renamed the project and added added a try/catch in

nasa::injector_ctx::translate so if the pml4 index isnt in the std::map
then go and get the pml4e, insert it into map_into's pml4 and also
insert the index into the std::map
master
IDontCode 4 years ago
parent b233ec7a04
commit 3db88263ac

@ -3,24 +3,15 @@ Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16 # Visual Studio Version 16
VisualStudioVersion = 16.0.30503.244 VisualStudioVersion = 16.0.30503.244
MinimumVisualStudioVersion = 10.0.40219.1 MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nasa-injector", "nasa-injector\nasa-injector.vcxproj", "{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}" Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "reverse-injector", "reverse-injector\reverse-injector.vcxproj", "{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}"
EndProject EndProject
Global Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|x64 = Debug|x64
Debug|x86 = Debug|x86
Release|x64 = Release|x64 Release|x64 = Release|x64
Release|x86 = Release|x86
EndGlobalSection EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution GlobalSection(ProjectConfigurationPlatforms) = postSolution
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Debug|x64.ActiveCfg = Debug|x64
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Debug|x64.Build.0 = Debug|x64
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Debug|x86.ActiveCfg = Debug|Win32
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Debug|x86.Build.0 = Debug|Win32
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x64.ActiveCfg = Release|x64 {ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x64.ActiveCfg = Release|x64
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x64.Build.0 = Release|x64 {ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x64.Build.0 = Release|x64
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x86.ActiveCfg = Release|Win32
{ED392663-3AF3-40DE-8AC7-2F373B3E9B45}.Release|x86.Build.0 = Release|Win32
EndGlobalSection EndGlobalSection
GlobalSection(SolutionProperties) = preSolution GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE HideSolutionNode = FALSE

@ -0,0 +1,3 @@
// Icon Resource Definition
#define MAIN_ICON 102
MAIN_ICON ICON "small.ico"

