/core_extensions/thread.rb +31 -0
  416. data/lib/contrast/internal_exception.rb +8 -0
  417. data/lib/contrast/rails_extensions/assess/action_controller_inheritance.rb +48 -0
  418. data/lib/contrast/rails_extensions/assess/active_record.rb +32 -0
  419. data/lib/contrast/rails_extensions/assess/active_record_named.rb +61 -0
  420. data/lib/contrast/rails_extensions/assess/configuration.rb +26 -0
  421. data/lib/contrast/rails_extensions/buffer.rb +30 -0
  422. data/lib/contrast/rails_extensions/rack.rb +45 -0
  423. data/lib/contrast/security_exception.rb +14 -0
  424. data/lib/contrast/sinatra_extensions/assess/cookie.rb +26 -0
  425. data/lib/contrast/sinatra_extensions/inventory/sinatra_base.rb +59 -0
  426. data/lib/contrast/tasks/service.rb +95 -0
  427. data/lib/contrast/utils/assess/sampling_util.rb +96 -0
  428. data/lib/contrast/utils/assess/tracking_util.rb +39 -0
  429. data/lib/contrast/utils/boolean_util.rb +33 -0
  430. data/lib/contrast/utils/cache.rb +69 -0
  431. data/lib/contrast/utils/class_util.rb +58 -0
  432. data/lib/contrast/utils/comment_range.rb +19 -0
  433. data/lib/contrast/utils/data_store_util.rb +23 -0
  434. data/lib/contrast/utils/duck_utils.rb +58 -0
  435. data/lib/contrast/utils/env_configuration_item.rb +52 -0
  436. data/lib/contrast/utils/environment_util.rb +152 -0
  437. data/lib/contrast/utils/freeze_util.rb +36 -0
  438. data/lib/contrast/utils/gemfile_reader.rb +191 -0
  439. data/lib/contrast/utils/hash_digest.rb +148 -0
  440. data/lib/contrast/utils/heap_dump_util.rb +113 -0
  441. data/lib/contrast/utils/invalid_configuration_util.rb +88 -0
  442. data/lib/contrast/utils/inventory_util.rb +126 -0
  443. data/lib/contrast/utils/io_util.rb +61 -0
  444. data/lib/contrast/utils/object_share.rb +117 -0
  445. data/lib/contrast/utils/operating_environment.rb +38 -0
  446. data/lib/contrast/utils/os.rb +49 -0
  447. data/lib/contrast/utils/path_util.rb +151 -0
  448. data/lib/contrast/utils/performs_logging.rb +152 -0
  449. data/lib/contrast/utils/preflight_util.rb +13 -0
  450. data/lib/contrast/utils/prevent_serialization.rb +52 -0
  451. data/lib/contrast/utils/rack_assess_session_cookie.rb +104 -0
  452. data/lib/contrast/utils/rails_assess_configuration.rb +95 -0
  453. data/lib/contrast/utils/random_util.rb +22 -0
  454. data/lib/contrast/utils/resource_loader.rb +23 -0
  455. data/lib/contrast/utils/ruby_ast_rewriter.rb +74 -0
  456. data/lib/contrast/utils/scope_util.rb +99 -0
  457. data/lib/contrast/utils/service_response_util.rb +116 -0
  458. data/lib/contrast/utils/service_sender_util.rb +98 -0
  459. data/lib/contrast/utils/sha256_builder.rb +69 -0
  460. data/lib/contrast/utils/sinatra_helper.rb +49 -0
  461. data/lib/contrast/utils/stack_trace_utils.rb +209 -0
  462. data/lib/contrast/utils/string_utils.rb +72 -0
  463. data/lib/contrast/utils/tag_util.rb +139 -0
  464. data/lib/contrast/utils/thread_tracker.rb +54 -0
  465. data/lib/contrast/utils/timer.rb +78 -0
  466. data/resources/assess/policy.json +1673 -0
  467. data/resources/csrf/inject.js +44 -0
  468. data/resources/deadzone/policy.json +55 -0
  469. data/resources/factory-bot-spec/spec_helper.rb +30 -0
