def do_copy_execute(line):
'''Copy a file from host to guest, execute it, and pause VM on its EP - Custom command
This command will first use the guest agent to copy a file to the guest
and execute if afterwards.
This file will be set as target, so that the script will start monitoring
context changes and retrieve the module entry point as soon as it is
available in memory. Then it will place a breakpoint on the entry point.
'''
global pyrebox_print
global target_procname
from plugins.guest_agent import guest_agent
pyrebox_print("Copying host file to guest, using agent...")
# Copy the specified file to C:\\temp.exe in the guest
guest_agent.copy_file(line.strip(), "C:\\temp.exe")
# Execute the file
guest_agent.execute_file("C:\\temp.exe")
# stop_agent() does not only kill the agent, but it also
# disables the agent plugin. Invalid opcodes
# are not treated as agent commands any more, so this call
# improves transparency.
guest_agent.stop_agent()
# Set target proc name:
target_procname = "temp.exe"
pyrebox_print("Waiting for process %s to start\n" % target_procname)
def do_copy_execute(line):
'''Copy a file from host to guest, execute it, and pause VM on its EP - Custom command
This command will first use the guest agent to copy a file to the guest
and execute if afterwards.
This file will be set as target, so that the script will start monitoring
context changes and retrieve the module entry point as soon as it is
available in memory. Then it will place a breakpoint on the entry point.
'''
global pyrebox_print
global target_procname
from plugins.guest_agent import guest_agent
pyrebox_print("Copying host file to guest, using agent...")
# Copy the specified file to C:\\temp.exe in the guest
guest_agent.copy_file(line.strip(), "C:\\temp.exe")
# Execute the file
guest_agent.execute_file("C:\\temp.exe")
# stop_agent() does not only kill the agent, but it also
# disables the agent plugin. Invalid opcodes
# are not treated as agent commands any more, so this call
# improves transparency.
guest_agent.stop_agent()
# Set target proc name:
target_procname = "temp.exe"
pyrebox_print("Waiting for process %s to start\n" % target_procname)
def initialize_callbacks(module_hdl, printer):
'''
Initialize callbacks for this module. This function
will be triggered whenever import_module command
is triggered.
'''
from api import CallbackManager
from plugins.guest_agent import guest_agent
global cm
global pyrebox_print
global target_procname
global autorun_module_handle
autorun_module_handle = module_hdl
pyrebox_print = printer
pyrebox_print("[*] Reading configuration file")
#Read AutoRun configuration file (json)
f = open(os.environ["AUTORUN_CONF_PATH"], "r")
conf = json.load(f)
f.close()
kws = [
"container_path", "main_executable_file", "extract_path", "temp_path",
"preserve_filenames"
]
for k in kws:
if k not in conf:
pyrebox_print(
"The configuration file does not contain the necessary keywords"
)
return
# Initialize process creation callback
pyrebox_print("[*] Initializing callbacks")
cm = CallbackManager(module_hdl, new_style=True)
cm.add_callback(CallbackManager.CREATEPROC_CB,
new_proc,
name="vmi_new_proc")
pyrebox_print("[*] Initialized callbacks")
# Copy target file to guest, and execute it
pyrebox_print("Copying host file to guest, using agent...")
temp_dnames = []
if "container_path" in conf and tarfile.is_tarfile(conf["container_path"]):
# For each file in the tar file, extract to a temporary file,
# and copy to the VM with the appropriate file name.
extracted_files = {}
tar = tarfile.open(conf["container_path"], "r:gz")
# Get file names inside the tar file
for tarinfo in tar:
extracted_files[tarinfo.name] = None
# Extract each file into a temporary file
for fname in extracted_files.keys():
temp_dname = tempfile.mkdtemp(dir=conf["temp_path"])
temp_dnames.append(temp_dname)
tar.extract(fname, path=temp_dname)
extracted_files[fname] = os.path.join(temp_dname, fname)
tar.close()
# Copy files to the VM
for fname, temp_fname in extracted_files.iteritems():
# Copy the specified file to C:\\temp.exe in the guest
if conf["preserve_filenames"]:
guest_agent.copy_file(temp_fname, conf["extract_path"] + fname)
else:
guest_agent.copy_file(temp_fname,
conf["extract_path"] + "file.exe")
conf["main_executable_file"] = "file.exe"
# Execute the file. We set a callback to signal this script that
# the files have already been copied and can be deleted
f = functools.partial(files_copied_callback, temp_dnames)
guest_agent.execute_file(conf["extract_path"] +
conf["main_executable_file"],
callback=f)
# stop_agent() does not only kill the agent, but it also
# disables the agent plugin. Invalid opcodes
# are not treated as agent commands any more, so this call
# improves transparency.
guest_agent.stop_agent()
# Set target proc name:
target_procname = conf["main_executable_file"]
pyrebox_print("Waiting for process %s to start\n" % target_procname)
pyrebox_print("Module loaded: %d" % module_hdl)