/spec/lib/msf/core/exe/segment_injector_spec.rb
https://github.com/debbiemezyene/metasploit-framework · Ruby · 92 lines · 76 code · 16 blank · 0 comment · 11 complexity · 5d65501b83586b68cbc7a13402652d6b MD5 · raw file
- require 'spec_helper'
- require 'msf/core/exe/segment_injector'
- describe Msf::Exe::SegmentInjector do
- let(:opts) do
- option_hash = {
- :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
- :payload => "\xd9\xeb\x9b\xd9\x74\x24",
- :arch => :x86
- }
- end
- subject(:injector) { Msf::Exe::SegmentInjector.new(opts) }
- it { should respond_to :payload }
- it { should respond_to :template }
- it { should respond_to :arch }
- it { should respond_to :processor }
- it { should respond_to :buffer_register }
- it 'should return the correct processor for the arch' do
- injector.processor.class.should == Metasm::Ia32
- injector.arch = :x64
- injector.processor.class.should == Metasm::X86_64
- end
- context '#payload_as_asm' do
- it 'should return the payload as declare byte instructions' do
- injector.payload_as_asm.should == "db 0xd9\ndb 0xeb\ndb 0x9b\ndb 0xd9\ndb 0x74\ndb 0x24\n"
- end
- end
- context '#create_thread_stub' do
- it 'should use edx as a default buffer register' do
- injector.buffer_register.should == 'edx'
- end
- context 'when given a non-default buffer register' do
- let(:opts) do
- option_hash = {
- :template => File.join(File.dirname(__FILE__), "..", "..", "..", "..", "..", "data", "templates", "template_x86_windows.exe"),
- :payload => "\xd9\xeb\x9b\xd9\x74\x24",
- :arch => :x86,
- :buffer_register => 'eax'
- }
- end
- it 'should use the correct buffer register' do
- injector.buffer_register.should == 'eax'
- end
- end
- it 'should set a buffer register for the payload' do
- injector.create_thread_stub.should include('lea edx, [thread_hook]')
- end
- end
- describe '#generate_pe' do
- it 'should return a string' do
- injector.generate_pe.kind_of?(String).should == true
- end
- it 'should produce a valid PE exe' do
- expect {Metasm::PE.decode(injector.generate_pe) }.to_not raise_exception
- end
- context 'the generated exe' do
- let(:exe) { Metasm::PE.decode(injector.generate_pe) }
- it 'should be the propper arch' do
- exe.bitsize.should == 32
- end
- it 'should have 5 sections' do
- exe.sections.count.should == 5
- end
- it 'should have all the right section names' do
- s_names = []
- exe.sections.collect {|s| s_names << s.name}
- s_names.should == [".text", ".rdata", ".data", ".rsrc", ".text"]
- end
- it 'should have the last section set to RWX' do
- exe.sections.last.characteristics.should == ["CONTAINS_CODE", "MEM_EXECUTE", "MEM_READ", "MEM_WRITE"]
- end
- it 'should have an entrypoint that points to the last section' do
- exe.optheader.entrypoint.should == exe.sections.last.virtaddr
- end
- end
- end
- end