  470. data/resources/inventory/policy.json +110 -0
  471. data/resources/protect/policy.json +417 -0
  472. data/resources/rubocops/kernel/catch_cop.rb +37 -0
  473. data/resources/rubocops/kernel/require_cop.rb +37 -0
  474. data/resources/rubocops/kernel/require_relative_cop.rb +33 -0
  475. data/resources/rubocops/module/autoload_cop.rb +37 -0
  476. data/resources/rubocops/module/const_defined_cop.rb +37 -0
  477. data/resources/rubocops/module/const_get_cop.rb +37 -0
  478. data/resources/rubocops/module/const_set_cop.rb +37 -0
  479. data/resources/rubocops/module/constants_cop.rb +37 -0
  480. data/resources/rubocops/module/name_cop.rb +37 -0
  481. data/resources/rubocops/object/class_cop.rb +37 -0
  482. data/resources/rubocops/object/freeze_cop.rb +37 -0
  483. data/resources/rubocops/object/frozen_cop.rb +37 -0
  484. data/resources/rubocops/object/is_a_cop.rb +37 -0
  485. data/resources/rubocops/object/method_cop.rb +37 -0
  486. data/resources/rubocops/object/respond_to_cop.rb +37 -0
  487. data/resources/rubocops/object/singleton_class_cop.rb +37 -0
  488. data/resources/rubocops/regexp/spelling_cop.rb +44 -0
  489. data/resources/rubocops/thread/new_cop.rb +39 -0
  490. data/resources/ruby-spec/ancestors_spec.rb +70 -0
  491. data/resources/ruby-spec/modulo_spec.rb +831 -0
  492. data/resources/ruby-spec/parameters_spec.rb +261 -0
  493. data/resources/ruby-spec/ruby_spec_spec_helper.rb +35 -0
  494. data/resources/test_marker.txt +1 -0
  495. data/ruby-agent.gemspec +129 -0
  496. data/service_executables/.gitkeep +0 -0
  497. data/service_executables/VERSION +1 -0
  498. data/service_executables/linux/contrast-service +0 -0
  499. data/service_executables/mac/contrast-service +0 -0
  500. metadata +945 -0
data/funchook/distorm/examples/cs/distorm-net/distorm-net.csproj ADDED
@@ -0,0 +1,80 @@
1
+ <?xml version="1.0" encoding="utf-8"?>
2
+ <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
3
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
4
+ <PropertyGroup>
5
+ <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
6
+ <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
7
+ <ProjectGuid>{137ADE63-2489-4235-91C6-6CB664CAB63F}</ProjectGuid>
8
+ <OutputType>Library</OutputType>
9
+ <AppDesignerFolder>Properties</AppDesignerFolder>
10
+ <RootNamespace>diStorm</RootNamespace>
11
+ <AssemblyName>diStorm</AssemblyName>
12
+ <TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
13
+ <FileAlignment>512</FileAlignment>
14
+ <TargetFrameworkProfile />
15
+ </PropertyGroup>
16
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
17
+ <DebugSymbols>true</DebugSymbols>
18
+ <DebugType>full</DebugType>
19
+ <Optimize>false</Optimize>
20
+ <OutputPath>bin\Debug\</OutputPath>
21
+ <DefineConstants>DEBUG;TRACE</DefineConstants>
22
+ <ErrorReport>prompt</ErrorReport>
23
+ <WarningLevel>4</WarningLevel>
24
+ <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
25
+ <PlatformTarget>x64</PlatformTarget>
26
+ </PropertyGroup>
27
+ <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
28
+ <DebugType>pdbonly</DebugType>
29
+ <Optimize>true</Optimize>
30
+ <OutputPath>bin\Release\</OutputPath>
31
+ <DefineConstants>TRACE</DefineConstants>
32
