Example #1
0
    def CreateFile(self, proc, argv, ctx={}):
        '''
        HANDLE CreateFile(
          LPTSTR                lpFileName,
          DWORD                 dwDesiredAccess,
          DWORD                 dwShareMode,
          LPSECURITY_ATTRIBUTES lpSecurityAttributes,
          DWORD                 dwCreationDisposition,
          DWORD                 dwFlagsAndAttributes,
          HANDLE                hTemplateFile
        );
        '''
        pFileName, access, share, secAttr, disp, flags, template = argv

        # ADD:
        # convert pFileName to full path

        cw = common.get_char_width(ctx)
        f_name = proc.read_string(pFileName, cw)

        volume_name, path, file_name = parse_file_fullpath(f_name)
        if not volume_name:
            # this is relative path
            f_name = emu_path_join(self.win_emu.emu_home_dir, f_name)
            fp = convert_winpath_to_emupath(f_name)
            f_name = emu_path_join(fp["vl"], fp["ps"])

        hFile = self.win_emu.obj_manager.get_object_handle(
            'File', f_name, access, disp, share, flags)

        return hFile
Example #2
0
    def InternetOpen(self, proc, argv, ctx={}):
        """
        void InternetOpenA(
          LPTSTR lpszAgent,
          DWORD  dwAccessType,
          LPTSTR lpszProxy,
          LPTSTR lpszProxyBypass,
          DWORD  dwFlags
        );
        """
        ua, access, proxy, bypass, flags = argv

        cw = common.get_char_width(ctx)
        if ua:
            ua = common.read_mem_string(proc.uc_eng, ua, cw)
            argv[0] = ua
        if proxy:
            proxy = common.read_mem_string(proc.uc_eng, proxy, cw)
            argv[2] = proxy
        if bypass:
            bypass = common.read_mem_string(proc.uc_eng, bypass, cw)
            argv[3] = bypass

        inet_handle = proc.emu.net_manager.create_inet_inst(ua, proxy, bypass)
        return inet_handle
Example #3
0
    def InternetOpen(self, proc, argv, ctx={}):
        """
        void InternetOpenA(
            LPTSTR lpszAgent,
            DWORD  dwAccessType,
            LPTSTR lpszProxy,
            LPTSTR lpszProxyBypass,
            DWORD  dwFlags
        );
        """
        ua, access, proxy, bypass, flags = argv

        cw = common.get_char_width(ctx)
        if ua:
            ua = proc.read_string(ua, cw)
            argv[0] = ua
        if proxy:
            proxy = proc.read_string(proxy, cw)
            argv[2] = proxy
        if bypass:
            bypass = proc.read_string(bypass, cw)
            argv[3] = bypass

        inet_handle = self.win_emu.obj_manager.get_object_handle(
            'WinHttpSession', ua, proxy, bypass)

        return inet_handle
Example #4
0
    def LoadLibraryEx(self, proc, argv, ctx={}):
        '''HMODULE LoadLibraryExA(
            LPCSTR lpLibFileName,
            HANDLE hFile,
            DWORD  dwFlags
        );'''

        pLib_name, _, dwFlags = argv

        cw = common.get_char_width(ctx)
        lib_name = proc.read_string(pLib_name, cw)
        lib_name = ApiHandler.api_set_schema(lib_name)
        hmod = proc.load_library(lib_name)

        flags = {
            0x1: 'DONT_RESOLVE_DLL_REFERENCES',
            0x10: 'LOAD_IGNORE_CODE_AUTHZ_LEVEL',
            0x2: 'LOAD_LIBRARY_AS_DATAFILE',
            0x40: 'LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE',
            0x20: 'LOAD_LIBRARY_AS_IMAGE_RESOURCE',
            0x200: 'LOAD_LIBRARY_SEARCH_APPLICATION_DIR',
            0x1000: 'LOAD_LIBRARY_SEARCH_DEFAULT_DIRS',
            0x100: 'LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR',
            0x800: 'LOAD_LIBRARY_SEARCH_SYSTEM32',
            0x400: 'LOAD_LIBRARY_SEARCH_USER_DIRS',
            0x8: 'LOAD_WITH_ALTERED_SEARCH_PATH',
        }

        pretty_flags = ' | '.join(
            [name for bit, name in flags.items() if dwFlags & bit])

        return hmod
Example #5
0
 def OutputDebugString(self, proc, argv, ctx={}):
     '''
     void OutputDebugStringA(
         LPCSTR lpOutputString
     );
     '''
     _str, = argv
     cw = common.get_char_width(ctx)
     argv[0] = common.read_mem_string(proc.uc_eng, _str, cw)
Example #6
0
    def LoadLibrary(self, proc, argv, ctx={}):
        '''HMODULE LoadLibrary(
            LPTSTR lpLibFileName
        );'''

        pLib_name, = argv
        hmod = win_const.NULL

        cw = common.get_char_width(ctx)
        mod_name = proc.read_string(pLib_name, cw)
        mod_name = ApiHandler.api_set_schema(mod_name)

        return self.win_emu.load_library(mod_name)
Example #7
0
    def LoadLibrary(self, proc, argv, ctx={}):
        '''HMODULE LoadLibrary(
            LPTSTR lpLibFileName
        );'''

        lib_name, = argv
        hmod = windefs.NULL

        cw = common.get_char_width(ctx)
        req_lib = common.read_mem_string(proc.uc_eng, lib_name, cw)
        lib = ApiHandler.api_set_schema(req_lib)

        hmod = proc.load_library(lib)
        argv[0] = req_lib

        return hmod
Example #8
0
    def lstrlen(self, proc, argv, ctx={}):
        '''
        int lstrlen(
            LPCSTR lpString
        );
        '''
        src, = argv
        try:
            cw = common.get_char_width(ctx)
        except Exception:
            cw = 1
        s = common.read_mem_string(proc.uc_eng, src, cw)

        argv[0] = s

        return len(s)
Example #9
0
 def StrStr(self, proc, argv, ctx={}):
     '''
     PCSTR StrStrA(
         PCSTR pszFirst,
         PCSTR pszSrch
     );
     '''
     pTargStr, pSrchStr = argv
     cw = common.get_char_width(ctx)
     targ_str = proc.read_string(pTargStr, cw)
     srch_str = proc.read_string(pSrchStr, cw)
     idx = targ_str.find(srch_str)
     
     if idx == -1:
         return 0
     return idx
Example #10
0
    def URLDownloadToFile(self, proc, argv, ctx={}):
        """
        HRESULT URLDownloadToFile(
                    LPUNKNOWN            pCaller,
                    LPCTSTR              szURL,
                    LPCTSTR              szFileName,
                    DWORD                dwReserved,
                    LPBINDSTATUSCALLBACK lpfnCB
        );
        """
        pCaller, szURL, szFileName, dwReserved, lpfnCB = argv

        cw = common.get_char_width(ctx)

        if szURL:
            url = proc.read_string(szURL, cw)
            argv[1] = url
            ps_url = urlparse(url)

        if szFileName:
            name = proc.read_string(szFileName, cw)
            argv[2] = name

        inet_inst_handle = self.win_emu.net_manager.create_inet_inst(
            agent="Mozilla")
        if ps_url.scheme == "https":
            port = 443
        if ps_url.scheme == "http":
            port = 80

        http_conn_handle = self.win_emu.net_manager.create_connection(
            inet_inst_handle, host=ps_url.netloc, port=port)
        if not http_conn_handle or http_conn_handle == 0xFFFFFFFF:
            rv = INET_E_DOWNLOAD_FAILURE
        else:
            http_req_handle = self.win_emu.net_manager.create_http_request(
                http_conn_handle, url)

            self.win_emu.net_manager.send_http_request(http_req_handle, None)
            rv = ERROR_SUCCESS
            buf = self.win_emu.net_manager.recv_http_response(
                http_req_handle, 0)

        return rv
Example #11
0
    def LoadLibraryEx(self, proc, argv, ctx={}):
        '''HMODULE LoadLibraryExA(
            LPCSTR lpLibFileName,
            HANDLE hFile,
            DWORD  dwFlags
        );'''

        lib_name, _, dwFlags = argv

        hmod = 0

        cw = common.get_char_width(ctx)
        req_lib = common.read_mem_string(proc.uc_eng, lib_name, cw)
        lib = ApiHandler.api_set_schema(req_lib)

        hmod = proc.load_library(lib)

        flags = {
            0x1: 'DONT_RESOLVE_DLL_REFERENCES',
            0x10: 'LOAD_IGNORE_CODE_AUTHZ_LEVEL',
            0x2: 'LOAD_LIBRARY_AS_DATAFILE',
            0x40: 'LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE',
            0x20: 'LOAD_LIBRARY_AS_IMAGE_RESOURCE',
            0x200: 'LOAD_LIBRARY_SEARCH_APPLICATION_DIR',
            0x1000: 'LOAD_LIBRARY_SEARCH_DEFAULT_DIRS',
            0x100: 'LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR',
            0x800: 'LOAD_LIBRARY_SEARCH_SYSTEM32',
            0x400: 'LOAD_LIBRARY_SEARCH_USER_DIRS',
            0x8: 'LOAD_WITH_ALTERED_SEARCH_PATH',
        }

        pretty_flags = ' | '.join([name for bit, name in flags.items() if dwFlags & bit])

        argv[0] = req_lib
        argv[1] = argv[1]
        argv[2] = pretty_flags

        if not hmod:
            proc.set_last_error(windefs.ERROR_MOD_NOT_FOUND)

        return hmod
Example #12
0
    def GetTempPath(self, proc, argv, ctx={}):
        '''
        DWORD GetTempPathA(
        DWORD nBufferLength,
        LPSTR lpBuffer
        );
        '''

        nBufferLength, lpBuffer = argv
        rv = 0
        cw = common.get_char_width(ctx)
        tempdir = common.get_env(proc.emu).get('temp', 'C:\\Windows\\temp\\')
        if cw == 2:
            new = (tempdir).encode('utf-16le') + b'\x00\x00'
        else:
            new = (tempdir).encode('utf-8') + b'\x00'
        rv = len(tempdir)
        if lpBuffer:
            argv[1] = tempdir
            proc.uc_eng.mem_write(lpBuffer, new)
        return rv
Example #13
0
    def CreateFile(self, proc, argv, ctx={}):
        '''
        HANDLE CreateFile(
          LPTSTR                lpFileName,
          DWORD                 dwDesiredAccess,
          DWORD                 dwShareMode,
          LPSECURITY_ATTRIBUTES lpSecurityAttributes,
          DWORD                 dwCreationDisposition,
          DWORD                 dwFlagsAndAttributes,
          HANDLE                hTemplateFile
        );
        '''
        pFileName, access, share, secAttr, disp, flags, template = argv
        
        cw = common.get_char_width(ctx)
        f_name = common.read_mem_string(proc.uc_eng, pFileName, cw)
        py_io_mode = proc.emu.fs_manager.convert_io_mode(f_name, access, disp)

        file_handle = proc.emu.fs_manager.create_file(f_name, py_io_mode)

        return file_handle