ragweed 0.2.0-java
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +32 -0
- data/README.rdoc +60 -0
- data/README.txt +9 -0
- data/Rakefile +86 -0
- data/VERSION +1 -0
- data/examples/hittracertux.rb +45 -0
- data/examples/hittracerx.rb +63 -0
- data/examples/hook_notepad.rb +9 -0
- data/examples/snicker.rb +183 -0
- data/examples/tux-example.rb +24 -0
- data/lib/ragweed/arena.rb +55 -0
- data/lib/ragweed/blocks.rb +128 -0
- data/lib/ragweed/debugger32.rb +400 -0
- data/lib/ragweed/debuggerosx.rb +456 -0
- data/lib/ragweed/debuggertux.rb +502 -0
- data/lib/ragweed/detour.rb +223 -0
- data/lib/ragweed/ptr.rb +48 -0
- data/lib/ragweed/rasm/bblock.rb +73 -0
- data/lib/ragweed/rasm/isa.rb +1115 -0
- data/lib/ragweed/rasm.rb +59 -0
- data/lib/ragweed/sbuf.rb +197 -0
- data/lib/ragweed/trampoline.rb +103 -0
- data/lib/ragweed/utils.rb +182 -0
- data/lib/ragweed/wrap32/debugging.rb +401 -0
- data/lib/ragweed/wrap32/device.rb +49 -0
- data/lib/ragweed/wrap32/event.rb +50 -0
- data/lib/ragweed/wrap32/hooks.rb +39 -0
- data/lib/ragweed/wrap32/overlapped.rb +46 -0
- data/lib/ragweed/wrap32/process.rb +613 -0
- data/lib/ragweed/wrap32/process_token.rb +75 -0
- data/lib/ragweed/wrap32/thread_context.rb +142 -0
- data/lib/ragweed/wrap32/winx.rb +16 -0
- data/lib/ragweed/wrap32/wrap32.rb +583 -0
- data/lib/ragweed/wrap32.rb +59 -0
- data/lib/ragweed/wraposx/constants.rb +114 -0
- data/lib/ragweed/wraposx/kernelerrorx.rb +147 -0
- data/lib/ragweed/wraposx/region_info.rb +275 -0
- data/lib/ragweed/wraposx/structs.rb +102 -0
- data/lib/ragweed/wraposx/thread_context.rb +902 -0
- data/lib/ragweed/wraposx/thread_info.rb +160 -0
- data/lib/ragweed/wraposx/thread_info.rb.old +121 -0
- data/lib/ragweed/wraposx/wraposx.rb +356 -0
- data/lib/ragweed/wraposx.rb +60 -0
- data/lib/ragweed/wraptux/constants.rb +101 -0
- data/lib/ragweed/wraptux/process.rb +35 -0
- data/lib/ragweed/wraptux/threads.rb +7 -0
- data/lib/ragweed/wraptux/wraptux.rb +72 -0
- data/lib/ragweed/wraptux.rb +57 -0
- data/lib/ragweed.rb +112 -0
- data/ragweed.gemspec +102 -0
- data/spec/ragweed_spec.rb +7 -0
- data/spec/spec_helper.rb +16 -0
- data/test/test_ragweed.rb +0 -0
- metadata +121 -0
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
require 'ffi'
|
|
2
|
+
|
|
3
|
+
module Ragweed::Wrap32
|
|
4
|
+
module EFlags
|
|
5
|
+
CARRY = (1 << 0)
|
|
6
|
+
X0 = (1 << 1)
|
|
7
|
+
PARITY = (1 << 2)
|
|
8
|
+
X1 = (1 << 3)
|
|
9
|
+
ADJUST = (1 << 4)
|
|
10
|
+
X2 = (1 << 5)
|
|
11
|
+
