Merge pull request #2 from qtc-de/dev

qtc-de · web-flow · commit 97b97102fd27 · 2024-07-17T15:57:32.000+02:00
Prepare v1.1.0 Release
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## v1.1.0 - July 17, 2024
+
+### Added
+
+* Add offset property to `RpcMethod`
+* Add offset property to `SecurityCallback`
+
+### Changed
+
+* Fix type errors caused by newer v versions
+* Fix incorrect attr syntax in newer v versions
+* Fix incorrect address of security callbacks
+* Rename `base` property of `RpcMethod` to `addr`
+* Rename `base` property of `SecurityCallback` to `addr`
+
+
 ## v1.0.1 - Sep 24, 2023
 
 ### Changed
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 [![](https://github.com/qtc-de/rpv/actions/workflows/build-examples.yml/badge.svg?branch=main)](https://github.com/qtc-de/rpv/actions/workflows/build-examples.yml)
 [![](https://github.com/qtc-de/rpv/actions/workflows/build-examples.yml/badge.svg?branch=dev)](https://github.com/qtc-de/rpv/actions/workflows/build-examples.yml)
-[![](https://img.shields.io/badge/version-1.0.1-blue)](https://github.com/qtc-de/rpv/releases)
+[![](https://img.shields.io/badge/version-1.1.0-blue)](https://github.com/qtc-de/rpv/releases)
 [![](https://img.shields.io/badge/programming%20language-v-blue)](https://vlang.io/)
 [![](https://img.shields.io/badge/license-GPL%20v3.0-blue)](https://github.com/qtc-de/rpv/blob/master/LICENSE)
 [![](https://img.shields.io/badge/docs-fa6b05)](https://qtc-de.github.io/rpv)
@@ -29,7 +29,7 @@ Assuming that *v* [is installed](https://github.com/vlang/v#installing-v-from-so
 installing *rpv* can be done using the following command:
 
 ```console
-[user@host ~]$ v install qtc_de.rpv
+[user@host ~]$ v install qtc-de.rpv
 ```
 
 After installation, *rpv* can be used to analyze *RPC* servers and
diff --git a/alternate/default-x64.v b/alternate/default-x64.v
@@ -82,7 +82,7 @@ pub const compatible_rpc_versions = [
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcInterface {
 pub:
 	p_rpc_server                  &RpcServer = unsafe { nil }
@@ -123,7 +123,7 @@ pub:
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcServer {
 pub:
 	mutex                   Mutex
@@ -167,7 +167,7 @@ pub:
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcAddress {
 pub:
 	vtable       voidptr
diff --git a/alternate/default-x86.v b/alternate/default-x86.v
@@ -82,7 +82,7 @@ pub const compatible_rpc_versions = [
 // of v, the '[if x86]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x86]
+@[if x86]
 pub struct RpcInterface {
 pub:
 	p_rpc_server                  &RpcServer = unsafe { nil }
@@ -119,7 +119,7 @@ pub:
 // of v, the '[if x86]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x86]
+@[if x86]
 pub struct RpcServer {
 pub:
 	mutex                   Mutex
@@ -158,7 +158,7 @@ pub:
 // of v, the '[if x86]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x86]
+@[if x86]
 pub struct RpcAddress {
 pub:
 	vtable       voidptr
diff --git a/examples/details.v b/examples/details.v
@@ -54,14 +54,15 @@ fn main()
 
 				println('[+] Security Callback:')
 
-				if intf.sec_callback.base != 0
+				if intf.sec_callback.addr != 0
 				{
 					println('[+]\t Registred   : True')
-					println('[+]\t Base Address: 0x${intf.sec_callback.base}')
+					println('[+]\t Address     : 0x${intf.sec_callback.addr}')
+					println('[+]\t Offset      : 0x${intf.sec_callback.offset.hex()}')
 
 					if intf.sec_callback.location.path != ''
 					{
-						println('[+]\t Location    : 0x${intf.sec_callback.location.path}')
+						println('[+]\t Location    : ${intf.sec_callback.location.path}')
 					}
 				}
 
