Skip to content

Commit

Permalink
Handle VarDecl.
Browse files Browse the repository at this point in the history
  • Loading branch information
@plowsec
plowsec committed Jul 9, 2020
1 parent 83a8eb8 commit b2f53ac
Show file tree
Hide file tree
Showing 7 changed files with 96 additions and 68 deletions.
41 changes: 20 additions & 21 deletions CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,27 +28,26 @@ include_directories(${LLVM_INCLUDE_DIRS})
link_directories(${LLVM_LIBRARY_DIRS})
add_definitions(${LLVM_DEFINITIONS})
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++14 -Wno-unused-parameter -fno-strict-aliasing -fno-rtti -I/usr/include -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -L/usr/lib ")
#target_link_libraries(avcleaner.bin LLVM clangTooling clangToolingInclusions clangLex clangToolingCore clangAST clangASTMatchers clangBasic clangFrontend clangFrontendTool clangRewrite clangRewriteFrontend clangSerialization

target_link_libraries(avcleaner.bin LLVM clang-cpp
#LLVMX86AsmParser # MC, MCParser, Support, X86Desc, X86Info
#LLVMX86Desc # MC, Support, X86AsmPrinter, X86Info
##LLVMX86AsmPrinter # MC, Support, X86Utils
#LLVMX86Info # MC, Support, Target
#LLVMX86Utils # Core, Support
#LLVMipo
#LLVMScalarOpts
#LLVMInstCombine
#LLVMTransformUtils
#LLVMAnalysis
#LLVMTarget
#LLVMOption # Support
#LLVMMCParser # MC, Support
#LLVMMC # Object, Support
#LLVMObject # BitReader, Core, Support
#LLVMBitReader # Core, Support
#LLVMCore # Support
#LLVMSupport

target_link_libraries(avcleaner.bin LLVM clangTooling clangToolingInclusions clangLex clangToolingCore clangAST clangASTMatchers clangBasic clangFrontend clangFrontendTool clangRewrite clangRewriteFrontend clangSerialization
LLVMX86AsmParser # MC, MCParser, Support, X86Desc, X86Info
LLVMX86Desc # MC, Support, X86AsmPrinter, X86Info
#LLVMX86AsmPrinter # MC, Support, X86Utils
LLVMX86Info # MC, Support, Target
LLVMX86Utils # Core, Support
LLVMipo
LLVMScalarOpts
LLVMInstCombine
LLVMTransformUtils
LLVMAnalysis
LLVMTarget
LLVMOption # Support
LLVMMCParser # MC, Support
LLVMMC # Object, Support
LLVMObject # BitReader, Core, Support
LLVMBitReader # Core, Support
LLVMCore # Support
LLVMSupport
stdc++
)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
Expand Down
35 changes: 35 additions & 0 deletions CMakeLists_archlinux.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
cmake_minimum_required(VERSION 3.6)
project(avcleaner LANGUAGES CXX C)

set(CMAKE_CXX_STANDARD 14)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
#set(CMAKE_FIND_LIBRARY_SUFFIXES .a ${CMAKE_FIND_LIBRARY_SUFFIXES})
#SET(CMAKE_EXE_LINKER_FLAGS $(llvm-config --ldflags))

list(APPEND CMAKE_CXX_SOURCE_FILE_EXTENSIONS c)

find_package(Clang REQUIRED CONFIG)
message(STATUS "Found LLVM ${LLVM_PACKAGE_VERSION}")
message(STATUS "Using LLVMConfig.cmake in: ${LLVM_DIR}")
message(STATUS "Using ClangConfig.cmake in: ${CLANG_CMAKE_DIR}")

# HandleLLVMOptions sets up compilation flags (disable warnings, etc.)
list(APPEND CMAKE_MODULE_PATH ${LLVM_DIR})
include(HandleLLVMOptions)

add_executable(avcleaner.bin
main.cpp
MatchHandler.cpp
Globals.cpp
ApiMatchHandler.cpp ApiMatchHandler.h Utils.cpp Utils.h)


include_directories(${LLVM_INCLUDE_DIRS})
link_directories(${LLVM_LIBRARY_DIRS})
add_definitions(${LLVM_DEFINITIONS})
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -std=c++14 -Wno-unused-parameter -fno-strict-aliasing -fno-rtti -I/usr/include -D_GNU_SOURCE -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D__STDC_LIMIT_MACROS -L/usr/lib ")
#target_link_libraries(avcleaner.bin LLVM clangTooling clangToolingInclusions clangLex clangToolingCore clangAST clangASTMatchers clangBasic clangFrontend clangFrontendTool clangRewrite clangRewriteFrontend clangSerialization

target_link_libraries(avcleaner.bin LLVM clang-cpp stdc++)
set(CMAKE_EXPORT_COMPILE_COMMANDS ON)

