/spec/lib/msf/core/exe/segment_injector_spec.rb

https://github.com/debbiemezyene/metasploit-framework · Ruby · 92 lines · 76 code · 16 blank · 0 comment · 11 complexity · 5d65501b83586b68cbc7a13402652d6b MD5 · raw file

  1. require 'spec_helper'
  2. require 'msf/core/exe/segment_injector'
  3. describe Msf::Exe::SegmentInjector do
  4. let(:opts) do
  5. option_hash = {
  6. :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
  7. :payload => "\xd9\xeb\x9b\xd9\x74\x24",
  8. :arch => :x86
  9. }
  10. end
  11. subject(:injector) { Msf::Exe::SegmentInjector.new(opts) }
  12. it { should respond_to :payload }
  13. it { should respond_to :template }
  14. it { should respond_to :arch }
  15. it { should respond_to :processor }
  16. it { should respond_to :buffer_register }
  17. it 'should return the correct processor for the arch' do
  18. injector.processor.class.should == Metasm::Ia32
  19. injector.arch = :x64
  20. injector.processor.class.should == Metasm::X86_64
  21. end
  22. context '#payload_as_asm' do
  23. it 'should return the payload as declare byte instructions' do
  24. injector.payload_as_asm.should == "db 0xd9\ndb 0xeb\ndb 0x9b\ndb 0xd9\ndb 0x74\ndb 0x24\n"
  25. end
  26. end
  27. context '#create_thread_stub' do
  28. it 'should use edx as a default buffer register' do
  29. injector.buffer_register.should == 'edx'
  30. end
  31. context 'when given a non-default buffer register' do
  32. let(:opts) do
  33. option_hash = {
  34. :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
  35. :payload => "\xd9\xeb\x9b\xd9\x74\x24",
  36. :arch => :x86,
  37. :buffer_register => 'eax'
  38. }
  39. end
  40. it 'should use the correct buffer register' do
  41. injector.buffer_register.should == 'eax'
  42. end
  43. end
  44. it 'should set a buffer register for the payload' do
  45. injector.create_thread_stub.should include('lea edx, [thread_hook]')
  46. end
  47. end
  48. describe '#generate_pe' do
  49. it 'should return a string' do
  50. injector.generate_pe.kind_of?(String).should == true
  51. end
  52. it 'should produce a valid PE exe' do
  53. expect {Metasm::PE.decode(injector.generate_pe) }.to_not raise_exception
  54. end
  55. context 'the generated exe' do
  56. let(:exe) { Metasm::PE.decode(injector.generate_pe) }
  57. it 'should be the propper arch' do
  58. exe.bitsize.should == 32
  59. end
  60. it 'should have 5 sections' do
  61. exe.sections.count.should == 5
  62. end
  63. it 'should have all the right section names' do
  64. s_names = []
  65. exe.sections.collect {|s| s_names << s.name}
  66. s_names.should == [".text", ".rdata", ".data", ".rsrc", ".text"]
  67. end
  68. it 'should have the last section set to RWX' do
  69. exe.sections.last.characteristics.should == ["CONTAINS_CODE", "MEM_EXECUTE", "MEM_READ", "MEM_WRITE"]
  70. end
  71. it 'should have an entrypoint that points to the last section' do
  72. exe.optheader.entrypoint.should == exe.sections.last.virtaddr
  73. end
  74. end
  75. end
  76. end