lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb

# -*- coding: binary -*-

require 'rex/post/thread'
require 'rex/post/meterpreter/client'
require 'rex/post/meterpreter/extensions/stdapi/constants'

module Rex
module Post
module Meterpreter
module Extensions
module Stdapi
module Sys

##
#
# This class implements the Rex::Post::Thread interface which
# wrappers a logical thread for a given process.
#
##
class Thread < Rex::Post::Thread

  include Rex::Post::Meterpreter::ObjectAliasesContainer

  ##
  #
  # Constructor
  #
  ##

  #
  # Initialize the thread instance.
  #
  def initialize(process, handle, tid)
    self.process = process
    self.handle  = handle
    self.tid     = tid

    # Ensure the remote object is closed when all references are removed
    ObjectSpace.define_finalizer(self, self.class.finalize(process.client, handle))
  end

  def self.finalize(client,handle)
    proc do
      deferred_close_proc = proc do
        begin
          self.close(client, handle)
        rescue => e
          elog("finalize method for thread failed", error: e)
        end
      end

      # Schedule the finalizing logic out-of-band; as this logic might be called in the context of a Signal.trap, which can't synchronize mutexes
      client.framework.sessions.schedule(deferred_close_proc)
    end
  end

  ##
  #
  # Execution
  #
  ##

  #
  # Suspends the thread's execution.
  #
  def suspend
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND)

    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)

    process.client.send_request(request)

    return true
  end

  #
  # Resumes the thread's execution.
  #
  def resume
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME)

    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)

    process.client.send_request(request)

    return true
  end

  #
  # Terminates the thread's execution.
  #
  def terminate(code)
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE)

    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
    request.add_tlv(TLV_TYPE_EXIT_CODE, code)

    process.client.send_request(request)

    return true
  end

  ##
  #
  # Register manipulation
  #
  ##

  #
  # Queries the register state of the thread.
  #
  def query_regs
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS)
    regs    = {}

    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)

    response = process.client.send_request(request)

    response.each(TLV_TYPE_REGISTER) { |reg|
      regs[reg.get_tlv_value(TLV_TYPE_REGISTER_NAME)] = reg.get_tlv_value(TLV_TYPE_REGISTER_VALUE_32)
    }

    return regs
  end

  #
  # Sets the register state of the thread.  The registers are supplied
  # in the form of a hash.
  #
  def set_regs(regs_hash)
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS)

    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)

    # Add all of the register that we're setting
    regs_hash.each_key { |name|
      t = request.add_tlv(TLV_TYPE_REGISTER)

      t.add_tlv(TLV_TYPE_REGISTER_NAME, name)
      t.add_tlv(TLV_TYPE_REGISTER_VALUE_32, regs_hash[name])
    }

    process.client.send_request(request)

    return true
  end

  #
  # Formats the registers in a pretty way.
  #
  def pretty_regs
    regs = query_regs

    buf  = sprintf("eax=%.8x ebx=%.8x ecx=%.8x edx=%.8x esi=%.8x edi=%.8x\n",
                   regs['eax'], regs['ebx'], regs['ecx'], regs['edx'], regs['esi'], regs['edi'])
    buf += sprintf("eip=%.8x esp=%.8x ebp=%.8x\n",
                   regs['eip'], regs['esp'], regs['ebp'])
    buf += sprintf("cs=%.4x ss=%.4x ds=%.4x es=%.4x fs=%.4x gs=%.4x\n",
                   regs['cs'], regs['ss'], regs['ds'], regs['es'], regs['fs'], regs['gs'])

    return buf
  end

  ##
  #
  # Closure
  #
  ##

  #
  # Closes the thread handle.
  #
  def self.close(client, handle)
    request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE)
    request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)
    client.send_request(request, nil)
    handle = nil
    return true
  end

