Navigation

← Previous Changeset
Next Changeset →

Changeset 1663

Timestamp:

07/28/08 00:23:32 (1 month ago)

Author:

till

Message:

honeytrap
- cpuEmu: socket endpoint logging etc.

Files:

honeytrap/trunk/src/modules/htm_cpuEmu.c (modified) (11 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

honeytrap/trunk/src/modules/htm_cpuEmu.c

r1662	r1663
50	50	#include <emu/environment/emu_env.h>
51	51	#include <emu/environment/win32/emu_env_w32.h>
	52	#include <emu/environment/win32/emu_env_w32_dll.h>
52	53	#include <emu/environment/win32/emu_env_w32_dll_export.h>
53	54	#include <emu/environment/win32/env_w32_dll_export_kernel32_hooks.h>
…	…
62	63	uint32_t user_hook_connect(struct emu_env env, struct emu_env_hook hook, ...);
63	64	uint32_t user_hook_WaitForSingleObject(struct emu_env env, struct emu_env_hook hook, ...);
	65	uint32_t user_hook_WinExec(struct emu_env env, struct emu_env_hook hook, ...);
64	66	uint32_t user_hook_WSASocket(struct emu_env env, struct emu_env_hook hook, ...);
65	67	uint32_t user_hook_CreateProcess(struct emu_env env, struct emu_env_hook hook, ...);
…	…
112	114	case EMU_LOG_DEBUG:
113	115	loglevel = LL_DEBUG;
114		~~return;~~
115	116	break;
116	117	case EMU_LOG_NONE:
…	…
225	226	emu_env_w32_export_hook(env, "CreateProcessA", user_hook_CreateProcess, NULL);
226	227	emu_env_w32_export_hook(env, "WaitForSingleObject", user_hook_WaitForSingleObject, NULL);
	228	emu_env_w32_export_hook(env, "WinExec", user_hook_WinExec, NULL);
227	229
228	230	emu_env_w32_load_dll(env->env.win,"ws2_32.dll");
…	…
339	341	struct sockaddr *saddr;
340	342	socklen_t saddrlen;
341		~~struct sockaddr_in *si;~~
342	343
343	344	logmsg(LOG_NOISY, 1, "CPU Emulation - Hooking bind() call.\n");
…	…
349	350	saddrlen = va_arg(vl, socklen_t);
350	351
351		if (opts.override.bind.host != NULL) {
352		si = (struct sockaddr_in *) saddr;
353		si->sin_addr.s_addr = inet_addr(opts.override.bind.host);
354		}
355
356		if (opts.override.connect.port > 0) {
357		si = (struct sockaddr_in *) saddr;
358		si->sin_port = htons(opts.override.bind.port);
359		}
360
361		va_end(vl);
	352	va_end(vl);
	353
	354	if (opts.override.bind.host != NULL) // override listen address?
	355	((struct sockaddr_in *)saddr)->sin_addr.s_addr = inet_addr(opts.override.connect.host);
	356
	357	if (opts.override.bind.port > 0) // override listen port?
	358	((struct sockaddr_in *)saddr)->sin_port = htons(opts.override.connect.port);
362	359
363	360	return bind(s, saddr, saddrlen);
…	…
367	364	uint32_t user_hook_connect(struct emu_env env, struct emu_env_hook hook, ...) {
368	365	va_list vl;
369		int s;
370		struct sockaddr *saddr;
371		s~~truct sockaddr_in *si~~;
372		~~socklen_t saddrlen~~;
	366	int s, sockfd;
	367	struct sockaddr *saddr, daddr;
	368	socklen_t saddrlen, daddrlen;
	369	char shost[16], dhost[16];
373	370
374	371	logmsg(LOG_NOISY, 1, "CPU Emulation - Hooking connect() call.\n");
…	…
376	373	va_start(vl, hook);
377	374
378		s = va_arg(vl, int);
379		saddr = va_arg(vl, struct sockaddr *);
380
381		if (opts.override.connect.host != NULL) {
382		si = (struct sockaddr_in *) saddr;
383		si->sin_addr.s_addr = inet_addr(opts.override.connect.host);
384		}
385
386		if (opts.override.connect.port > 0) {
387		si = (struct sockaddr_in *) saddr;
388		si->sin_port = htons(opts.override.connect.port);
389		}
390
391		saddrlen = va_arg(vl, socklen_t);
392
393		va_end(vl);
394
395		return connect(s, saddr, saddrlen);
	375	s = va_arg(vl, int);
	376	saddr = va_arg(vl, struct sockaddr *);
	377	saddrlen = va_arg(vl, socklen_t);
	378
	379	va_end(vl);
	380
	381	if (opts.override.connect.host != NULL) // override dst address?
	382	((struct sockaddr_in *)saddr)->sin_addr.s_addr = inet_addr(opts.override.connect.host);
	383
	384	if (opts.override.connect.port > 0) // override dst port?
	385	((struct sockaddr_in *)saddr)->sin_port = htons(opts.override.connect.port);
	386
	387	if ((sockfd = connect(s, saddr, saddrlen)) != -1) {
	388	daddrlen = sizeof(struct sockaddr);
	389	if (getsockname(sockfd, &daddr, &daddrlen) == -1) {
	390	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to get peer information: %s.\n", strerror(errno));
	391	exit(EXIT_FAILURE);
	392	}
	393	if (getpeername(sockfd, saddr, &saddrlen) == -1) {
