CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/external/source/byakugan/byakugan.cpp
Views: 11766
1
#include "byakugan.h"

2
#include "jutsu.h"

3


4


5
PDEBUG_CLIENT4			g_ExtClient;

6
PDEBUG_CONTROL			g_ExtControl;

7
PDEBUG_SYMBOLS3			g_ExtSymbols;

8
PDEBUG_SYSTEM_OBJECTS2	g_ExtSystem;

9
PDEBUG_DATA_SPACES		g_ExtData;

10


11
WINDBG_EXTENSION_APIS   ExtensionApis;

12


13
ULONG   TargetMachine;

14
BOOL    Connected;

15


16
// Queries for all debugger interfaces.

17
extern "C" HRESULT

18
ExtQuery(PDEBUG_CLIENT4 Client)

19
{

20
    HRESULT Status;

21


22
    if ((Status = Client->QueryInterface(__uuidof(IDebugControl),

23
                                 (void **)&g_ExtControl)) != S_OK)

24
    {

25
        goto Fail;

26
    }

27
    if ((Status = Client->QueryInterface(__uuidof(IDebugSymbols3),

28
                                (void **)&g_ExtSymbols)) != S_OK)

29
    {

30
		goto Fail;

31
    }

32
	if ((Status = Client->QueryInterface(__uuidof(IDebugSystemObjects2),

33
								(void **)&g_ExtSystem)) != S_OK)

34
	{

35
		goto Fail;

36
	}

37


38
	if ((Status = Client->QueryInterface(__uuidof(IDebugDataSpaces),

39
					(void **)&g_ExtData)) != S_OK){

40
		goto Fail;

41
	}

42


43
    g_ExtClient = Client;

44


45
    return S_OK;

46


47
 Fail:

48
	dprintf("Fuck...");

49
    ExtRelease();

50
    return Status;

51
}

52


53
// Cleans up all debugger interfaces.

54
void

55
ExtRelease(void)

56
{

57
    g_ExtClient = NULL;

58
    EXT_RELEASE(g_ExtControl);

59
    EXT_RELEASE(g_ExtSymbols);

60
}

61


62


63
// Normal output.

64
void __cdecl

65
ExtOut(PCSTR Format, ...)

66
{

67
    va_list Args;

68


69
    va_start(Args, Format);

70
    g_ExtControl->OutputVaList(DEBUG_OUTPUT_NORMAL, Format, Args);

71
    va_end(Args);

72
}

73


74
// Error output.

75
void __cdecl

76
ExtErr(PCSTR Format, ...)

77
{

78
    va_list Args;

79


80
    va_start(Args, Format);

81
    g_ExtControl->OutputVaList(DEBUG_OUTPUT_ERROR, Format, Args);

82
    va_end(Args);

83
}

84


85
// Warning output.

86
void __cdecl

87
ExtWarn(PCSTR Format, ...)

88
{

89
    va_list Args;

90


91
    va_start(Args, Format);

92
    g_ExtControl->OutputVaList(DEBUG_OUTPUT_WARNING, Format, Args);

93
    va_end(Args);

94
}

95


96
extern "C"

97
//jc: this in the init routine. Runs on load.

98
HRESULT

99
CALLBACK

100
DebugExtensionInitialize(PULONG Version, PULONG Flags)

101
{

102
    IDebugClient *DebugClient;

103
    PDEBUG_CONTROL DebugControl;

104
    HRESULT Hr;

105


106
    *Version = DEBUG_EXTENSION_VERSION(1, 0);

107
    *Flags = 0;

108
    Hr = S_OK;

109


110
	

111


112
    if ((Hr = DebugCreate(__uuidof(IDebugClient),

113
                          (void **)&DebugClient)) != S_OK)

114
    {

115
        return Hr;

116
    }

117


118
    if ((Hr = DebugClient->QueryInterface(__uuidof(IDebugControl),

119
                                  (void **)&DebugControl)) == S_OK)

120
    {

121


122
        //

123
        // Get the windbg-style extension APIS

124
        //

125
        ExtensionApis.nSize = sizeof (ExtensionApis);

126
        Hr = DebugControl->GetWindbgExtensionApis64(&ExtensionApis);

127


128
        DebugControl->Release();

129


130
    }

131
	

132
	dprintf("[Byakugan] Successfully loaded!\n");

133
    DebugClient->Release();

134


135


136
    return (Hr);

137
}

138


139


140
//jc: this runs when the debugger is connected to a target.

141
extern "C"

142
void

143
CALLBACK

144
DebugExtensionNotify(ULONG Notify, ULONG64 Argument)

145
{

146
    UNREFERENCED_PARAMETER(Argument);

147


148
    //

149
    // The first time we actually connect to a target

150
    //

151
	/*

152
	 *New debugger extensions get new debugger interfaces by calling

153
	 *DebugCreate(__uuidof (IDebugClient), &DebugClient))

154
	 *DebugClient->QueryInterface(_uuidof(Interface_you_want)

155
	*/ 

156
    if ((Notify == DEBUG_NOTIFY_SESSION_ACCESSIBLE) && (!Connected))

157
    {

158
        IDebugClient *DebugClient;

159
        HRESULT Hr;

160
        PDEBUG_CONTROL DebugControl;

161


162
        if ((Hr = DebugCreate(__uuidof(IDebugClient),

163
                              (void **)&DebugClient)) == S_OK)

164
        {

165
            //

166
            // Get the architecture type.

