diff options
| author | auth12 <[email protected]> | 2020-07-22 08:37:58 -0700 |
|---|---|---|
| committer | auth12 <[email protected]> | 2020-07-22 08:37:58 -0700 |
| commit | 7caedef9a8c343b63cef6e971f4f87660520bb82 (patch) | |
| tree | 66477c42a768bf5efb1177130347170c62f6cb60 /client/src/injection/mapper.cpp | |
| parent | Added game selection. (diff) | |
| download | loader-7caedef9a8c343b63cef6e971f4f87660520bb82.tar.xz loader-7caedef9a8c343b63cef6e971f4f87660520bb82.zip | |
Client injection.
Process class implementation.
Diffstat (limited to 'client/src/injection/mapper.cpp')
| -rw-r--r-- | client/src/injection/mapper.cpp | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/client/src/injection/mapper.cpp b/client/src/injection/mapper.cpp new file mode 100644 index 0000000..7fcb8b3 --- /dev/null +++ b/client/src/injection/mapper.cpp @@ -0,0 +1,105 @@ +#include "../include.h" +#include "../client/client.h" +#include "../util/util.h" +#include "process.h" +#include "mapper.h" + +void mmap::thread(tcp::client& client) { + while (client.mapper_data.imports.empty()) { + std::this_thread::sleep_for(std::chrono::milliseconds(100)); + } + + util::fetch_processes(); + + auto needle = std::find_if(util::process_list.begin(), util::process_list.end(), [&](util::process& proc) { + return proc.name() == "notepad++.exe"; + }); + + while (needle == util::process_list.end()) { + std::this_thread::sleep_for(std::chrono::seconds(5)); + util::fetch_processes(); + io::logger->info("waiting for process.."); + needle = std::find_if(util::process_list.begin(), util::process_list.end(), [&](util::process& proc) { + return proc.name() == "notepad++.exe"; + }); + } + + needle->open(); + needle->enum_modules(); + + auto image = needle->allocate(client.mapper_data.image_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!image) { + io::logger->error("failed to allocate memory for image."); + return; + } + + io::logger->info("image base : {:x}", image); + + auto imports = nlohmann::json::parse(client.mapper_data.imports); + + nlohmann::json final_imports; + for (auto& [key, value] : imports.items()) { + auto mod = key; + std::transform(mod.begin(), mod.end(), mod.begin(), ::tolower); + + auto base = needle->load(mod); + if (!base) { + io::logger->error("failed to load {}", mod); + continue; + } + + for (auto& i : value) { + auto name = i.get<std::string>(); + + auto func = needle->module_export(mod, name); + + final_imports[name] = func; + } + } + + nlohmann::json resp; + resp["alloc"] = image; + + client.write(tcp::packet_t(resp.dump(), tcp::packet_type::write, client.session_id, tcp::packet_id::image)); + + auto proc_imports = final_imports.dump(); + client.stream(proc_imports); + + io::logger->info("please wait..."); + while (client.mapper_data.image.empty()) { + std::this_thread::sleep_for(std::chrono::seconds(1)); + } + + if (!needle->write(image, client.mapper_data.image.data(), client.mapper_data.image.size())) { + io::logger->error("failed to write image."); + return; + } + + auto entry = image + client.mapper_data.entry; + + io::logger->info("entry : {:x}", entry); + + static std::vector<uint8_t> shellcode = { 0x55, 0x89, 0xE5, 0x6A, 0x00, 0x6A, 0x01, 0x68, 0xEF, 0xBE, + 0xAD, 0xDE, 0xB8, 0xEF, 0xBE, 0xAD, 0xDE, 0xFF, 0xD0, 0x89, 0xEC, 0x5D, 0xC3 }; + + *reinterpret_cast<uint32_t*>(&shellcode[8]) = image; + *reinterpret_cast<uint32_t*>(&shellcode[13]) = entry; + + auto code = needle->allocate(shellcode.size(), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); + if (!needle->write(code, shellcode.data(), shellcode.size())) { + io::logger->error("failed to write shellcode."); + return; + } + + io::logger->info("shellcode : {:x}", code); + + needle->thread(code); + + needle->free(code, shellcode.size()); + + needle->close(); + + io::logger->info("done"); + + std::cin.get(); +}
\ No newline at end of file |