@ -5,17 +5,18 @@ namespace nasa
injector_ctx::injector_ctx(nasa::mem_ctx* map_into, nasa::mem_ctx* map_from) injector_ctx::injector_ctx(nasa::mem_ctx* map_into, nasa::mem_ctx* map_from)
: :
map_into(map_into), map_into(map_into),
map_from(map_from) map_from(map_from),
pml4_index_map{}
{} {}
injector_ctx::~injector_ctx() injector_ctx::~injector_ctx()
{ {
const auto pml4 = reinterpret_cast<ppml4e>( const auto pml4 = reinterpret_cast<ppml4e>(
this->map_into->set_page( map_into->set_page(
this->map_into->get_dirbase())); map_into->get_dirbase()));
// zero inserted pml4e's... // zero inserted pml4e's...
for (const auto [real_idx, inserted_idx] : this->pml4_index_map) for (const auto [real_idx, inserted_idx] : pml4_index_map)
pml4[inserted_idx] = pml4e{ NULL }; pml4[inserted_idx] = pml4e{ NULL };
while (!SwitchToThread()); while (!SwitchToThread());
@ -36,13 +37,13 @@ namespace nasa
std::vector<std::pair<std::uint8_t, pml4e>> present_pml4es; std::vector<std::pair<std::uint8_t, pml4e>> present_pml4es;
std::vector<std::uint8_t> empty_pml4es; std::vector<std::uint8_t> empty_pml4es;
// find present pml4e's in usermode, and also find empty pml4e's in usermode... // find present pml4e's in map_from, and also find empty pml4e's in map_into...
for (auto idx = 0u; idx < 256; ++idx) for (auto idx = 100u; idx < 256; ++idx)
{ {
if (source_pml4[idx].present) if (source_pml4[idx].present)
present_pml4es.push_back({ idx, source_pml4[idx] }); present_pml4es.push_back({ idx, source_pml4[idx] });
if (!target_pml4[idx].present) if (!target_pml4[idx].value)
empty_pml4es.push_back(idx); empty_pml4es.push_back(idx);
} }
@ -53,7 +54,7 @@ namespace nasa
// setup translation table and insert pml4e's... // setup translation table and insert pml4e's...
for (auto idx = 0u; idx < present_pml4es.size(); ++idx) for (auto idx = 0u; idx < present_pml4es.size(); ++idx)
{ {
this->pml4_index_map.insert({ present_pml4es[idx].first, empty_pml4es[idx] }); pml4_index_map.insert({ present_pml4es[idx].first, empty_pml4es[idx] });
target_pml4[empty_pml4es[idx]] = present_pml4es[idx].second; target_pml4[empty_pml4es[idx]] = present_pml4es[idx].second;
} }
return true; return true;
@ -63,7 +64,40 @@ namespace nasa
std::uintptr_t injector_ctx::translate(std::uintptr_t translate) const std::uintptr_t injector_ctx::translate(std::uintptr_t translate) const
{ {
virt_addr_t virt_addr{ reinterpret_cast<void*>(translate) }; virt_addr_t virt_addr{ reinterpret_cast<void*>(translate) };
virt_addr.pml4_index = pml4_index_map[virt_addr.pml4_index]; try
{
virt_addr.pml4_index = pml4_index_map.at(virt_addr.pml4_index);
}
catch (const std::out_of_range& e)
{
// the pml4e is not in the map so we need to go get it
// and put it inside of the map. also put it inside of
// map_into's pml4...
const auto map_into_pml4 =
reinterpret_cast<ppml4e>(
map_into->set_page(
map_into->get_dirbase()));
const auto map_from_pml4 =
reinterpret_cast<ppml4e>(
map_from->set_page(
map_from->get_dirbase()));
const auto new_pml4e =
map_from_pml4[virt_addr.pml4_index];
for (auto idx = 100u; idx < 256; ++idx)
{
if (!map_into_pml4[idx].value)
{
map_into_pml4[idx] = new_pml4e;
pml4_index_map[virt_addr.pml4_index] = idx;
virt_addr.pml4_index = idx;
break;
}
}
}
return reinterpret_cast<std::uintptr_t>(virt_addr.value); return reinterpret_cast<std::uintptr_t>(virt_addr.value);
} }
} }

@ -4,6 +4,12 @@
int __cdecl main(int argc, char** argv) int __cdecl main(int argc, char** argv)
{ {
if (argc < 3 || strcmp(argv[1], "--pid"))
{
std::printf("[!] please provide a process id... (--pid X)\n");
return false;
}
const auto [drv_handle, drv_key] = vdm::load_drv(); const auto [drv_handle, drv_key] = vdm::load_drv();
if (!drv_handle || drv_key.empty()) if (!drv_handle || drv_key.empty())
{ {
@ -49,7 +55,7 @@ int __cdecl main(int argc, char** argv)
vdm.set_read(_read_phys); vdm.set_read(_read_phys);
vdm.set_write(_write_phys); vdm.set_write(_write_phys);
nasa::mem_ctx notepad_proc(vdm, util::get_pid("notepad.exe")); nasa::mem_ctx notepad_proc(vdm, std::atoi(argv[2]));
nasa::injector_ctx injector(&my_proc, &notepad_proc); nasa::injector_ctx injector(&my_proc, &notepad_proc);
if (!injector.init()) if (!injector.init())

@ -75,14 +75,14 @@ namespace nasa
mem_ctx::~mem_ctx() mem_ctx::~mem_ctx()
{ {
set_pml4e(reinterpret_cast<::ppml4e>(get_dirbase()) + this->pml4e_index, pml4e{NULL}); const auto pml4 =
while (!SwitchToThread()); reinterpret_cast<ppml4e>(
set_page(dirbase))[pml4e_index] = pml4e{ NULL };
} }
void* mem_ctx::set_page(void* addr) void* mem_ctx::set_page(void* addr)
{ {
// table entry change. // table entry change.
{
++pte_index; ++pte_index;
if (pte_index >= 511) if (pte_index >= 511)
{ {
@ -98,7 +98,6 @@ namespace nasa
if (pdpte_index >= 511) if (pdpte_index >= 511)
pdpte_index = 0; pdpte_index = 0;
}
pdpte new_pdpte = { NULL }; pdpte new_pdpte = { NULL };
new_pdpte.present = true; new_pdpte.present = true;

