fix up
This commit is contained in:
huoji
@@ -10,6 +10,7 @@
|
||||
#define SF_MASK (1 << 7)
|
||||
#define OF_MASK (1 << 11)
|
||||
#define ALL_MASK (OF_MASK | SF_MASK | ZF_MASK | PF_MASK | CF_MASK)
|
||||
// 随便瞎JB写的
|
||||
#define STACK_BASE_64 0x14A0000
|
||||
#define STACK_BASE_32 0x14A0000
|
||||
#define STACK_SIZE_64 0x40000
|
||||
@@ -18,6 +19,7 @@
|
||||
#define HEAP_SIZE_64 0x5000000
|
||||
#define HEAP_ADDRESS_32 0x5000000
|
||||
#define HEAP_SIZE_32 0x5000000
|
||||
#define ENV_BLOCK_BASE 0x50000
|
||||
|
||||
#define PEB_BASE 0x90000
|
||||
#define TEB_BASE 0x90000
|
||||
@@ -93,6 +95,11 @@ class Sandbox {
|
||||
auto GetCommandLine() const -> const char* { return m_commandLine.c_str(); }
|
||||
auto GetCommandLineAddress() const -> uint64_t { return CMDLINE_ADDRESS; }
|
||||
auto GetCommandLineWAddress() const -> uint64_t { return CMDLINEW_ADDRESS; }
|
||||
auto GetEnvStrings() const -> std::vector<std::wstring> {
|
||||
return envStrings;
|
||||
}
|
||||
auto GetEnvString() -> std::vector<wchar_t>;
|
||||
auto GetEnvStringsSize() -> size_t;
|
||||
auto InitCommandLine() -> void;
|
||||
|
||||
// 堆管理相关的公共方法
|
||||
@@ -102,6 +109,7 @@ class Sandbox {
|
||||
auto FindHeapSegment(uint64_t address) -> HeapSegment*;
|
||||
auto MergeBlocks(HeapBlock* block) -> void;
|
||||
auto SplitBlock(HeapBlock* block, size_t size) -> void;
|
||||
auto GetEnvBlockBase() const -> uint64_t { return m_envBlockBase; }
|
||||
std::map<uint64_t, HeapSegment*> m_heapSegments; // 堆段映射表
|
||||
|
||||
private:
|
||||
@@ -119,6 +127,7 @@ class Sandbox {
|
||||
uint64_t m_heapSize;
|
||||
uint64_t m_heapEnd;
|
||||
uint64_t m_fakeBase;
|
||||
uint64_t m_envBlockBase;
|
||||
struct_gs_base m_gsBaseStruct = {0};
|
||||
X64TEB m_teb64 = {0};
|
||||
X64PEB m_peb64 = {0};
|
||||
@@ -131,7 +140,32 @@ class Sandbox {
|
||||
std::vector<std::shared_ptr<struct_moudle>> m_moduleList;
|
||||
std::map<std::string, std::shared_ptr<_fakeApi>> api_map;
|
||||
std::string m_commandLine; // 存储命令行字符串
|
||||
|
||||
// 创建一些基本的环境变量
|
||||
std::vector<std::wstring> envStrings = {
|
||||
L"ALLUSERSPROFILE=C:\\ProgramData",
|
||||
L"APPDATA=C:\\Users\\User\\AppData\\Roaming",
|
||||
L"CommonProgramFiles=C:\\Program Files\\Common Files",
|
||||
L"COMPUTERNAME=DESKTOP",
|
||||
L"ComSpec=C:\\Windows\\system32\\cmd.exe",
|
||||
L"HOMEDRIVE=C:",
|
||||
L"HOMEPATH=\\Users\\User",
|
||||
L"LOCALAPPDATA=C:\\Users\\User\\AppData\\Local",
|
||||
L"NUMBER_OF_PROCESSORS=8",
|
||||
L"OS=Windows_NT",
|
||||
L"Path=C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem",
|
||||
L"PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC",
|
||||
L"PROCESSOR_ARCHITECTURE=AMD64",
|
||||
L"ProgramData=C:\\ProgramData",
|
||||
L"ProgramFiles=C:\\Program Files",
|
||||
L"PROMPT=$P$G",
|
||||
L"SystemDrive=C:",
|
||||
L"SystemRoot=C:\\Windows",
|
||||
L"TEMP=C:\\Users\\User\\AppData\\Local\\Temp",
|
||||
L"TMP=C:\\Users\\User\\AppData\\Local\\Temp",
|
||||
L"USERDOMAIN=DESKTOP",
|
||||
L"USERNAME=User",
|
||||
L"USERPROFILE=C:\\Users\\User",
|
||||
L"windir=C:\\Windows"};
|
||||
auto ResoveImport() -> void;
|
||||
auto SetupVirtualMachine() -> void;
|
||||
auto PushModuleToVM(const char* dllName, uint64_t moduleBase) -> void;
|
||||
|
||||
Reference in New Issue
Block a user