  # Instance method
  def close
    unless self.handle.nil?
      ObjectSpace.undefine_finalizer(self)
      self.class.close(self.process.client, self.handle)
      self.handle = nil
    end
  end

  attr_reader :process, :handle, :tid # :nodoc:
protected
  attr_writer :process, :handle, :tid # :nodoc:

end

end; end; end; end; end; end
Mark all libraries as defaulting to 8-bit strings 2012-06-29 00:18:28 -05:00			`# -- coding: binary --`
thread stuff 2005-04-16 07:29:06 +00:00
mass require moving of /lib 2005-07-09 21:18:49 +00:00			`require 'rex/post/thread'`
			`require 'rex/post/meterpreter/client'`
			`require 'rex/post/meterpreter/extensions/stdapi/constants'`
thread stuff 2005-04-16 07:29:06 +00:00
			`module Rex`
			`module Post`
			`module Meterpreter`
			`module Extensions`
			`module Stdapi`
			`module Sys`

			`##`
			`#`
msftidy run 2011-11-20 11:39:27 +11:00			`# This class implements the Rex::Post::Thread interface which`
thread stuff 2005-04-16 07:29:06 +00:00			`# wrappers a logical thread for a given process.`
			`#`
			`##`
			`class Thread < Rex::Post::Thread`

			`include Rex::Post::Meterpreter::ObjectAliasesContainer`

			`##`
			`#`
			`# Constructor`
			`#`
			`##`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Initialize the thread instance.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def initialize(process, handle, tid)`
			`self.process = process`
			`self.handle = handle`
			`self.tid = tid`
Fixup finalizers to not double-close Meterpreter objects 2016-03-02 21:43:51 -06:00
			`# Ensure the remote object is closed when all references are removed`
			`ObjectSpace.define_finalizer(self, self.class.finalize(process.client, handle))`
Fixes #2070 by adding finalizers to process, event, thread, registry, and channels. 2010-10-16 19:39:11 +00:00			`end`

			`def self.finalize(client,handle)`
Add exception handling for finalizer methods 2023-02-07 16:43:18 +00:00			`proc do`
Fix ruby 3.1 crashes when garbage collecting meterpreter resources 2023-05-05 13:50:38 +01:00			`deferred_close_proc = proc do`
			`begin`
			`self.close(client, handle)`
			`rescue => e`
			`elog("finalize method for thread failed", error: e)`
			`end`
Add exception handling for finalizer methods 2023-02-07 16:43:18 +00:00			`end`
Fix ruby 3.1 crashes when garbage collecting meterpreter resources 2023-05-05 13:50:38 +01:00
			`# Schedule the finalizing logic out-of-band; as this logic might be called in the context of a Signal.trap, which can't synchronize mutexes`
			`client.framework.sessions.schedule(deferred_close_proc)`
Add exception handling for finalizer methods 2023-02-07 16:43:18 +00:00			`end`
thread stuff 2005-04-16 07:29:06 +00:00			`end`