+ <ErrorReport>prompt</ErrorReport>
33
+ <WarningLevel>4</WarningLevel>
34
+ <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
35
+ <PlatformTarget>x64</PlatformTarget>
36
+ </PropertyGroup>
37
+ <ItemGroup>
38
+ <Reference Include="System" />
39
+ <Reference Include="System.Core" />
40
+ <Reference Include="System.Xml.Linq" />
41
+ <Reference Include="System.Data.DataSetExtensions" />
42
+ <Reference Include="Microsoft.CSharp" />
43
+ <Reference Include="System.Data" />
44
+ <Reference Include="System.Xml" />
45
+ </ItemGroup>
46
+ <ItemGroup>
47
+ <Compile Include="CodeInfo.cs" />
48
+ <Compile Include="diStorm3.cs" />
49
+ <Compile Include="Opcodes.cs">
50
+ <AutoGen>True</AutoGen>
51
+ <DesignTime>True</DesignTime>
52
+ <DependentUpon>Opcodes.tt</DependentUpon>
53
+ </Compile>
54
+ <Compile Include="Properties\AssemblyInfo.cs" />
55
+ </ItemGroup>
56
+ <ItemGroup>
57
+ <None Include="Opcodes.tt">
58
+ <Generator>TextTemplatingFileGenerator</Generator>
59
+ <LastGenOutput>Opcodes.cs</LastGenOutput>
60
+ </None>
61
+ </ItemGroup>
62
+ <ItemGroup>
63
+ <Service Include="{508349B6-6B84-4DF5-91F0-309BEEBAD82D}" />
64
+ </ItemGroup>
65
+ <ItemGroup>
66
+ <Compile Include="DecodedResult.cs" />
67
+ <Compile Include="DecomposedInst.cs" />
68
+ <Compile Include="DecodedInst.cs" />
69
+ <Compile Include="DecomposedResult.cs" />
70
+ <Compile Include="Operand.cs" />
71
+ </ItemGroup>
72
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
73
+ <!-- To modify your build process, add your task inside one of the targets below and uncomment it.
74
+ Other similar extension points exist, see Microsoft.Common.targets.
75
+ <Target Name="BeforeBuild">
76
+ </Target>
77
+ <Target Name="AfterBuild">
78
+ </Target>
79
+ -->
80
+ </Project>
data/funchook/distorm/examples/cs/readme ADDED
@@ -0,0 +1,3 @@
1
+ This is a .NET Wrapper of the distorm project for seamless decompilation of 32-bit and 64-bit intel binaries.
2
+ This project is licensed under the GPLv3.
3
+ By Dan Shechter
data/funchook/distorm/examples/ddk/README ADDED
@@ -0,0 +1,48 @@
1
+ diStorm3 for Ring 0
2
+ Gil Dabah Aug 2010
3
+ http://ragestorm.net/distorm/
4
+
5
+ Tested sample with DDK 7600.16385.1 using WinXPSP2.
6
+
7
+ Steps of how to build the diStorm64 sample using the DDK.
8
+
9
+ Warning - Make sure the path you extracted diStorm to does not include any spaces, otherwise you will get an error from the build.
10
+
11
+ 1) Open the DDK's build environment, for example: "Win XP Free Build Environment",
12
+ which readies the evnrionment variables for building a driver. Or run the SETENV.BAT in console.
13
+
14
+ 2) Launch "build", once you're in the directory of the /ddkproj.
15
+
16
+ 3) If everything worked smoothly, you should see a new file named "distorm.sys" under objfre_wxp_x86\i386
17
+ (that's if you use WinXP and the Free Environment).
18
+
19
+ - If you experienced any errors, try moving the whole distorm directory to c:\winddk\src\
20
+ (or any other directory tree which doesn't contain spaces in its name).
21
+
22
+ 4) Now you will have to register the new driver:
23
+ a. Copy the distorm.sys file to \windows\system32\drivers\.
24
+ b. Use the DDK's regini.exe with the supplied distorm.ini.
