1.4
版本发布时间: 2021-06-20 22:35:08
antonioCoco/ConPtyShell最新发布版本:1.5(2022-03-18 07:01:09)
Added
- The "upgrade" function now supports hijacking of a socket even in processes having multiple \Device\Afd objects (so multiple sockets associated). This fixes bugs when you use Invoke-WebRequest with powershell. ConPtyShell will be able to select the proper socket. It uses the function WSAIoctl(), with the control code SIO_TCP_INFO, and it checks the socket state
- Added a check in the "upgrade" function in order to detect (and skip) the Non-OVERLAPPED sockets that are not compatible with the ConPty console I/O management. It uses the function NtDeviceIoControlFile() with the Ioctl IOCTL_AFD_GET_CONTEXT to retrieve a SOCKET_CONTEXT object which contains (in the SharedData) the CreationFlags and it checks the WSA_FLAG_OVERLAPPED bit is set
Changes
- Changed the "upgrade" logic of the function GetSocketTargetProcess() in order to support the retrieve of all sockets from the target process. Now named GetSocketsTargetProcess()
- Changed the socket hijacking logic in the "upgrade" function. It now tries to hijack the sockets of the processes based on 3 levels of hierarchy in the following order: 1. current process -> 2. parent process -> 3. grandparent process.
Bugfixes
- Fixed a bug for zsh users
- Fixed a bug in the "upgrade" for the type index of the object types "File". Changing from static value 0x25 to dynamically retrieve the value on the runnig system with the call NtQuerySystemInformation and infoclass ObjectAllTypesInformation. Thanks to @tiraniddo and @0xrepnz for the advices and implementation
- Fixed a bug in the "upgrade" when converting an IntPtr to SYSTEM_HANDLE_TABLE_ENTRY_INFO object that made the program crash. Now managed with try-catch block
- Fixed a bug in the "upgrade" while checking socket inheritance between child -> parent -> grandparent processes. Now the sockets are correctly duplicated
- Fixed a memory leak in the "upgrade" in ThreadCheckDeadlock() function
- Fixed a bug in the "upgrade" while reordering multiple sockets. Now using bytes received as key for sorting instead of handle numbers. This fixed bugs in which ConPtyShell hijacked the wrong socket used by powershell when invoking Invoke-WebRequest.
1、 ConPtyShell.zip 27.6KB