def InternetCrackUrl(self, emu, argv, ctx={}): """ BOOLAPI InternetCrackUrl( LPCSTR lpszUrl, DWORD dwUrlLength, DWORD dwFlags, LPURL_COMPONENTSA lpUrlComponents ); """ lpszUrl, dwUrlLength, dwFlags, lpUrlComponents = argv rv = False cw = self.get_char_width(ctx) if lpszUrl and lpUrlComponents: url = self.read_mem_string(lpszUrl, cw) argv[0] = url rv = True uc = windefs.URL_COMPONENTS(emu.get_ptr_size()) url_comp = self.mem_cast(uc, lpUrlComponents) crack = urlparse(url) if crack.scheme == "https": url_comp.nScheme = windefs.INTERNET_SCHEME_HTTPS elif crack.scheme == "http": url_comp.nScheme = windefs.INTERNET_SCHEME_HTTP if url_comp.dwHostNameLength > 0: if url_comp.lpszHostName: host = crack.netloc + "\x00" enc = self.get_encoding(cw) self.mem_write(url_comp.lpszHostName, host.encode(enc)) else: offset = url.find(crack.netloc) ptr = lpszUrl + (offset * cw) url_comp.lpszHostName = ptr url_comp.dwHostNameLength = len(crack.netloc) self.mem_write(lpUrlComponents, url_comp.get_bytes()) return rv
def WinHttpCrackUrl(self, emu, argv, ctx={}): """ BOOLAPI WinHttpCrackUrl( LPCWSTR pwszUrl, DWORD dwUrlLength, DWORD dwFlags, LPURL_COMPONENTS lpUrlComponents ); """ pwszUrl, dwUrlLength, dwFlags, lpUrlComponents = argv cw = 2 # Wide rv = False # TODO : implement flags # url = self.read_mem_string(pwszUrl, dwUrlLength) if pwszUrl and lpUrlComponents: url = self.read_mem_string(pwszUrl, cw) argv[0] = url rv = True uc = windefs.URL_COMPONENTS(emu.get_ptr_size()) url_comp = self.mem_cast(uc, lpUrlComponents) crack = urlparse(url) if crack.scheme == 'https': url_comp.nScheme = windefs.INTERNET_SCHEME_HTTPS elif crack.scheme == 'http': url_comp.nScheme = windefs.INTERNET_SCHEME_HTTP if url_comp.dwHostNameLength > 0: if url_comp.lpszHostName: host = crack.netloc + '\x00' enc = self.get_encoding(cw) self.mem_write(url_comp.lpszHostName, host.encode(enc)) else: offset = url.find(crack.netloc) ptr = pwszUrl + (offset * cw) url_comp.lpszHostName = ptr url_comp.dwHostNameLength = len(crack.netloc) self.mem_write(lpUrlComponents, url_comp.get_bytes()) return rv