Add a standalone pipe server so debugging multi-process cuckoomon bug…

…s is possible without needing any of Cuckoo's Python infrastructure. Can use a very simple config.ini like: pipe=\\.\PIPE\cuckoo_debugging debug=1 analyzer=c:\analyzer shutdown-mutex=cuckoo_shutdown
spender-sandbox · Jan 11, 2016 · 0458acc · 0458acc
1 parent 397f0d5
commit 0458acc
Show file tree

Hide file tree

Showing 4 changed files with 57 additions and 3 deletions.
diff --git a/loader/loader/Loader.c b/loader/loader/Loader.c
@@ -458,6 +458,55 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine
 		char *dumpfile = __argv[3];
 		return dump(pid, dumpfile);
 	}
+#ifdef CUCKOODBG
+	else if (!strcmp(__argv[1], "pipe")) {
+		// usage: loader.exe pipe <pipe name> <dll to load>
+		HANDLE pipehandle;
+		char pipe_name[512];
+		FILE *f = fopen("c:\\cmds.log", "a");
 
+		if (__argc != 4)
+			return ERROR_ARGCOUNT;
+
+		_snprintf(pipe_name, sizeof(pipe_name)-1, "\\\\.\\PIPE\\%s", __argv[2]);
+
+		while (1) {
+			pipehandle = CreateNamedPipeA(pipe_name, PIPE_ACCESS_DUPLEX,
+				PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT,
+				PIPE_UNLIMITED_INSTANCES,
+				16384,
+				16384,
+				0,
+				NULL);
+			if (ConnectNamedPipe(pipehandle, NULL) || GetLastError() == ERROR_PIPE_CONNECTED) {
+				char buf[16384];
+				char response[16384];
+				int response_len = 0;
+				int bytes_read = 0;
+				int bytes_written = 0;
+				memset(buf, 0, sizeof(buf));
+				ReadFile(pipehandle, buf, sizeof(buf), &bytes_read, NULL);
+				fprintf(f, "%s\n", buf);
+				fflush(f);
+				if (!strncmp(buf, "PROCESS:", 8)) {
+					int pid = -1, tid = -1;
+					char *p;
+					if ((p = strchr(buf, ','))) {
+						*p = '\0';
+						pid = atoi(&buf[8]);
+						tid = atoi(p + 1);
+					}
+					else {
+						pid = atoi(&buf[8]);
+					}
+					inject(pid, tid, __argv[3], is_suspended(pid, tid));
+				}
+				WriteFile(pipehandle, response, response_len, &bytes_written, NULL);
+				CloseHandle(pipehandle);
+			}
+		}
+		fclose(f);
+	}
+#endif
 	return ERROR_MODE;
 }
diff --git a/loader/loader/Loader.h b/loader/loader/Loader.h
@@ -2,7 +2,9 @@
 // This file is published under the GNU GPL v3
 // http://www.gnu.org/licenses/gpl.html
 
+#define _CRT_SECURE_NO_WARNINGS 1
 #include <Windows.h>
+#include <stdio.h>
 
 enum {
 	INJECT_CREATEREMOTETHREAD,

diff --git a/loader/loader/loader.vcxproj b/loader/loader/loader.vcxproj
@@ -22,6 +22,7 @@
     <ProjectGuid>{52D1444F-0B18-4F98-BC62-3D11046190CC}</ProjectGuid>
     <Keyword>Win32Proj</Keyword>
     <RootNamespace>loader</RootNamespace>
+    <WindowsTargetPlatformVersion>8.1</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
@@ -68,9 +69,11 @@
   <PropertyGroup Label="UserMacros" />
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
     <LinkIncremental>true</LinkIncremental>
+    <TargetName>$(ProjectName)_dbg</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
     <LinkIncremental>true</LinkIncremental>
+    <TargetName>$(ProjectName)_dbg</TargetName>
   </PropertyGroup>
   <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <LinkIncremental>false</LinkIncremental>
@@ -85,7 +88,7 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>CUCKOODBG;WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <SDLCheck>true</SDLCheck>
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
     </ClCompile>
@@ -100,7 +103,7 @@
       </PrecompiledHeader>
       <WarningLevel>Level3</WarningLevel>
       <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>CUCKOODBG;WIN32;_DEBUG;_CONSOLE;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <SDLCheck>true</SDLCheck>
       <RuntimeLibrary>MultiThreadedDebug</RuntimeLibrary>
     </ClCompile>

diff --git a/pipe.c b/pipe.c
@@ -177,7 +177,7 @@ int pipe(const char *fmt, ...)
         char *buf = calloc(1, len + 1);
         _pipe_sprintf(buf, fmt, args);
 
-#ifdef CUCKOODBG
+#ifdef CUCKOODBG_PIPE
 		char filename[64];
 		snprintf(filename, sizeof(filename), "c:\\pipe%u.log", GetCurrentProcessId());
 		FILE *f = fopen(filename, "ab");