25
+ c. Restart Windows for the effect to take place. :(
26
+
27
+ **The alternative is to use some tool like KmdManager.exe, which will register the driver without a need for the .ini file, nor a reboot.
28
+
29
+
30
+ 5) Now open your favorite debug-strings monitor (mine is DebugView).
31
+ Make sure you monitor kernel debug-strings.
32
+
33
+ 6) Launching "net start distorm" from command line, will run the DriverEntry code in "main.c",
34
+ which will disassemble a few instructions from the KeBugcheck routine and dump it using DbgPrint.
35
+
36
+
37
+ NOTES:
38
+ -+----
39
+ The sample uses the stack for storing the results from the decode function.
40
+ If you have too many structures on the stack, you better allocate memory before calling the decode function,
41
+ and later on free that memory. Don't use the NONPAGED pool if you don't really need it.
42
+
43
+ _OffsetType is the type of the DecodedInstruction.Offset field, which defaults to 64bits,
44
+ so make sure that when you print this variable you use %I64X, or when you use it anywhere else, you use the _OffsetType as well.
45
+ Notice that we call directly distorm_decode64, since we SUPPORT_64BIT_OFFSET and because we don't have the macros of distorm.h.
46
+
47
+ diStorm can be really compiled for all IRQL, it doesn't use any resource or the standard C library at all.
48
+ Although the sample uses diStorm at PASSIVE level.
data/funchook/distorm/examples/ddk/distorm.ini ADDED
@@ -0,0 +1,11 @@
1
+ \registry\machine\system\currentcontrolset\services\distorm
2
+ ImagePath = system32\drivers\distorm.sys
3
+ DisplayName = "distorm"
4
+ Type = REG_DWORD 0x1
5
+ Start = REG_DWORD 0x3
6
+ Group = Extended base
7
+ ErrorControl = REG_DWORD 0x1
8
+ \registry\machine\system\currentcontrolset\services\distorm\Parameters
9
+ BreakOnEntry = REG_DWORD 0x0
10
+ DebugMask = REG_DWORD 0x0
11
+ LogEvents = REG_DWORD 0x0
data/funchook/distorm/examples/ddk/dummy.c ADDED
@@ -0,0 +1,15 @@
1
+ // Since the DDK's nmake is limited with directories, we will bypass that with this simple hack.
2
+ // Thanks to Razvan Hobeanu.
3
+ // Sep 2009.
4
+
5
+
6
+ #include "../src/mnemonics.c"
7
+ #include "../src/wstring.c"
8
+ #include "../src/textdefs.c"
9
+ #include "../src/x86defs.c"
10
+ #include "../src/prefix.c"
11
+ #include "../src/operands.c"
12
+ #include "../src/insts.c"
13
+ #include "../src/instructions.c"
14
+ #include "../src/distorm.c"
15
+ #include "../src/decoder.c"
data/funchook/distorm/examples/ddk/main.c ADDED
@@ -0,0 +1,91 @@
1
+ /*
2
+ * main.c
3
+ * Sample kernel driver to show how diStorm can be easily compiled and used in Ring 0.
4
+ *
5
+ * /// Follow the README file in order to compile diStorm using the DDK. \\\
6
+ *
7
+ * Izik, Gil Dabah
8
+ * Jan 2007
9
+ * http://ragestorm.net/distorm/
10
+ */
11
+
12
+ #include <ntddk.h>
13
+ #include "../include/distorm.h"
14
+ #include "dummy.c"
15
+
16
+ // The number of the array of instructions the decoder function will use to return the disassembled instructions.
17
+ // Play with this value for performance...
18
+ #define MAX_INSTRUCTIONS (15)
19
+
20
+ void DriverUnload(IN PDRIVER_OBJECT DriverObject)
21
+ {
22
+ }
23
+
24
+ NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
25
+ {
26
+ UNICODE_STRING pFcnName;
27
+
28
+ // Holds the result of the decoding.
29
+ _DecodeResult res;
30
+ // Decoded instruction information.
