[question] srdi 如何读取userdata和length？

参考源码：

```
    // mov r8, user_data
    bootstrap.extend_from_slice(b"\x49\x81\xc0");
    let user_data_location = dll_offset + dll_bytes.len();
    bootstrap.extend_from_slice(&pack(user_data_location as u32));
    // mov r9, user_data_len
    bootstrap.extend_from_slice(b"\x41\xb9");
    bootstrap.extend_from_slice(&pack(user_data.len() as u32));
```

按照 x64 调用约定以及原项目中函数签名：

https://github.com/monoxgas/sRDI/blob/master/TestDLL/dllmain.cpp

```
#pragma comment(linker,"/EXPORT:test=test")

extern "C" void test(LPVOID lpUserdata, DWORD nUserdataLen) {
	printf("str: %s len: %d\n", (char*)lpUserdata, nUserdataLen);
}
```

shellcode发生崩溃，经过测试无论是否读取参数，只要传递了userdata-path，shellcode会立即崩溃。

针对两种不同类型的崩溃截图

此时DLL中导出函数为：

```
#pragma comment(linker,"/EXPORT:test=test")

extern "C" void test() {

}
```

测试结果如下，通过x64dbg主动分配内存调整RIP：

malefic：

```
./malefic-mutant-x86_64-pc-windows-gnu.exe tool srdi -i "DLL.dll" --function-name test --userdata-path "data.txt" -o bin
```

<img width="2177" height="1126" alt="Image" src="https://github.com/user-attachments/assets/b53d4095-acf7-442e-91c7-a7257d341628" />

link:

```
./malefic-mutant-x86_64-pc-windows-gnu.exe tool srdi -i "DLL.dll" --function-name test --userdata-path "data.txt" -o bin -t link
```

<img width="1930" height="1127" alt="Image" src="https://github.com/user-attachments/assets/15fe5d91-b29d-41d5-bdc3-8188558e9a35" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[question] srdi 如何读取userdata和length？ #22

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

[question] srdi 如何读取userdata和length？ #22

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions