Refactor railgun "DLL" references to library

Author: zeroSteiner

lib/msf/core/post/windows/railgun.rb

@@ -7,10 +7,10 @@ module Windows
 module Railgun
 
   # Go through each dll and add a corresponding convenience method of the same name
-  Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::Railgun::BUILTIN_DLLS['windows'].each do |api|
+  Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::Railgun::BUILTIN_LIBRARIES['windows'].each do |api|
     # We will be interpolating within an eval. We exercise due paranoia.
     unless api.to_s =~ /^\w+$/
-      print_error 'Something is seriously wrong with Railgun.BUILTIN_DLLS list'
+      print_error 'Something is seriously wrong with Railgun.BUILTIN_LIBRARIES list'
       next
     end
 

lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb

@@ -69,7 +69,7 @@ class Railgun
   # class name:   Def_my_dll
   # entry below: 'my_dll'
   #
-  BUILTIN_DLLS = {
+  BUILTIN_LIBRARIES = {
     'linux' => [
       'libc'
     ].freeze,
@@ -95,33 +95,34 @@ class Railgun
   }.freeze
 
   ##
-  # Returns a Hash containing DLLs added to this instance with #add_dll
-  # as well as references to any frozen cached dlls added directly in #get_dll
-  # and copies of any frozen dlls (added directly with #add_function)
-  # that the user attempted to modify with #add_function.
+  # Returns a Hash containing DLLs added to this instance with #add_library as
+  # well as references to any frozen cached libraries added directly in
+  # #get_library and copies of any frozen libraries (added directly with
+  # #add_function) that the user attempted to modify with #add_function.
   #
-  # Keys are friendly DLL names and values are the corresponding DLL instance
-  attr_accessor :dlls
+  # Keys are friendly library names and values are the corresponding library instance
+  attr_accessor :libraries
 
   ##
   # Contains a reference to the client that corresponds to this instance of railgun
   attr_accessor :client
 
   ##
-  # These DLLs are loaded lazily and then shared amongst all railgun instances.
-  # For safety reasons this variable should only be read/written within #get_dll.
-  @@cached_dlls = {}
+  # These libraries are loaded lazily and then shared amongst all railgun
+  # instances. For safety reasons this variable should only be read/written
+  # within #get_library.
+  @@cached_libraries = {}
 
-  # if you are going to touch @@cached_dlls, wear protection
+  # if you are going to touch @@cached_libraries, wear protection
   @@cache_semaphore = Mutex.new
 
   def initialize(client)
     self.client = client
-    self.dlls = {}
+    self.libraries = {}
   end
 
-  def self.builtin_dlls
-    BUILTIN_DLLS[client.platform]
+  def self.builtin_libraries
+    BUILTIN_LIBRARIES[client.platform]
   end
 
   #
@@ -196,106 +197,109 @@ def memwrite(address, data, length=nil)
   end
 
   #
-  # Adds a function to an existing DLL definition.
+  # Adds a function to an existing library definition.
   #
-  # If the DLL definition is frozen (ideally this should be the case for all
-  # cached dlls) an unfrozen copy is created and used henceforth for this
+  # If the library definition is frozen (ideally this should be the case for all
+  # cached libraries) an unfrozen copy is created and used henceforth for this
   # instance.
   #
-  def add_function(dll_name, function_name, return_type, params, remote_name=nil, calling_conv="stdcall")
-
-    unless known_dll_names.include?(dll_name)
-      raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(known_dll_names, "")}"
+  def add_function(lib_name, function_name, return_type, params, remote_name=nil, calling_conv='stdcall')
+    unless known_library_names.include?(lib_name)
+      raise "Library #{lib_name} not found. Known libraries: #{PP.pp(known_library_names, '')}"
     end
 
-    dll = get_dll(dll_name)
+    lib = get_library(lib_name)
 
-    # For backwards compatibility, we ensure the dll is thawed
-    if dll.frozen?
-      # Duplicate not only the dll, but its functions as well. Frozen status will be lost
-      dll = Marshal.load(Marshal.dump(dll))
+    # For backwards compatibility, we ensure the library is thawed
+    if lib.frozen?
+      # Duplicate not only the library, but its functions as well, frozen status will be lost
+      lib = Marshal.load(Marshal.dump(lib))
 
-      # Update local dlls with the modifiable duplicate
-      dlls[dll_name] = dll
+      # Update local libraries with the modifiable duplicate
+      libraries[lib_name] = lib
     end
 
-    dll.add_function(function_name, return_type, params, remote_name, calling_conv)
+    lib.add_function(function_name, return_type, params, remote_name, calling_conv)
   end
 
   #
-  # Adds a DLL to this Railgun.
+  # Adds a library to this Railgun.
   #
   # The +remote_name+ is the name used on the remote system and should be
-  # set appropriately if you want to include a path or the DLL name contains
+  # set appropriately if you want to include a path or the library name contains
   # non-ruby-approved characters.
   #
-  # Raises an exception if a dll with the given name has already been
+  # Raises an exception if a library with the given name has already been
   # defined.
   #
-  def add_dll(dll_name, remote_name=dll_name)
-
-    if dlls.has_key? dll_name
-      raise "A DLL of name #{dll_name} has already been loaded."
+  def add_library(lib_name, remote_name=lib_name)
+    if libraries.has_key? lib_name
+      raise "A library of name #{lib_name} has already been loaded."
     end
 
-    dlls[dll_name] = DLL.new(remote_name, constant_manager)
+    libraries[lib_name] = DLL.new(remote_name, constant_manager)
   end
+  alias_method :add_dll, :add_library
 
-
-  def known_dll_names
-    return BUILTIN_DLLS[client.platform] | dlls.keys
+  def known_library_names
+    return BUILTIN_LIBRARIES[client.platform] | libraries.keys
   end
 
   #
-  # Attempts to provide a DLL instance of the given name. Handles lazy
-  # loading and caching.  Note that if a DLL of the given name does not
-  # exist, returns nil
+  # Attempts to provide a library instance of the given name. Handles lazy
+  # loading and caching. Note that if a library of the given name does not exist
+  # then nil is returned.
   #
-  def get_dll(dll_name)
-    # If the DLL is not local, we now either load it from cache or load it lazily.
-    # In either case, a reference to the dll is stored in the collection "dlls"
-    # If the DLL can not be found/created, no actions are taken
-    unless dlls.has_key? dll_name
-      # We read and write to @@cached_dlls and rely on state consistency
+  def get_library(lib_name)
+    # If the library is not local, we now either load it from cache or load it
+    # lazily. In either case, a reference to the library is stored in the
+    # collection "libraries". If the library can not be found/created, no
+    # actions are taken.
+    unless libraries.has_key? lib_name
+      # use a platform-specific name for caching to avoid conflicts with
+      # libraries that exist on multiple platforms, e.g. libc.
+      cached_lib_name = "#{client.platform}.#{lib_name}"
+      # We read and write to @@cached_libraries and rely on state consistency
       @@cache_semaphore.synchronize do
-        if @@cached_dlls.has_key? dll_name
-          dlls[dll_name] = @@cached_dlls[dll_name]
-        elsif BUILTIN_DLLS[client.platform].include? dll_name
+        if @@cached_libraries.has_key? cached_lib_name
+          libraries[lib_name] = @@cached_libraries[cached_lib_name]
+        elsif BUILTIN_LIBRARIES[client.platform].include? lib_name
           # I highly doubt this case will ever occur, but I am paranoid
-          if dll_name !~ /^\w+$/
-            raise "DLL name #{dll_name} is bad. Correct Railgun::BUILTIN_DLLS"
+          if lib_name !~ /^\w+$/
+            raise "Library name #{lib_name} is bad. Correct Railgun::BUILTIN_LIBRARIES['#{client.platform}']"
           end
 
-          require "rex/post/meterpreter/extensions/stdapi/railgun/def/#{client.platform}/def_#{dll_name}"
-          dll = Def.const_get("Def_#{client.platform}_#{dll_name}").create_dll(constant_manager).freeze
+          require "rex/post/meterpreter/extensions/stdapi/railgun/def/#{client.platform}/def_#{lib_name}"
+          lib = Def.const_get("Def_#{client.platform}_#{lib_name}").create_dll(constant_manager).freeze
 
-          @@cached_dlls[dll_name] = dll
-          dlls[dll_name] = dll
+          @@cached_libraries[cached_lib_name] = lib
+          libraries[lib_name] = lib
         end
       end
 
     end
 
-    return dlls[dll_name]
+    return libraries[lib_name]
   end
+  alias_method :get_dll, :get_library
 
   #
   # Fake having members like user32 and kernel32.
   # reason is that
   #   ...user32.MessageBoxW()
   # is prettier than
-  #   ...dlls["user32"].functions["MessageBoxW"]()
+  #   ...libraries["user32"].functions["MessageBoxW"]()
   #
-  def method_missing(dll_symbol, *args)
-    dll_name = dll_symbol.to_s
+  def method_missing(lib_symbol, *args)
+    lib_name = lib_symbol.to_s
 
-    unless known_dll_names.include? dll_name
-      raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(known_dll_names, '')}"
+    unless known_library_names.include? lib_name
+      raise "Library #{lib_name} not found. Known libraries: #{PP.pp(known_library_names, '')}"
     end
 
-    dll = get_dll(dll_name)
+    lib = get_library(lib_name)
 
-    return DLLWrapper.new(dll, client)
+    return DLLWrapper.new(lib, client)
   end
 
   #

modules/post/linux/gather/gnome_keyring_dump.rb

@@ -74,8 +74,8 @@ def struct_gnomekeyringnetworkpassworddata
   end
 
   def init_railgun_defs
-    unless session.railgun.dlls.has_key?('libgnome_keyring')
-      session.railgun.add_dll('libgnome_keyring', 'libgnome-keyring.so.0')
+    unless session.railgun.libraries.has_key?('libgnome_keyring')
+      session.railgun.add_library('libgnome_keyring', 'libgnome-keyring.so.0')
     end
     session.railgun.add_function(
       'libgnome_keyring',

modules/post/windows/manage/download_exec.rb

@@ -42,7 +42,7 @@ def initialize(info={})
 
   def add_railgun_urlmon
 
-    if client.railgun.dlls.find_all {|d| d.first == 'urlmon'}.empty?
+    if client.railgun.libraries.find_all {|d| d.first == 'urlmon'}.empty?
       session.railgun.add_dll('urlmon','urlmon')
       session.railgun.add_function(
         'urlmon', 'URLDownloadToFileW', 'DWORD',