@ -1,14 +1,6 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations"> <ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|Win32">
<Configuration>Debug</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Release|Win32">
<Configuration>Release</Configuration>
<Platform>Win32</Platform>
</ProjectConfiguration>
<ProjectConfiguration Include="Debug|x64"> <ProjectConfiguration Include="Debug|x64">
<Configuration>Debug</Configuration> <Configuration>Debug</Configuration>
<Platform>x64</Platform> <Platform>x64</Platform>
@ -24,21 +16,9 @@
<ProjectGuid>{ed392663-3af3-40de-8ac7-2f373b3e9b45}</ProjectGuid> <ProjectGuid>{ed392663-3af3-40de-8ac7-2f373b3e9b45}</ProjectGuid>
<RootNamespace>nasainjector</RootNamespace> <RootNamespace>nasainjector</RootNamespace>
<WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion> <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
<ProjectName>reverse-injector</ProjectName>
</PropertyGroup> </PropertyGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>false</UseDebugLibraries>
<PlatformToolset>v142</PlatformToolset>
<WholeProgramOptimization>true</WholeProgramOptimization>
<CharacterSet>Unicode</CharacterSet>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType> <ConfigurationType>Application</ConfigurationType>
<UseDebugLibraries>true</UseDebugLibraries> <UseDebugLibraries>true</UseDebugLibraries>
@ -57,12 +37,6 @@
</ImportGroup> </ImportGroup>
<ImportGroup Label="Shared"> <ImportGroup Label="Shared">
</ImportGroup> </ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup>
<ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup> </ImportGroup>
@ -70,46 +44,12 @@
<Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" /> <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
</ImportGroup> </ImportGroup>
<PropertyGroup Label="UserMacros" /> <PropertyGroup Label="UserMacros" />
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<LinkIncremental>true</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<LinkIncremental>false</LinkIncremental>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<LinkIncremental>true</LinkIncremental> <LinkIncremental>true</LinkIncremental>
</PropertyGroup> </PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<LinkIncremental>false</LinkIncremental> <LinkIncremental>false</LinkIncremental>
</PropertyGroup> </PropertyGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
<ClCompile>
<WarningLevel>Level3</WarningLevel>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>true</IntrinsicFunctions>
<SDLCheck>true</SDLCheck>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<ConformanceMode>true</ConformanceMode>
</ClCompile>
<Link>
<SubSystem>Console</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
<GenerateDebugInformation>true</GenerateDebugInformation>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile> <ClCompile>
<WarningLevel>Level3</WarningLevel> <WarningLevel>Level3</WarningLevel>
@ -158,6 +98,9 @@
<ClInclude Include="vdm\vdm.hpp" /> <ClInclude Include="vdm\vdm.hpp" />
<ClInclude Include="vdm_ctx\vdm_ctx.hpp" /> <ClInclude Include="vdm_ctx\vdm_ctx.hpp" />
</ItemGroup> </ItemGroup>
<ItemGroup>
<ResourceCompile Include="icon.rc" />
</ItemGroup>
<Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
<ImportGroup Label="ExtensionTargets"> <ImportGroup Label="ExtensionTargets">
</ImportGroup> </ImportGroup>

@ -56,4 +56,9 @@
<Filter>Header Files</Filter> <Filter>Header Files</Filter>
</ClInclude> </ClInclude>
</ItemGroup> </ItemGroup>
<ItemGroup>
<ResourceCompile Include="icon.rc">
<Filter>Header Files</Filter>
</ResourceCompile>
</ItemGroup>
</Project> </Project>

Binary file not shown.

After

Width:  |  Height:  |  Size: 134 KiB

Loading…
Cancel
Save