31
+ _DecodedInst decodedInstructions[MAX_INSTRUCTIONS];
32
+ // next is used for instruction's offset synchronization.
33
+ // decodedInstructionsCount holds the count of filled instructions' array by the decoder.
34
+ unsigned int decodedInstructionsCount = 0, i, next;
35
+ // Default decoding mode is 32 bits, could be set by command line.
36
+ _DecodeType dt = Decode32Bits;
37
+
38
+ // Default offset for buffer is 0, could be set in command line.
39
+ _OffsetType offset = 0;
40
+ char* errch = NULL;
41
+
42
+ // Buffer to disassemble.
43
+ unsigned char *buf;
44
+ int len = 100;
45
+
46
+ // Register unload routine
47
+ DriverObject->DriverUnload = DriverUnload;
48
+
49
+ DbgPrint("diStorm Loaded!\n");
50
+
51
+ // Get address of KeBugCheck
52
+ RtlInitUnicodeString(&pFcnName, L"KeBugCheck");
53
+ buf = (char *)MmGetSystemRoutineAddress(&pFcnName);
54
+ offset = (unsigned) (_OffsetType)buf;
55
+
56
+ DbgPrint("Resolving KeBugCheck @ 0x%08x\n", buf);
57
+ // Decode the buffer at given offset (virtual address).
58
+
59
+ while (1) {
60
+ res = distorm_decode64(offset, (const unsigned char*)buf, len, dt, decodedInstructions, MAX_INSTRUCTIONS, &decodedInstructionsCount);
61
+ if (res == DECRES_INPUTERR) {
62
+ DbgPrint(("NULL Buffer?!\n"));
63
+ break;
64
+ }
65
+
66
+ for (i = 0; i < decodedInstructionsCount; i++) {
67
+ // Note that we print the offset as a 64 bits variable!!!
68
+ // It might be that you'll have to change it to %08X...
69
+ DbgPrint("%08I64x (%02d) %s %s %s\n", decodedInstructions[i].offset, decodedInstructions[i].size,
70
+ (char*)decodedInstructions[i].instructionHex.p,
71
+ (char*)decodedInstructions[i].mnemonic.p,
72
+ (char*)decodedInstructions[i].operands.p);
73
+ }
74
+
75
+ if (res == DECRES_SUCCESS || decodedInstructionsCount == 0) {
76
+ break; // All instructions were decoded.
77
+ }
78
+
79
+ // Synchronize:
80
+ next = (unsigned int)(decodedInstructions[decodedInstructionsCount-1].offset - offset);
81
+ next += decodedInstructions[decodedInstructionsCount-1].size;
82
+
83
+ // Advance ptr and recalc offset.
84
+ buf += next;
85
+ len -= next;
86
+ offset += next;
87
+ }
88
+
89
+ DbgPrint(("Done!\n"));
90
+ return STATUS_UNSUCCESSFUL; // Make sure the driver doesn't stay resident, so we can recompile and run again!