@@ -74,7 +75,7 @@ fn main()
 
 				for method in intf.methods
 				{
-					println('[+]\t ${method.name} (base: 0x${method.base})')
+					println('[+]\t ${method.name} (addr: 0x${method.addr}, offset: 0x${method.offset.hex()})')
 				}
 
 				return
diff --git a/examples/list.v b/examples/list.v
@@ -25,12 +25,14 @@ fn main()
 		println('[+] Path        : ${info.path}')
 
 		println('[+] RPC Endpoints:')
+
 		for endpoint in info.rpc_info.server_info.endpoints
 		{
 			println('[+]\t ${endpoint.protocol} - ${endpoint.name}')
 		}
 
 		println('[+] RPC Interfaces:')
+
 		for intf in info.rpc_info.interface_infos
 		{
 			if intf.methods.len > 0
diff --git a/internals/rpc-common.v b/internals/rpc-common.v
@@ -86,7 +86,7 @@ pub:
 
 // C.RPC_IF_ID represents an ID of an RPC interface. This is basically an GUID
 // but also contains a major and minor version.
-[typedef]
+@[typedef]
 pub struct C.RPC_IF_ID {
 	Uuid      C.GUID
 	VersMajor u16
@@ -103,7 +103,7 @@ pub fn (this C.RPC_IF_ID) equals(other C.RPC_IF_ID) bool
 // C.RPC_DISPATCH_TABLE contains information on the defined RPC methods of an
 // RPC interface. rpv uses it to determine the method count, that can be obtained
 // from the DispatchTableCount property.
-[typedef]
+@[typedef]
 pub struct C.RPC_DISPATCH_TABLE {
 	DispatchTableCount u32
 	DispatchTable      voidptr
@@ -116,7 +116,7 @@ pub struct C.RPC_DISPATCH_TABLE {
 // formatting of these methods. This is used in conjunction with the FmtStringOffset
 // property, which contains the offset of the different methods within the ProcString,
 // to decompile RPC methods.
-[typedef]
+@[typedef]
 pub struct C.MIDL_SERVER_INFO {
 	pStubDesc       &C.MIDL_STUB_DESC = unsafe { nil }
 	DispatchTable   &voidptr     = unsafe { nil }
@@ -133,7 +133,7 @@ pub struct C.MIDL_SERVER_INFO {
 // by the RPC methods of the corresponding interface. rpv uses this information to decompile
 // RPC methods. Moreover, Reserved5 is required for parsing NDR expressions. Actually the
 // member is named pExprInfo by Microsoft, but within the mingw libraries it is Reserved5.
-[typedef]
+@[typedef]
 pub struct C.MIDL_STUB_DESC {
 	RpcInterfaceInformation     voidptr = unsafe { nil }
 	pfnAllocate                 voidptr = unsafe { nil }
@@ -151,13 +151,13 @@ pub struct C.MIDL_STUB_DESC {
 	MIDLVersion       u32
 	CommFaultOffsets  &C.COMM_FAULT_OFFSETS = unsafe { nil }
 	// New fields for version 3.0+
-	aUserMarshalQuadruple &C.USER_MARSHAL_ROUTINE_QUADRUPLE = unsafe { nil }
+	aUserMarshalQuadruple voidptr = unsafe { nil }
 	// Notify routines - added for NT5, MIDL 5.0
-	NotifyRoutineTable &C.NDR_NOTIFY_ROUTINE = unsafe { nil }
+	NotifyRoutineTable voidptr = unsafe { nil }
 	// Reserved for future use.
 	mFlags &u32 = unsafe { nil }
 	// International support routines - added for 64bit post NT5
-	CsRoutineTables &C.NDR_CS_ROUTINES = unsafe { nil }
+	CsRoutineTables voidptr = unsafe { nil }
 	Reserved4       voidptr = unsafe { nil }
 	Reserved5       voidptr = unsafe { nil } // mIDA: expr_table - RpcView: pExprInfo
 	// Fields up to now present in win2000 release.
@@ -173,7 +173,7 @@ pub struct NDR_EXPR_DESC {
 
 // C.MIDL_SYNTAX_INFO is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.MIDL_SYNTAX_INFO {
 	TransferSyntax        C.RPC_SYNTAX_IDENTIFIER
 	DispatchTable         &C.RPC_DISPATCH_TABLE
@@ -186,47 +186,47 @@ pub struct C.MIDL_SYNTAX_INFO {
 
 // C.MIDL_INTERFACE_METHOD_PROPERTIES is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.MIDL_INTERFACE_METHOD_PROPERTIES {
 	MethodCount      u16
 	MethodProperties &C.MIDL_METHOD_PROPERTY_MAP
 }
 
 // C.MIDL_METHOD_PROPERTY_MAP is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.MIDL_METHOD_PROPERTY_MAP {
 	count      u32
 	Properties &C.MIDL_METHOD_PROPERTY
 }
 
