From 4928bd9684db9312ee5e8b5b4bca490b83bfce65 Mon Sep 17 00:00:00 2001
From: Dimitris Zervas <dzervas@dzervas.gr>
Date: Thu, 25 May 2023 17:48:18 +0300
Subject: [PATCH] Start working on dll proxying

---
 Cargo.lock      | 38 ++++++++++++++++++++++++++++++++++
 Cargo.toml      |  8 ++++++++
 build.rs        | 54 +++++++++++++++++++++++++++++++++++++++++++++----
 src/injector.rs |  2 +-
 4 files changed, 97 insertions(+), 5 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index e643ca8..8466264 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -227,6 +227,7 @@ dependencies = [
  "ctor",
  "frida",
  "frida-sys",
+ "goblin",
  "lazy_static",
 ]
 
@@ -294,6 +295,17 @@ version = "0.3.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b"
 
+[[package]]
+name = "goblin"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d6b4de4a8eb6c46a8c77e1d3be942cb9a8bf073c22374578e5ba4b08ed0ff68"
+dependencies = [
+ "log",
+ "plain",
+ "scroll",
+]
+
 [[package]]
 name = "h2"
 version = "0.3.19"
@@ -668,6 +680,12 @@ version = "0.3.27"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26072860ba924cbfa98ea39c8c19b4dd6a4a25423dbdf219c1eca91aa0cf6964"
 
+[[package]]
+name = "plain"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
+
 [[package]]
 name = "proc-macro2"
 version = "1.0.58"
@@ -791,6 +809,26 @@ dependencies = [
  "windows-sys 0.42.0",
 ]
 
+[[package]]
+name = "scroll"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "04c565b551bafbef4157586fa379538366e4385d42082f255bfd96e4fe8519da"
+dependencies = [
+ "scroll_derive",
+]
+
+[[package]]
+name = "scroll_derive"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bdbda6ac5cd1321e724fa9cee216f3a61885889b896f073b8f82322789c5250e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
 [[package]]
 name = "security-framework"
 version = "2.9.1"
diff --git a/Cargo.toml b/Cargo.toml
index 5be0fa6..a66c5c5 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -8,9 +8,17 @@ crate-type = ["cdylib"]
 
 [[bin]]
 name = "standalone"
+path = "src/main.rs"
 
 [dependencies]
 frida = { version = "0.4.0", features = ["auto-download"] }
 frida-sys = { version = "0.4.0", features = ["auto-download", "frida-build"] }
 lazy_static = "1.4.0"
 ctor = "0.2.0"
+
+# [target.'cfg(unix)'.build-dependencies]
+
+# [target.'cfg(windows)'.build-dependencies]
+# pelite = "0.10.0"
+[build-dependencies]
+goblin = "0.6.1"
diff --git a/build.rs b/build.rs
index 2ce848d..3ea5728 100644
--- a/build.rs
+++ b/build.rs
@@ -1,16 +1,62 @@
 use std::env;
 
 fn main() {
-	// Set the environment variable
-	env::set_var("MY_STRING", "Hello, world!");
-
 	if let Ok(code_file) = env::var("FRIDA_CODE_FILE") {
 		env::set_var("FRIDA_CODE", &std::fs::read_to_string(&code_file).unwrap());
 		println!("cargo:warning=Using code from file: {}", &code_file);
 	} else if env::var("FRIDA_CODE").is_ok() {
 		println!("cargo:warning=Using code from environment variable: FRIDA_CODE");
 	} else {
-		println!("cargo:error=Please set FRIDA_CODE or FRIDA_CODE_FILE environment variable");
+		println!("Please set FRIDA_CODE or FRIDA_CODE_FILE environment variable");
 		std::process::exit(1);
 	}
+
+	if let Ok(lib_path) = env::var("LIB_PROXY") {
+		// let mut exports = Vec::new();
+		// let mut dllsystem: &str;
+
+		// let mut pragma: Vec<String> = Vec::new();
+
+		use goblin::Object::{self, Elf, PE, Mach, Archive, Unknown};
+		// use goblin::mach::{MultiArch, MachO};
+
+		// #[cfg(windows)]
+		// use pelite::{FileMap, PeFile, Wrap};
+
+		// #[cfg(windows)]
+		// match PeFile::from_bytes(&file_map) {
+		// 	Ok(Wrap::T32(file)) => {
+		// 		exports = dump_export32(file);
+		// 		dllsystem = "x86";
+		// 	}
+		// 	Ok(Wrap::T64(file)) => {
+		// 		exports = dump_export64(file);
+		// 		dllsystem = "amd64";
+		// 	}
+		// 	Err(err) => {
+		// 		println!("Error: {}", err);
+		// 		std::process::exit(1);
+		// 	}
+		// }
+
+		let path = std::path::Path::new(&lib_path);
+		let lib_name = path.file_name().unwrap().to_str().unwrap();
+
+		let lib_bytes = std::fs::read(path).expect(format!("Failed to open given library file {}", &lib_name).as_str());
+		let object = Object::parse(&lib_bytes).expect(format!("Failed to parse given libary file {}", &lib_name).as_str());
+
+		let exports: Vec<&str> = match object {
+			// Elf(o) => { o.dynsyms.iter().map(|e| e.st_name.clone()).collect() },
+			PE(o) => { o.exports.iter().map(|e| e.name.unwrap().clone()).collect() },
+			Mach(_o) => { println!("Mach binaries are not supported yet"); std::process::exit(1); },
+			Archive(_o) => { println!("Archive files are not supported"); std::process::exit(1); },
+			_ => { println!("Unknown file format"); std::process::exit(1); },
+		};
+
+		for e in exports.iter() {
+			println!("cargo:warning=Exported function: {}", e);
+			println!("cargo:rustc-link-lib=dylib=orig.{}", lib_name);
+			println!("cargo:rustc-link-arg=/EXPORT:{}=orig.{}.{}", e, lib_name, e);
+		}
+	}
 }
diff --git a/src/injector.rs b/src/injector.rs
index b39049b..ff12171 100644
--- a/src/injector.rs
+++ b/src/injector.rs
@@ -42,7 +42,7 @@ pub fn inject(pid: u32) {
 
 #[no_mangle]
 pub fn inject_self() {
-	println!("[*] Attaching to self self");
+	println!("[*] Attaching to self (pid 0)");
 	inject(0);
 }