91
+ }
data/funchook/distorm/examples/ddk/makefile ADDED
@@ -0,0 +1 @@
1
+ !INCLUDE $(NTMAKEENV)\makefile.def
data/funchook/distorm/examples/ddk/sources ADDED
@@ -0,0 +1,10 @@
1
+ TARGETNAME = distorm
2
+ TARGETPATH = obj
3
+ TARGETTYPE = DRIVER
4
+
5
+ C_DEFINES = $(C_DEFINES) -DSUPPORT_64BIT_OFFSET -DLIBDISTORM
6
+
7
+ INCLUDES = %BUILD%\inc;..\src;
8
+ LIBS = %BUILD%\lib
9
+
10
+ SOURCES = main.c
data/funchook/distorm/examples/java/Makefile ADDED
@@ -0,0 +1,23 @@
1
+ UNAME_S := $(shell uname -s)
2
+
3
+ ifeq ($(UNAME_S),Darwin)
4
+
5
+ JAVA_HOME=$(shell /usr/libexec/java_home)
6
+
7
+ all: libjdistorm.dylib
8
+ libjdistorm.dylib: jdistorm.c jdistorm.h
9
+ gcc -dynamiclib -o libjdistorm.dylib jdistorm.c -I ${JAVA_HOME}/include/ -I ${JAVA_HOME}/include/darwin/ -ldistorm3
10
+
11
+ endif
12
+
13
+ ifeq ($(UNAME_S),Linux)
14
+
15
+ all: libjdistorm.so
16
+ jdistorm.o: jdistorm.c jdistorm.h
17
+ gcc -c jdistorm.c -fPIC -I ${JAVA_HOME}/include -I ${JAVA_HOME}/include/linux
18
+
19
+ libjdistorm.so: jdistorm.o
20
+ gcc -shared -o libjdistorm.so -L${JAVA_HOME}/jre/lib -ldistorm3 jdistorm.o
21
+
22
+ endif
23
+
data/funchook/distorm/examples/java/distorm/src/Main.java ADDED
@@ -0,0 +1,43 @@
1
+ import java.nio.ByteBuffer;
2
+
3
+ import diStorm3.distorm3.*;
4
+ import diStorm3.CodeInfo;
5
+ import diStorm3.DecodedInst;
6
+ import diStorm3.OpcodeEnum;
7
+ import diStorm3.distorm3;
8
+ import diStorm3.DecodedResult;
9
+ import diStorm3.DecomposedResult;
10
+ import diStorm3.DecomposedInst;
11
+
12
+ public class Main {
13
+
14
+ public static void main(String[] args) {
15
+ byte[] buf = new byte[4];
16
+ buf[0] = (byte)0xc3;
17
+ buf[1] = (byte)0x33;
18
+ buf[2] = (byte)0xc0;
19
+ buf[3] = (byte)0xc3;
20
+ CodeInfo ci = new CodeInfo((long)0x1000, buf, DecodeType.Decode32Bits, 0);
21
+ DecodedResult dr = new DecodedResult(10);
22
+ distorm3.Decode(ci, dr);
23
+
24
+ for (DecodedInst x : dr.mInstructions) {
25
+ String s = String.format("%x %s %s", x.getOffset(), x.getMnemonic(), x.getOperands());
26
+ System.out.println(s);
27
+ }
28
+
29
+ DecomposedResult dr2 = new DecomposedResult(10);
30
+ distorm3.Decompose(ci, dr2);
31
+
32
+ for (DecomposedInst y: dr2.mInstructions) {
33
+ if (y.getOpcode() != OpcodeEnum.RET) {
34
+ DecodedInst x = distorm3.Format(ci, y);
35
+ String s = String.format("%x %s %s", x.getOffset(), x.getMnemonic(), x.getOperands());
36
+ System.out.println(s);
37
+ }
38
+ }
39
+
40
+ }
41
+
42
+
43
+ }
data/funchook/distorm/examples/java/distorm/src/diStorm3/CodeInfo.java ADDED
@@ -0,0 +1,27 @@
1
+ package diStorm3;
2
+
3
+ import java.nio.ByteBuffer;
4
+
5
+ public class CodeInfo {
6
+ public CodeInfo(long codeOffset, ByteBuffer code, distorm3.DecodeType dt, int features) {
7
+ mCodeOffset = codeOffset;
8
+ mCode = code;
9
+ mDecodeType = dt.ordinal();
10
+ mFeatures = features;
11
+ }
12
+
13
+ public CodeInfo(long codeOffset, byte[] rawCode, distorm3.DecodeType dt, int features) {
14
+ mCode = ByteBuffer.allocateDirect(rawCode.length);
15
+ mCode.put(rawCode);
16
+
17
+ mCodeOffset = codeOffset;
18
+ mDecodeType = dt.ordinal();
19
+ mFeatures = features;
20
+ }
21
+
22
+ private long mCodeOffset;
23
