PageRenderTime 38ms CodeModel.GetById 18ms app.highlight 18ms RepoModel.GetById 1ms app.codeStats 0ms

/spec/lib/msf/core/exe/segment_injector_spec.rb

https://github.com/debbiemezyene/metasploit-framework
Ruby | 92 lines | 76 code | 16 blank | 0 comment | 11 complexity | 5d65501b83586b68cbc7a13402652d6b MD5 | raw file 
 1require 'spec_helper'
 2require 'msf/core/exe/segment_injector'
 3
 4describe Msf::Exe::SegmentInjector do
 5
 6  let(:opts) do
 7    option_hash = {
 8        :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
 9        :payload  => "\xd9\xeb\x9b\xd9\x74\x24",
10        :arch     => :x86
11    }
12  end
13  subject(:injector) { Msf::Exe::SegmentInjector.new(opts) }
14
15  it { should respond_to :payload }
16  it { should respond_to :template }
17  it { should respond_to :arch }
18  it { should respond_to :processor }
19  it { should respond_to :buffer_register }
20
21  it 'should return the correct processor for the arch' do
22    injector.processor.class.should == Metasm::Ia32
23    injector.arch = :x64
24    injector.processor.class.should == Metasm::X86_64
25  end
26
27  context '#payload_as_asm' do
28    it 'should return the payload as declare byte instructions' do
29      injector.payload_as_asm.should == "db 0xd9\ndb 0xeb\ndb 0x9b\ndb 0xd9\ndb 0x74\ndb 0x24\n"
30    end
31  end
32
33  context '#create_thread_stub' do
34    it 'should use edx as a default buffer register' do
35      injector.buffer_register.should == 'edx'
36    end
37
38    context 'when given a non-default buffer register' do
39      let(:opts) do
40        option_hash = {
41            :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
42            :payload  => "\xd9\xeb\x9b\xd9\x74\x24",
43            :arch     => :x86,
44            :buffer_register => 'eax'
45        }
46      end
47      it 'should use the correct buffer register' do
48        injector.buffer_register.should == 'eax'
49      end
50    end
51
52    it 'should set a buffer register for the payload' do
53      injector.create_thread_stub.should include('lea edx, [thread_hook]')
54    end
55  end
56
57  describe '#generate_pe' do
58    it 'should return a string' do
59      injector.generate_pe.kind_of?(String).should == true
60    end
61
62    it 'should produce a valid PE exe' do
63      expect {Metasm::PE.decode(injector.generate_pe) }.to_not raise_exception
64    end
65
66    context 'the generated exe' do
67      let(:exe) { Metasm::PE.decode(injector.generate_pe) }
68      it 'should be the propper arch' do
69        exe.bitsize.should == 32
70      end
71
72      it 'should have 5 sections' do
73        exe.sections.count.should == 5
74      end
75
76      it 'should have all the right section names' do
77        s_names = []
78        exe.sections.collect {|s| s_names << s.name}
79        s_names.should == [".text", ".rdata", ".data", ".rsrc", ".text"]
80      end
81
82      it 'should have the last section set to RWX' do
83        exe.sections.last.characteristics.should == ["CONTAINS_CODE", "MEM_EXECUTE", "MEM_READ", "MEM_WRITE"]
84      end
85
86      it 'should have an entrypoint that points to the last section' do
87        exe.optheader.entrypoint.should == exe.sections.last.virtaddr
88      end
89    end
90  end
91end
92