ZERO = (1 << 6)
|
|
12
|
+
SIGN = (1 << 7)
|
|
13
|
+
TRAP = (1 << 8)
|
|
14
|
+
INTERRUPT = (1 << 9)
|
|
15
|
+
DIRECTION = (1 << 10)
|
|
16
|
+
OVERFLOW = (1 << 11)
|
|
17
|
+
IOPL1 = (1 << 12)
|
|
18
|
+
IOPL2 = (1 << 13)
|
|
19
|
+
NESTEDTASK = (1 << 14)
|
|
20
|
+
X3 = (1 << 15)
|
|
21
|
+
RESUME = (1 << 16)
|
|
22
|
+
V86MODE = (1 << 17)
|
|
23
|
+
ALIGNCHECK = (1 << 18)
|
|
24
|
+
VINT = (1 << 19)
|
|
25
|
+
VINTPENDING = (1 << 20)
|
|
26
|
+
CPUID = (1 << 21)
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
module ContextFlags
|
|
30
|
+
I386 = 0x10000
|
|
31
|
+
CONTROL = 1
|
|
32
|
+
INTEGER = 2
|
|
33
|
+
SEGMENTS = 4
|
|
34
|
+
FLOATING_POINT = 8
|
|
35
|
+
DEBUG_REGISTERS = 0x10
|
|
36
|
+
|
|
37
|
+
FULL = (I386|CONTROL|INTEGER|SEGMENTS)
|
|
38
|
+
DEBUG = (FULL|DEBUG_REGISTERS)
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
class Ragweed::Wrap32::ThreadContext < FFI::Struct
|
|
43
|
+
include Ragweed::FFIStructInclude
|
|
44
|
+
|
|
45
|
+
## This is defined in WinNt.h
|
|
46
|
+
layout :context_flags, :long,
|
|
47
|
+
:dr0, :long,
|
|
48
|
+
:dr1, :long,
|
|
49
|
+
:dr2, :long,
|
|
50
|
+
:dr3, :long,
|
|
51
|
+
:dr6, :long,
|
|
52
|
+
:dr7, :long,
|
|
53
|
+
:floating_save, [:uint8, 112], ## XXX need a structure for this
|
|
54
|
+
:seg_gs, :long,
|
|
55
|
+
:seg_fs, :long,
|
|
56
|
+
:seg_es, :long,
|
|
57
|
+
:seg_ds, :long,
|
|
58
|
+
:edi, :long,
|
|
59
|
+
:esi, :long,
|
|
60
|
+
:ebx, :long,
|
|
61
|
+
:edx, :long,
|
|
62
|
+
:ecx, :long,
|
|
63
|
+
:eax, :long,
|
|
64
|
+
:ebp, :long,
|
|
65
|
+
:eip, :long,
|
|
66
|
+
:seg_cs, :long,
|
|
67
|
+
:eflags, :long,
|
|
68
|
+
:esp, :long,
|
|
69
|
+
:seg_ss, :long,
|
|
70
|
+
:spill, [:uint8, 512 ] ## MAXIMUM_SUPPORTED_EXTENSION
|
|
71
|
+
|
|
72
|
+
## XXX more helper methods here are needed
|
|
73
|
+
|
|
74
|
+
def inspect
|
|
75
|
+
body = lambda do
|
|
76
|
+
self.members.each_with_index do |m,i|
|
|
77
|
+
"#{self.members[i].to_s(16)} #{self.values[i].to_s.hexify}"
|
|
78
|
+
end.join(", ")
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
def dump(&block)
|
|
83
|
+
maybe_hex = lambda {|a| begin; "\n" + (" " * 9) + block.call(a, 16).hexdump(true)[10..-2]; rescue; ""; end }
|
|
84
|
+
#maybe_dis = lambda {|a| begin; "\n" + block.call(a, 16).distorm.map {|i| " " + i.mnem}.join("\n"); rescue; ""; end }
|
|
85
|
+
|
|
86
|
+
string =<<EOM
|
|
87
|
+
-----------------------------------------------------------------------
|
|
88
|
+
CONTEXT:
|
|
89
|
+
EIP: #{self.eip.to_s(16).rjust(8, "0")}
|
|
90
|
+
EAX: #{self.eax.to_s(16).rjust(8, "0")}
|
|
91
|
+
EBX: #{self.ebx.to_s(16).rjust(8, "0")}
|
|
92
|
+
ECX: #{self.ecx.to_s(16).rjust(8, "0")}
|
|
93
|
+
EDX: #{self.edx.to_s(16).rjust(8, "0")}
|
|
94
|
+
EDI: #{self.edi.to_s(16).rjust(8, "0")}
|
|
95
|
+
ESI: #{self.esi.to_s(16).rjust(8, "0")}
|
|
96
|
+
EBP: #{self.ebp.to_s(16).rjust(8, "0")}
|
|
97
|
+
ESP: #{self.esp.to_s(16).rjust(8, "0")}
|
|
98
|
+
EFL: #{self.eflags.to_s(2).rjust(32, "0")} #{Ragweed::Wrap32::EFlags.flag_dump(self.eflags)}
|
|
99
|
+
EOM
|
|
100
|
+
end
|
|
101
|
+
|
|
102
|
+
def single_step(v=true)
|
|
103
|
+
if v
|
|
104
|
+
self.eflags |= Ragweed::Wrap32::EFlags::TRAP
|
|
105
|
+
else
|
|
106
|
+
self.eflags &= ~(Ragweed::Wrap32::EFlags::TRAP)
|
|
107
|
+
end
|
|
108
|
+
end
|
|
109
|
+
end
|
|
110
|
+
|
|
111
|
+
module Ragweed::Wrap32
|
|
112
|
+
module Win
|
|
113
|
+
extend FFI::Library
|
|
114
|
+
|
|
115
|
+
ffi_lib 'kernel32'
|
|
116
|
+
ffi_convention :stdcall
|
|
117
|
+
attach_function 'SetThreadContext', [ :long, :pointer ], :long
|
|
118
|
+
attach_function 'GetThreadContext', [ :long, :pointer ], :long
|
|
119
|
+
end
|
|
120
|
+
|
|
121
|
+
class << self
|
|
122
|
+
def get_thread_context(h)
|
|
123
|
+
c = FFI::MemoryPointer.new(Ragweed::Wrap32::ThreadContext, 1)
|
|
124
|
+
ctx = Ragweed::Wrap32::ThreadContext.new c
|
|
125
|
+
ctx.context_flags = Ragweed::Wrap32::ContextFlags::DEBUG
|
|
126
|
+
#suspend_thread(h)
|
|
127
|
+
ret = Win.GetThreadContext(h, ctx)
|
|
128
|
+
#resume_thread(h)
|
|
129
|
+
if ret != 0
|
|
130
|
+
return ctx
|
|
131
|
+
else
|
|
132
|
+
raise WinX.new(:get_thread_context)
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
|
|
136
|
+
def set_thread_context(h, ctx)
|
|
137
|
+
ret = Win.SetThreadContext(h, ctx)
|
|
138
|
+
raise WinX.new(:set_thread_context) if ret == 0
|
|
139
|
+
return ret
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
%w[ostruct Win32API pp].each {|x| require x}
|
|
2
|
+
|
|
3
|
+
module Ragweed;end
|
|
4
|
+
module Ragweed::Wrap32
|
|
5
|
+
class WinX < StandardError
|
|
6
|
+
attr_reader :code
|
|
7
|
+
attr_reader :msg
|
|
8
|
+
attr_reader :call
|
|
9
|
+
def initialize(sym=nil)
|
|
10
|
+
@call = sym
|
|
11
|
+
@code = Ragweed::Wrap32::get_last_error()
|
|
12
|
+
@msg = "#{(@call ? @call.to_s + ": " : "")}(#{@code}) #{ Ragweed::Wrap32::format_message(@code) }"
|
|
13
|
+
super @msg
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
end
|