17 changes: 17 additions & 0 deletions MatchHandler.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -119,6 +119,8 @@ void MatchHandler::handleStringInContext(const clang::StringLiteral *pLiteral, c
handleCallExpr(pLiteral, pContext, node);
} else if (ParentNodeKind.compare("InitListExpr") == 0) {
handleInitListExpr(pLiteral, pContext, node);
}else if(ParentNodeKind.compare("VarDecl") == 0) {
handleVarDeclExpr(pLiteral, pContext, node);
} else {
llvm::outs() << "Unhandled context " << ParentNodeKind << " for string " << pLiteral->getBytes() << "\n";
}
Expand All @@ -132,6 +134,7 @@ bool MatchHandler::handleExpr(const clang::StringLiteral *pLiteral, clang::ASTCo
ASTRewriter->getSourceMgr().getFileLoc(pLiteral->getEndLoc())
);


if(shouldAbort(pLiteral, pContext, LiteralRange))
return false;

Expand Down Expand Up @@ -165,6 +168,20 @@ void MatchHandler::handleInitListExpr(const clang::StringLiteral *pLiteral, clan
handleExpr(pLiteral, pContext, node);
}

void MatchHandler::handleVarDeclExpr(const clang::StringLiteral *pLiteral, clang::ASTContext *const pContext,
const clang::ast_type_traits::DynTypedNode node) {

auto Identifier = node.get<clang::VarDecl>()->getIdentifier()->getName();
auto TypeLoc = node.get<clang::VarDecl>()->getTypeSourceInfo()->getTypeLoc();
auto Type = TypeLoc.getType().getAsString();
auto Loc = TypeLoc.getSourceRange();
auto LHSReplacement = Type.replace(Type.find(" []"),3,"* ")+Identifier;

ASTRewriter->ReplaceText(Loc, LHSReplacement.str());
handleExpr(pLiteral, pContext, node);
}


bool MatchHandler::insertVariableDeclaration(const clang::StringLiteral *pLiteral, clang::ASTContext *const pContext,
clang::SourceRange range, const std::string& Replacement) {

Expand Down
3 changes: 3 additions & 0 deletions MatchHandler.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,9 @@ class MatchHandler : public clang::ast_matchers::MatchFinder::MatchCallback {

bool handleExpr(const clang::StringLiteral *pLiteral, clang::ASTContext *pContext,
clang::ast_type_traits::DynTypedNode node);

void handleVarDeclExpr(const clang::StringLiteral *pLiteral, clang::ASTContext *const pContext,
const clang::ast_type_traits::DynTypedNode node);
};

#endif //AVCLEANER_MATCHHANDLER_H
2 changes: 1 addition & 1 deletion Utils.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ Utils::generateVariableDeclaration(const std::string &StringIdentifier, const st
} else if (*it == '\n') {
Result << "'\\n'";
} else if (*it != 0) {
Result << "'" << *it << "'";
Result << "'\\x" << std::hex << (int)*it << "'";
} else {
continue;
}
Expand Down
16 changes: 0 additions & 16 deletions run_example_private.sh
View file

This file was deleted.

50 changes: 20 additions & 30 deletions test/strings_simplest.c.patch
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,31 +6,31 @@
#include <stdio.h>


TCHAR hid_core_l_0nuLP4q4MWgG[] = {'c','o','r','e','_','l','o','a','d','l','i','b',0};
TCHAR hid_core_l_kyIDIWTX4A6v[] = {'\x63','\x6f','\x72','\x65','\x5f','\x6c','\x6f','\x61','\x64','\x6c','\x69','\x62',0};

TCHAR hid_reques_1Ae3U2fh5JdL[] = {'r','e','q','u','e','s','t','_','c','o','r','e','_','l','o','a','d','l','i','b',0};
TCHAR hid_reques_JDTO9W2opLT6[] = {'\x72','\x65','\x71','\x75','\x65','\x73','\x74','\x5f','\x63','\x6f','\x72','\x65','\x5f','\x6c','\x6f','\x61','\x64','\x6c','\x69','\x62',0};

TCHAR hid_core_e_7g70kUWw1inf[] = {'c','o','r','e','_','e','n','u','m','e','x','t','c','m','d',0};
TCHAR hid_core_e_ZTK2jqLgvL6E[] = {'\x63','\x6f','\x72','\x65','\x5f','\x65','\x6e','\x75','\x6d','\x65','\x78','\x74','\x63','\x6d','\x64',0};

TCHAR hid_reques_rZkabEOHnjs1[] = {'r','e','q','u','e','s','t','_','c','o','r','e','_','e','n','u','m','e','x','t','c','m','d',0};
TCHAR hid_reques_dWuwFjdbLgR9[] = {'\x72','\x65','\x71','\x75','\x65','\x73','\x74','\x5f','\x63','\x6f','\x72','\x65','\x5f','\x65','\x6e','\x75','\x6d','\x65','\x78','\x74','\x63','\x6d','\x64',0};