	394	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to get peer information: %s.\n", strerror(errno));
	395	exit(EXIT_FAILURE);
	396	}
	397
	398	if ((inet_ntop(AF_INET, &((struct sockaddr_in *)saddr)->sin_addr, shost, 16) == NULL) \|\|
	399	(inet_ntop(AF_INET, &((struct sockaddr_in *)&daddr)->sin_addr, dhost, 16) == NULL)) {
	400	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to convert IP address: %s.\n", strerror(errno));
	401	exit(EXIT_FAILURE);
	402	}
	403
	404	logmsg(LOG_NOISY, 1, "CPU Emulation - Connection established: %s:%u -> %s:%u.\n",
	405	shost, ntohs(((struct sockaddr_in *)saddr)->sin_port),
	406	dhost, ntohs(((struct sockaddr_in *)&daddr)->sin_port));
	407	}
	408
	409	return sockfd;
396	410	}
397	411
…	…
472	486
473	487	// system("/bin/sh -c \"cd ~/.wine/drive_c/; WINEDEBUG=-all wine 'c:\\windows\\system32\\cmd_orig.exe' \"");
474		system("~~WINEDEBUG=-all wine 'c:\\windows\\system32\\cmd_orig.exe'~~");
	488	system("/bin/sh -c \"cd .wine/drive_c; WINEDEBUG=-all wine 'c:\\windows\\system32\\cmd_orig.exe'\"");
475	489
476	490	exit(EXIT_SUCCESS);
…	…
483	497	}
484	498
	499
	500	uint32_t user_hook_WinExec(struct emu_env env, struct emu_env_hook hook, ...) {
	501	logmsg(LOG_NOISY, 1, "CPU Emulation - Hooking WinExec() call.\n");
	502
	503	return 0;
	504	}
	505
	506
485	507	uint32_t user_hook_accept(struct emu_env env, struct emu_env_hook hook, ...) {
486	508	va_list vl;
487	509	int s, sockfd;
488	510	struct sockaddr *saddr, daddr;
489		socklen_t *saddrlen, socklen;
490		// Attack *a;
	511	socklen_t *saddrlen, daddrlen;
491	512	char shost[16], dhost[16];
492	513
…	…
504	525	va_end(vl);
505	526
506		if ((sockfd = accept(s, saddr, saddrlen)) == -1) {
507		logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to accept incoming connection: %s.\n", strerror(errno));
508		exit(EXIT_FAILURE);
509		}
510		logmsg(LOG_NOISY, 1, "-------------------------------------\n");
511
512		socklen = sizeof(struct sockaddr);
513		if (getsockname(sockfd,&daddr, &socklen) == -1) {
514		logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to get peer information: %s.\n", strerror(errno));
515		exit(EXIT_FAILURE);
516		}
517
518		if ((inet_ntop(AF_INET, &((struct sockaddr_in *)saddr)->sin_addr, shost, 16) == NULL) \|\|
519		(inet_ntop(AF_INET, &((struct sockaddr_in *)&daddr)->sin_addr, dhost, 16) == NULL)) {
520		logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to convert IP address: %s.\n", strerror(errno));
521		exit(EXIT_FAILURE);
522		}
523
524		logmsg(LOG_NOISY, 1, "CPU Emulation - Connection accepted: %s:%u <- %s:%u.\n",
525		shost, ((struct sockaddr_in *)saddr)->sin_port,
526		dhost, ((struct sockaddr_in *)&daddr)->sin_port);
527
528
529		/*
530		if ((a = new_virtattack((struct in_addr) &, (struct in_addr) &a->m_action.m_connectback.m_remotehost, 0, a->m_action.m_connectback.m_remoteport, TCP)) == NULL) {
531		logmsg(LOG_ERR, 1, "CSPM Error - Unable to create virtual attack for connectback session.\n");
532		exit(EXIT_FAILURE);
533		}
534		*/
535
536
	527	if ((sockfd = accept(s, saddr, saddrlen)) != -1) {
	528	daddrlen = sizeof(struct sockaddr);
	529	if (getsockname(sockfd,&daddr, &daddrlen) == -1) {
	530	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to get peer information: %s.\n", strerror(errno));
	531	exit(EXIT_FAILURE);
	532	}
	533	if (getpeername(sockfd,saddr, saddrlen) == -1) {
	534	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to get peer information: %s.\n", strerror(errno));
	535	exit(EXIT_FAILURE);
	536	}
	537
	538	if ((inet_ntop(AF_INET, &((struct sockaddr_in *)saddr)->sin_addr, shost, 16) == NULL) \|\|
	539	(inet_ntop(AF_INET, &((struct sockaddr_in *)&daddr)->sin_addr, dhost, 16) == NULL)) {
	540	logmsg(LOG_ERR, 1, "CPU Emulation Error - Unable to convert IP address: %s.\n", strerror(errno));
	541	exit(EXIT_FAILURE);
	542	}
	543
	544	logmsg(LOG_NOISY, 1, "CPU Emulation - Connection accepted: %s:%u <- %s:%u.\n",
	545	shost, ntohs(((struct sockaddr_in *)saddr)->sin_port),
	546	dhost, ntohs(((struct sockaddr_in *)&daddr)->sin_port));
	547	}
537	548
538	549	return sockfd;

Navigation

Changeset 1663

Legend:

honeytrap/trunk/src/modules/htm_cpuEmu.c

Download in other formats: