-
Notifications
You must be signed in to change notification settings - Fork 9
TODO
Entries here are not ordered.
PEDoll will keep its "Indev" state until all entries in this part are finished.
- Wiki: Add description on "ALL APPLICATION PACKAGES" on the FAQ page
- Install EP hook on the first TLS callback, if any
- TLS callbacks are run before the entry point
- Need to manually parse PE structure (?)
- Proper error handling packets for Monitor and (especially) libDoll
- FIXMEs in all the projects
- On rewriting
PEDollController.Threads.EvalEngine.EvalString:- See https://stackoverflow.com/a/20106050 for What should be done
- http://alter.org.ua/docs/win/args/
- https://docs.microsoft.com/zh-cn/windows/win32/api/shellapi/nf-shellapi-commandlinetoargvw
- My implementation will not conform to MS standard:
- Allow parens to group argument pieces ("123 {456 789}" => {"123", "{456 789}"}, instead of {"123", "{456", "789}"})
- ALL backslashes in strings are processed, not just
/[\\]*['"]/s
- On eliminating
TerminateThread():- Use async receive function (
select()or sth) -
SwitchToThread()if no packet is received
- Use async receive function (
- On rewriting
These changes can be done a lot easier if we have an actual script engine - see "Under consideration" entries below
- Make 'hook action' a generic concept (remove --echo/--ctx/--dump and make them expression functions; whole "hook action" is a expression/function)
- Fix miserable user experince in expressions
- pre-defined constant dictionary (e.g. (HKEY)0x80000002 -> HKEY_LOCAL_MACHINE)
- custom data processing functions (e.g. parseSockAddr() instead of a super long expression)
- A sane way to introduce arguments for scripts
- Pass to
Main()as astring-objectorstring-stringdictionary, or simplystring[] args
- Pass to
- Finish API scripts for (at least) APIs listed in legacyDocuments/apis.txt
- Depends on above two entries
- All the necessary pages on this wiki
- "Legacy documents"
- Switch EvalEngine compiler from CSharpCodeProvider to JScriptCodeProvider or Roslyn?
- Switch to JScript/Javascript also allows some sort of pre-compilcation - pass expr as argument and call eval() in script code instead of pasting expr into the source file
- And simpler custom function: like a context dictionary but with type JScriptObject<String, Function> (Function returned by eval()ing the function)
- HOWEVER, ES6 features need to be supported by the engine (for arrow functions), and JScript.NET only implements ES4
-- or --
-
Make EvalEngine a actual script engine? (for custom functions, predefined constants' dictionary, waitForClient()/waitForHook() with callbacks, etc)
- Replace EvalEngine with CS-Script
-
A peacefl way to disconnect a client (
Puppet::PACKET_BYE)? -
'end --persist' via
FreeLibraryAndExitThread()? -
A readonly value / command for module bases?
-
hook +0x1234 .../hook module+0x1234 ...?
-
-
A method for unserializing memory?
- Similar to
structmodule in Python, orString.Format()in reverse
- Similar to
-
Make Monitor & libDoll support Windows XP?
-
inet_pton, and?
-
-
Error reporting for
loaddll? (will req. a design change) -
Skip "after" phase if "before" phase is rejected?
-
Make "terminate" verdict result in a not modified execution breakpoint?
- Is this even possible?
-
Save EFLAGS/RFLAGS along with GP registers? (pushfd/popfd/pushfq/popfq)- And FP/XMM registers? (
fxsave/fxrstor) -
setjmp()'sjmp_bufis a good guide - Or just freeze the thread entirely (
GetThreadContext()contains all the things)
- And FP/XMM registers? (
-
More ways to create a Doll client?
- Original PeDoll supports like 5 or 6 methods
- https://bbs.pediy.com/thread-251412.htm
- WILL need a remake on anything about Puppet Protocol CMD_DOLL packet
-
Write support to hook context?
- Essentially made PEDoll a "debugger"
-
Should we conform to MS' DLL Best Practices?
- Currently the only operation that is risky is
beginthread()(according to https://stackoverflow.com/a/30325005)
- Currently the only operation that is risky is