CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
CoCalc provides the best real-time collaborative environment for Jupyter Notebooks, LaTeX documents, and SageMath, scalable from individual users to large groups and classes!
Path: blob/master/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb
Views: 1904
# -*- coding: binary -*-12require 'rex/post/thread'3require 'rex/post/meterpreter/client'4require 'rex/post/meterpreter/extensions/stdapi/constants'56module Rex7module Post8module Meterpreter9module Extensions10module Stdapi11module Sys1213##14#15# This class implements the Rex::Post::Thread interface which16# wrappers a logical thread for a given process.17#18##19class Thread < Rex::Post::Thread2021include Rex::Post::Meterpreter::ObjectAliasesContainer2223##24#25# Constructor26#27##2829#30# Initialize the thread instance.31#32def initialize(process, handle, tid)33self.process = process34self.handle = handle35self.tid = tid3637# Ensure the remote object is closed when all references are removed38ObjectSpace.define_finalizer(self, self.class.finalize(process.client, handle))39end4041def self.finalize(client,handle)42proc do43deferred_close_proc = proc do44begin45self.close(client, handle)46rescue => e47elog("finalize method for thread failed", error: e)48end49end5051# Schedule the finalizing logic out-of-band; as this logic might be called in the context of a Signal.trap, which can't synchronize mutexes52client.framework.sessions.schedule(deferred_close_proc)53end54end5556##57#58# Execution59#60##6162#63# Suspends the thread's execution.64#65def suspend66request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND)6768request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)6970process.client.send_request(request)7172return true73end7475#76# Resumes the thread's execution.77#78def resume79request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME)8081request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)8283process.client.send_request(request)8485return true86end8788#89# Terminates the thread's execution.90#91def terminate(code)92request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE)9394request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)95request.add_tlv(TLV_TYPE_EXIT_CODE, code)9697process.client.send_request(request)9899return true100end101102##103#104# Register manipulation105#106##107108#109# Queries the register state of the thread.110#111def query_regs112request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS)113regs = {}114115request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)116117response = process.client.send_request(request)118119response.each(TLV_TYPE_REGISTER) { |reg|120regs[reg.get_tlv_value(TLV_TYPE_REGISTER_NAME)] = reg.get_tlv_value(TLV_TYPE_REGISTER_VALUE_32)121}122123return regs124end125126#127# Sets the register state of the thread. The registers are supplied128# in the form of a hash.129#130def set_regs(regs_hash)131request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS)132133request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)134135# Add all of the register that we're setting136regs_hash.each_key { |name|137t = request.add_tlv(TLV_TYPE_REGISTER)138139t.add_tlv(TLV_TYPE_REGISTER_NAME, name)140t.add_tlv(TLV_TYPE_REGISTER_VALUE_32, regs_hash[name])141}142143process.client.send_request(request)144145return true146end147148#149# Formats the registers in a pretty way.150#151def pretty_regs152regs = query_regs153154buf = sprintf("eax=%.8x ebx=%.8x ecx=%.8x edx=%.8x esi=%.8x edi=%.8x\n",155regs['eax'], regs['ebx'], regs['ecx'], regs['edx'], regs['esi'], regs['edi'])156buf += sprintf("eip=%.8x esp=%.8x ebp=%.8x\n",157regs['eip'], regs['esp'], regs['ebp'])158buf += sprintf("cs=%.4x ss=%.4x ds=%.4x es=%.4x fs=%.4x gs=%.4x\n",159regs['cs'], regs['ss'], regs['ds'], regs['es'], regs['fs'], regs['gs'])160161return buf162end163164##165#166# Closure167#168##169170#171# Closes the thread handle.172#173def self.close(client, handle)174request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE)175request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)176client.send_request(request, nil)177handle = nil178return true179end180181# Instance method182def close183unless self.handle.nil?184ObjectSpace.undefine_finalizer(self)185self.class.close(self.process.client, self.handle)186self.handle = nil187end188end189190attr_reader :process, :handle, :tid # :nodoc:191protected192attr_writer :process, :handle, :tid # :nodoc:193194end195196end; end; end; end; end; end197198199