TCHAR hid_core_m_AKfIxa5M9e7V[] = {'c','o','r','e','_','m','a','c','h','i','n','e','_','i','d',0};
TCHAR hid_core_m_tLAk0fGuKJfz[] = {'\x63','\x6f','\x72','\x65','\x5f','\x6d','\x61','\x63','\x68','\x69','\x6e','\x65','\x5f','\x69','\x64',0};

TCHAR hid_reques_PTPCI3DK9eIQ[] = {'r','e','q','u','e','s','t','_','c','o','r','e','_','m','a','c','h','i','n','e','_','i','d',0};
TCHAR hid_reques_IgYRnYuigouX[] = {'\x72','\x65','\x71','\x75','\x65','\x73','\x74','\x5f','\x63','\x6f','\x72','\x65','\x5f','\x6d','\x61','\x63','\x68','\x69','\x6e','\x65','\x5f','\x69','\x64',0};

TCHAR hid_core_g_9Jbs1pJlyZQU[] = {'c','o','r','e','_','g','e','t','_','s','e','s','s','i','o','n','_','g','u','i','d',0};
TCHAR hid_core_g_f5srU5p4yJ8Z[] = {'\x63','\x6f','\x72','\x65','\x5f','\x67','\x65','\x74','\x5f','\x73','\x65','\x73','\x73','\x69','\x6f','\x6e','\x5f','\x67','\x75','\x69','\x64',0};

TCHAR hid_reques_XMXlSDIqX8I0[] = {'r','e','q','u','e','s','t','_','c','o','r','e','_','g','e','t','_','s','e','s','s','i','o','n','_','g','u','i','d',0};
TCHAR hid_reques_lLTFgAxDwKMA[] = {'\x72','\x65','\x71','\x75','\x65','\x73','\x74','\x5f','\x63','\x6f','\x72','\x65','\x5f','\x67','\x65','\x74','\x5f','\x73','\x65','\x73','\x73','\x69','\x6f','\x6e','\x5f','\x67','\x75','\x69','\x64',0};
char *customCommands[] =
{
hid_core_l_0nuLP4q4MWgG,
hid_reques_1Ae3U2fh5JdL,
hid_core_e_7g70kUWw1inf,
hid_reques_rZkabEOHnjs1,
hid_core_m_AKfIxa5M9e7V,
hid_reques_PTPCI3DK9eIQ,
hid_core_g_9Jbs1pJlyZQU,
hid_reques_XMXlSDIqX8I0
hid_core_l_kyIDIWTX4A6v,
hid_reques_JDTO9W2opLT6,
hid_core_e_ZTK2jqLgvL6E,
hid_reques_dWuwFjdbLgR9,
hid_core_m_tLAk0fGuKJfz,
hid_reques_IgYRnYuigouX,
hid_core_g_f5srU5p4yJ8Z,
hid_reques_lLTFgAxDwKMA
};

typedef NTSTATUS (NTAPI *f_NtMapViewOfSection)(HANDLE, HANDLE, PVOID *, ULONG, ULONG,
Expand All @@ -47,28 +47,18 @@ typedef struct _KUHL_M_C {
int main(void)
{


TCHAR hid_n_t_d__fa6eKar6ZveH[] = {'n','t','d','l','l',0};

TCHAR hid_NtMapV_o4iKqItygd0c[] = {'N','t','M','a','p','V','i','e','w','O','f','S','e','c','t','i','o','n',0};

TCHAR hid_____At_sN7iiFNfQKmm[] = {'[','*',']',' ','A','t','t','e','m','p','t','i','n','g',' ','t','o',' ','a','d','d',' ','u','s','e','r',' ','%','s',' ','t','o',' ','h','o','s','t',' ','%','s','\n',0};

TCHAR hid_userna_uN0Yg0kzqHUe[] = {'u','s','e','r','n','a','m','e',0};

TCHAR hid_dc_net_MkVeTGm0XETk[] = {'d','c','_','n','e','t','b','i','o','s','_','n','a','m','e',0};
f_NtMapViewOfSection lNtMapViewOfSection;
f_NtMapViewOfSection lNtMapViewOfSection;
HMODULE ntdll;

if (!(ntdll = LoadLibrary(hid_n_t_d__fa6eKar6ZveH)))
if (!(ntdll = LoadLibrary(TEXT("ntdll"))))
{
return -1;
}

lNtMapViewOfSection = (f_NtMapViewOfSection)GetProcAddress(ntdll, hid_NtMapV_o4iKqItygd0c);
lNtMapViewOfSection = (f_NtMapViewOfSection)GetProcAddress(ntdll, "NtMapViewOfSection");
lNtMapViewOfSection(0,0,0,0,0,0,0,0,0,0);

char return_value[500];
sprintf(return_value, hid_____At_sN7iiFNfQKmm, hid_userna_uN0Yg0kzqHUe, hid_dc_net_MkVeTGm0XETk);
sprintf(return_value, "[*] Attempting to add user %s to host %s\n", "username", "dc_netbios_name");
return 0;
}

0 comments on commit b2f53ac

Please sign in to comment.