			`##`
			`#`
			`# Execution`
			`#`
			`##`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Suspends the thread's execution.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def suspend`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`process.client.send_request(request)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`return true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Resumes the thread's execution.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def resume`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`process.client.send_request(request)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`return true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Terminates the thread's execution.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def terminate(code)`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
			`request.add_tlv(TLV_TYPE_EXIT_CODE, code)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`process.client.send_request(request)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`return true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`##`
			`#`
			`# Register manipulation`
			`#`
			`##`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Queries the register state of the thread.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def query_regs`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS)`
thread stuff 2005-04-16 07:29:06 +00:00			`regs = {}`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`response = process.client.send_request(request)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`response.each(TLV_TYPE_REGISTER) { \|reg\|`
			`regs[reg.get_tlv_value(TLV_TYPE_REGISTER_NAME)] = reg.get_tlv_value(TLV_TYPE_REGISTER_VALUE_32)`
			`}`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`return regs`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`# Sets the register state of the thread. The registers are supplied`
			`# in the form of a hash.`
major doc update 2005-11-15 05:22:13 +00:00			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def set_regs(regs_hash)`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`# Add all of the register that we're setting`
			`regs_hash.each_key { \|name\|`
			`t = request.add_tlv(TLV_TYPE_REGISTER)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`t.add_tlv(TLV_TYPE_REGISTER_NAME, name)`
			`t.add_tlv(TLV_TYPE_REGISTER_VALUE_32, regs_hash[name])`
			`}`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`process.client.send_request(request)`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`return true`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Formats the registers in a pretty way.`
			`#`
thread stuff 2005-04-16 07:29:06 +00:00			`def pretty_regs`
			`regs = query_regs`
Retab lib 2013-08-30 16:28:33 -05:00
msftidy run 2011-11-20 11:39:27 +11:00			`buf = sprintf("eax=%.8x ebx=%.8x ecx=%.8x edx=%.8x esi=%.8x edi=%.8x\n",`
thread stuff 2005-04-16 07:29:06 +00:00			`regs['eax'], regs['ebx'], regs['ecx'], regs['edx'], regs['esi'], regs['edi'])`
			`buf += sprintf("eip=%.8x esp=%.8x ebp=%.8x\n",`
			`regs['eip'], regs['esp'], regs['ebp'])`
			`buf += sprintf("cs=%.4x ss=%.4x ds=%.4x es=%.4x fs=%.4x gs=%.4x\n",`
			`regs['cs'], regs['ss'], regs['ds'], regs['es'], regs['fs'], regs['gs'])`
msftidy run 2011-11-20 11:39:27 +11:00
thread stuff 2005-04-16 07:29:06 +00:00			`return buf`
			`end`
Retab lib 2013-08-30 16:28:33 -05:00
thread stuff 2005-04-16 07:29:06 +00:00			`##`
			`#`
			`# Closure`
			`#`
			`##`

major doc update 2005-11-15 05:22:13 +00:00			`#`
			`# Closes the thread handle.`
			`#`
Fixes #2070 by adding finalizers to process, event, thread, registry, and channels. 2010-10-16 19:39:11 +00:00			`def self.close(client, handle)`
Almost final refactor of how IDs are handled 2020-05-04 13:32:08 +10:00			`request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE)`
thread stuff 2005-04-16 07:29:06 +00:00			`request.add_tlv(TLV_TYPE_THREAD_HANDLE, handle)`
Remove the response wait for close calls triggered by the finalizer, should help in a few corner cases that currently result in a timeout or hang. 2010-11-03 03:03:29 +00:00			`client.send_request(request, nil)`
thread stuff 2005-04-16 07:29:06 +00:00			`handle = nil`
			`return true`
			`end`
msftidy run 2011-11-20 11:39:27 +11:00
Fixes #2070 by adding finalizers to process, event, thread, registry, and channels. 2010-10-16 19:39:11 +00:00			`# Instance method`
fix ArgumentError in everything that closes a process handle 2010-10-21 17:10:46 +00:00			`def close`
Fixup finalizers to not double-close Meterpreter objects 2016-03-02 21:43:51 -06:00			`unless self.handle.nil?`
			`ObjectSpace.undefine_finalizer(self)`
			`self.class.close(self.process.client, self.handle)`
			`self.handle = nil`
			`end`
Fixes #2070 by adding finalizers to process, event, thread, registry, and channels. 2010-10-16 19:39:11 +00:00			`end`
Retab lib 2013-08-30 16:28:33 -05:00
major doc update 2005-11-15 05:22:13 +00:00			`attr_reader :process, :handle, :tid # :nodoc:`
msftidy run 2011-11-20 11:39:27 +11:00			`protected`
major doc update 2005-11-15 05:22:13 +00:00			`attr_writer :process, :handle, :tid # :nodoc:`
thread stuff 2005-04-16 07:29:06 +00:00
			`end`

Fixes #2070 by adding finalizers to process, event, thread, registry, and channels. 2010-10-16 19:39:11 +00:00			`end; end; end; end; end; end`