167
            //

168


169
            if ((Hr = DebugClient->QueryInterface(__uuidof(IDebugControl),

170
                                       (void **)&DebugControl)) == S_OK)

171
            {

172
				//jc:QueryInterface must fill in DebugControl

173
                if ((Hr = DebugControl->GetActualProcessorType(

174
                                             &TargetMachine)) == S_OK)

175
                {

176
                    Connected = TRUE;

177
                }

178


179


180
                DebugControl->Release();

181
            }

182


183
            DebugClient->Release();

184
        }

185
    }

186


187


188
    if (Notify == DEBUG_NOTIFY_SESSION_INACTIVE)

189
    {

190
        Connected = FALSE;

191
        TargetMachine = 0;

192
    }

193


194
    return;

195
}

196


197
extern "C"

198
void

199
CALLBACK

200
DebugExtensionUninitialize(void)

201
{

202
    return;

203
}

204


205
extern "C"

206
HRESULT

207
CALLBACK

208
KnownStructOutput(

209
    __in ULONG Flag,

210
    __in ULONG64 Address,

211
    __in PSTR StructName,

212
    __out_ecount(BufferSize) PSTR Buffer,

213
    __in PULONG BufferSize

214
    )

215
{

216
    const char* KnownStructs[] = {"_LARGE_INTEGER", "_SYSTEMTIME", NULL};

217
    HRESULT Hr;

218


219


220
    Hr = S_OK;

221


222
    if (Flag == DEBUG_KNOWN_STRUCT_GET_NAMES)

223
    {

224
        //

225
        // Return names of known structs in multi string

226
        //

227
        ULONG SizeRemaining = *BufferSize, SizeNeeded = 0, Length;

228
        PCHAR CopyAt = Buffer;

229


230
        for (ULONG i=0; KnownStructs[i] != NULL; i++)

231
        {

232
            if (SizeRemaining > (Length = (ULONG)strlen(KnownStructs[i]) + 1) &&

233
                Hr == S_OK)

234
            {

235
                Hr = StringCbCopy(CopyAt, SizeRemaining, KnownStructs[i]);

236


237
                SizeRemaining -= Length;

238
                CopyAt += Length;

239
            } else

240
            {

241
                Hr = S_FALSE;

242
            }

243
            SizeNeeded += Length;

244
        }

245
        // Terminate multistring and return size copied

246
        *CopyAt = 0;

247
        *BufferSize = SizeNeeded+1;

248
    } else if (Flag == DEBUG_KNOWN_STRUCT_GET_SINGLE_LINE_OUTPUT)

249
    {

250
        if (!strcmp(StructName, KnownStructs[0]))

251
        {

252
            ULONG64 Data;

253
            ULONG ret;

254


255
            if (ReadMemory(Address, &Data, sizeof(Data), &ret))

256
            {

257
                Hr = StringCbPrintf(Buffer, *BufferSize, " { %lx`%lx }", (ULONG) (Data >> 32), (ULONG) Data);

258
            } else

259
            {

260
                Hr = E_INVALIDARG;

261
            }

262
        } else if (!strcmp(StructName, KnownStructs[1]))

263
        {

264
                SYSTEMTIME Data;

265
                ULONG ret;

266


267
                if (ReadMemory(Address, &Data, sizeof(Data), &ret))

268
                {

269
                    Hr = StringCbPrintf(Buffer, *BufferSize, " { %02ld:%02ld:%02ld %02ld/%02ld/%04ld }",

270
                                        Data.wHour,

271
                                        Data.wMinute,

272
                                        Data.wSecond,

273
                                        Data.wMonth,

274
                                        Data.wDay,

275
                                        Data.wYear);

276
                } else

277
                {

278
                    Hr = E_INVALIDARG;

279
                }

280
            } else

281
        {

282
            Hr = E_INVALIDARG;

283
        }

284
    } else if (Flag == DEBUG_KNOWN_STRUCT_SUPPRESS_TYPE_NAME)

285
    {

286
        if (!strcmp(StructName, KnownStructs[0]))

287
        {

288
            // Do not print type name for KnownStructs[0]

289
            Hr = S_OK;

290
        }

291
        else

292
        {

293
            // Print the type name

294
            Hr = S_FALSE;

295
        }

296
    } else

297
    {

298
        Hr = E_INVALIDARG;

299
    }

300
    return Hr;

301
}

302


303
extern "C"

304
HRESULT

305
_EFN_Analyze(

306
    __in PDEBUG_CLIENT4 Client,

307
    __in FA_EXTENSION_PLUGIN_PHASE CallPhase,

308
    __in PDEBUG_FAILURE_ANALYSIS2 pAnalysis

309
    )

310
{

311
    INIT_API();

312


313
// Analysis tags

314
#define FA_TAG_SAMPLE_PLUGIN_DEBUG_TEXT 0xA0000000

315


316
    ExtOut("DbgExts Analysis Phase: %lx\n", CallPhase);

317
    switch (CallPhase)

318
    {

319
    case FA_PLUGIN_STACK_ANALYSIS:

320
        pAnalysis->SetString((FA_TAG) FA_TAG_SAMPLE_PLUGIN_DEBUG_TEXT,

321
                             "Sample custom analyzer was run for this analysis.\n");

322
        break;

323
    case FA_PLUGIN_POST_BUCKETING:

324
        PFA_ENTRY Entry;

325


326
        //

327
        // Set default bucket if folowup module in dbgeng

328
        //

329
        if ((Entry = pAnalysis->Get(DEBUG_FLR_MODULE_NAME)) != NULL &&

330
            !strcmp(FA_ENTRY_DATA(PSTR, Entry), "dbgeng"))

331
        {

332
            pAnalysis->SetString(DEBUG_FLR_DEFAULT_BUCKET_ID, "AV_IN_DEBUGGER");

333
        }

334
        break;

335
    default:

336
        // do nothing

337
        EXIT_API();

338
        return S_OK;

339
    }

340
    UNREFERENCED_PARAMETER(pAnalysis);

341


342
    EXIT_API();

343
    return S_OK;

344
}

345


346


347