+ private long mNextOffset;
24
+ private ByteBuffer mCode;
25
+ private int mDecodeType;
26
+ private int mFeatures;
27
+ }
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedInst.java ADDED
@@ -0,0 +1,32 @@
1
+ package diStorm3;
2
+
3
+ public class DecodedInst {
4
+ DecodedInst()
5
+ {
6
+ }
7
+ private String mMnemonic;
8
+ private String mOperands;
9
+ private String mHex;
10
+ private int mSize;
11
+ private long mOffset;
12
+
13
+ public String getMnemonic() {
14
+ return mMnemonic;
15
+ }
16
+
17
+ public String getOperands() {
18
+ return mOperands;
19
+ }
20
+
21
+ public String getHex() {
22
+ return mHex;
23
+ }
24
+
25
+ public int getSize() {
26
+ return mSize;
27
+ }
28
+
29
+ public long getOffset() {
30
+ return mOffset;
31
+ }
32
+ }
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecodedResult.java ADDED
@@ -0,0 +1,11 @@
1
+ package diStorm3;
2
+
3
+ public class DecodedResult {
4
+ public DecodedResult(int maxInstructions) {
5
+ mMaxInstructions = maxInstructions;
6
+ mInstructions = null;
7
+ }
8
+
9
+ public DecodedInst[] mInstructions;
10
+ private int mMaxInstructions;
11
+ }
data/funchook/distorm/examples/java/distorm/src/diStorm3/DecomposedInst.java ADDED
@@ -0,0 +1,89 @@
1
+ package diStorm3;
2
+
3
+ import diStorm3.Operand;
4
+ import diStorm3.Opcodes;
5
+
6
+ public class DecomposedInst {
7
+ private class ImmVariant {
8
+ private long mValue;
9
+ private int mSize;
10
+
11
+ public long getImm() {
12
+ return mValue;
13
+ }
14
+
15
+ public int getSize() {
16
+ return mSize;
17
+ }
18
+ }
19
+
20
+ private class DispVariant {
21
+
22
+ private long mDisplacement;
23
+ private int mSize;
24
+
25
+ public long getDisplacement() {
26
+ return mDisplacement;
27
+ }
28
+
29
+ public int getSize() {
30
+ return mSize;
31
+ }
32
+ }
33
+
34
+ private long mAddr;
35
+ private int mSize;
36
+ private int mFlags;
37
+ private int mSegment;
38
+ private int mBase, mScale;
39
+ private int mOpcode;
40
+ public Operand[] mOperands;
41
+ public DispVariant mDisp;
42
+ public ImmVariant mImm;
43
+ private int mUnusedPrefixesMask;
44
+ private int mMeta;
45
+ private int mRegistersMask;
46
+ private int mModifiedFlagsMask;
47
+ private int mTestedFlagsMask;
48
+ private int mUndefinedFlagsMask;
49
+
50
+ public long getAddress() {
51
+ return mAddr;
52
+ }
53
+ public int getSize() {
54
+ return mSize;
55
+ }
56
+ public OpcodeEnum getOpcode() {
57
+ return Opcodes.lookup(mOpcode);
58
+ }
59
+ public int getSegment() {
60
+ return mSegment & 0x7f;
61
+ }
62
+ public boolean isSegmentDefault() {
63
+ return (mSegment & 0x80) == 0x80;
64
+ }
65
+ public int getBase() {
66
+ return mBase;
67
+ }
68
+ public int getScale() {
69
+ return mScale;
70
+ }
71
+ public int getUnusedPrefixesMask() {
72
+ return mUnusedPrefixesMask;
73
+ }
74
+ public int getMeta() {
75
+ return mMeta;
76
+ }
77
+ public int getRegistersMask() {
78
+ return mRegistersMask;
79
+ }
80
+ public int getModifiedFlagsMask() {
81
+ return mModifiedFlagsMask;
82
+ }
83
+ public int getTestedFlagsMask() {
84
+ return mTestedFlagsMask;
85
+ }
86
+ public int getUndefinedFlagsMask() {
87
+ return mUndefinedFlagsMask;
88
+ }
89
+ }