 // C.MIDL_METHOD_PROPERTY is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.MIDL_METHOD_PROPERTY {
 	Id    u32
 	value usize
 }
 
 // C.UUID_VECTOR is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.UUID_VECTOR {
 	Count u32
 	Uuid  [1]&C.GUID
 }
 
 // C.RPC_SYNTAX_IDENTIFIER is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.RPC_SYNTAX_IDENTIFIER {
 	SyntaxGUID    C.GUID
 	SyntaxVersion C.RPC_VERSION
 }
 
 // C.RPC_VERSION is a struct that is used within internal RPC struct definitions.
 // It is currently not used by rpv.
-[typedef]
+@[typedef]
 pub struct C.RPC_VERSION {
 	MajorVersion u16
 	MinorVersion u16
diff --git a/internals/rpc-internal-structs.v b/internals/rpc-internal-structs.v
@@ -82,7 +82,7 @@ pub const compatible_rpc_versions = [
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcInterface {
 pub:
 	p_rpc_server                  &RpcServer = unsafe { nil }
@@ -123,7 +123,7 @@ pub:
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcServer {
 pub:
 	mutex                   Mutex
@@ -167,7 +167,7 @@ pub:
 // of v, the '[if x64]' attribute is ignored for structs, but will be
 // available in future. Up to this point, we need to keep the x64 and x86
 // struct definitions in separate files.
-[if x64]
+@[if x64]
 pub struct RpcAddress {
 pub:
 	vtable       voidptr
diff --git a/ndr/context.v b/ndr/context.v
@@ -17,6 +17,19 @@ pub struct NdrContext {
 	type_cache &TypeCache
 }
 
+// newNdrContext creates a new NdrContext. The main reason why we have a constructor
+// here is to leave the struct fields access modifiers untouched. In newer v releases,
+// initializing private struct fields seems only possible using a constructor.
+pub fn NdrContext.new(handle win.HANDLE, stub_desc C.MIDL_STUB_DESC, flags NdrInterpreterOptFlags2, mut cache &TypeCache) NdrContext
+{
+	return NdrContext {
+		process_handle: handle
+		stub_desc: stub_desc
+		flags: flags
+		type_cache: cache
+	}
+}
+
 // read attempts to read the type <T> from process memory at the specified
 // address. If successfully, a newly created <T> type is returned. How many
 // bytes to read is determined by the structure size of <T>. Notice that
diff --git a/ndr/flags.v b/ndr/flags.v
@@ -3,7 +3,7 @@ module ndr
 // NdrFlags contains additional information for NDR data.
 // Especially the has_return value is important for rpv,
 // as it indicates whether a method returns a value.
-[flag]
+@[flag]
 pub enum NdrFlags as u8
 {
 	server_must_size
@@ -19,7 +19,7 @@ pub enum NdrFlags as u8
 // NdrInterpreterOptFlags2 contains additional information
 // on how to interpret NDR data. rpv needs this struct to
 // determine how specific NDR types need to be parsed.
-[flag]
+@[flag]
 pub enum NdrInterpreterOptFlags2 as u8
 {
 	has_new_corr_desc
diff --git a/ndr/ndr_basic.v b/ndr/ndr_basic.v
@@ -283,6 +283,14 @@ pub struct NdrSimpleType {
 	NdrBaseType
 }
 
+// new creates a new instance of NdrSimpleType. A constructor for this type was
+// defined, because it is also initialized from other modules which are not able
+// to access the private format property.
+pub fn NdrSimpleType.new(format NdrFormatChar) NdrSimpleType
+{
+	return NdrSimpleType { format: format }
+}
+
 // format returns the string representation of NdrSimpleType. This is always the
 // same as the result of calling the format method on the underlying NdrBaseType.
 pub fn (simple_type NdrSimpleType) format() string
diff --git a/ndr/ndr_correlation.v b/ndr/ndr_correlation.v
@@ -28,7 +28,7 @@ pub enum NdrCorrelationType as u8
 // NdrCorrelationFlags provide additional information on a CorrelationDescriptor.
 // As far as I remember, only the range member of this enum is currently used and
 // implemented by rpv.
-[flag]
+@[flag]
 pub enum NdrCorrelationFlags as u8
 {
 	reserved
diff --git a/ndr/ndr_param.v b/ndr/ndr_param.v
@@ -8,7 +8,7 @@ module ndr
 // NdrHandleParam and to define a separate format method for both
 // types. However, this caused nondeterministic memory corruptions.
 // We may try this approach in future again.
-[flag]
+@[flag]
 pub enum NdrParamAttrs as u16
 {
 	must_size
@@ -103,7 +103,7 @@ pub fn (param NdrBasicParam) comments() []NdrComment
 // NdrHandleParamFlags contains a list of flags that can be
 // used in NdrHandleParam. These flags add more information
 // to the underlying handle.
-[flag]
+@[flag]
 pub enum NdrHandleParamFlags as u8
 {
 	ndr_context_handle_cannot_be_null
diff --git a/ndr/ndr_pointer.v b/ndr/ndr_pointer.v
@@ -6,7 +6,7 @@ import internals
 // NdrPointerFlags contains a list of flags that can be set for
 // NdrPointer types. These flags add additional information to
 // the pointer that can be used during parsing and formatting.
-[flag]
+@[flag]
 pub enum NdrPointerFlags as u8
 {
 	fc_allocate_all_nodes
@@ -29,6 +29,18 @@ pub struct NdrPointer {
 	flags NdrPointerFlags
 }
 
+// new creates a new instance of NdrPointer. A constructor for this type was
+// defined, because it is also initialized from other modules which are not able
+// to access the private format property.
+pub fn NdrPointer.new(format NdrFormatChar, ref NdrType, flags NdrPointerFlags) NdrPointer
+{
+	return NdrPointer {
+		format: format
+		ref: ref
+		flags: flags
+	}
+}
+
 // attrs returns an array of NdrAttr that is associated to the
 // NdrPointer type. This includes attributes that are associated
 // to the pointer itself, as well as attributes that are associated
diff --git a/ndr/type_cache.v b/ndr/type_cache.v
@@ -24,6 +24,7 @@ interface ComplexType {
 // decompilation, the types member contains all complex types that have
 // been encountered within an interface. This allows easy formatting of
 // decompilation results.
+@[heap]
 pub struct TypeCache {
 	mut:
 	type_map map[string]NdrType
diff --git a/src/midl.v b/src/midl.v
diff --git a/src/rpc.v b/src/rpc.v
diff --git a/utils/utils.v b/utils/utils.v
diff --git a/v.mod b/v.mod
diff --git a/win/interop.v b/win/interop.v
diff --git a/win/pdb.v b/win/pdb.v

Original file line number	Diff line number	Diff line change
`@@ -54,14 +54,15 @@ fn main()`
`54`	`54`
`55`	`55`	`println('[+] Security Callback:')`
`56`	`56`
`57`		`- if intf.sec_callback.base != 0`
	`57`	`+ if intf.sec_callback.addr != 0`
`58`	`58`	`{`
`59`	`59`	`println('[+]\t Registred : True')`
`60`		`- println('[+]\t Base Address: 0x${intf.sec_callback.base}')`
	`60`	`+ println('[+]\t Address : 0x${intf.sec_callback.addr}')`
	`61`	`+ println('[+]\t Offset : 0x${intf.sec_callback.offset.hex()}')`
`61`	`62`
`62`	`63`	`if intf.sec_callback.location.path != ''`
`63`	`64`	`{`
`64`		`- println('[+]\t Location : 0x${intf.sec_callback.location.path}')`
	`65`	`+ println('[+]\t Location : ${intf.sec_callback.location.path}')`
`65`	`66`	`}`
`66`	`67`	`}`
`67`	`68`
`@@ -74,7 +75,7 @@ fn main()`
`74`	`75`
`75`	`76`	`for method in intf.methods`
`76`	`77`	`{`
`77`		`- println('[+]\t ${method.name} (base: 0x${method.base})')`
	`78`	`+ println('[+]\t ${method.name} (addr: 0x${method.addr}, offset: 0x${method.offset.hex()})')`
`78`	`79`	`}`
`79`	`80`
`80`	`81`	`return`
Original file line number	Diff line number	Diff line change
`@@ -25,12 +25,14 @@ fn main()`
`25`	`25`	`println('[+] Path : ${info.path}')`
`26`	`26`
`27`	`27`	`println('[+] RPC Endpoints:')`
	`28`	`+`
`28`	`29`	`for endpoint in info.rpc_info.server_info.endpoints`
`29`	`30`	`{`
`30`	`31`	`println('[+]\t ${endpoint.protocol} - ${endpoint.name}')`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`println('[+] RPC Interfaces:')`
	`35`	`+`
`34`	`36`	`for intf in info.rpc_info.interface_infos`
`35`	`37`	`{`
`36`	`38`	`if intf.methods.len > 0`