-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathProgram.cs
More file actions
98 lines (77 loc) · 3.3 KB
/
Program.cs
File metadata and controls
98 lines (77 loc) · 3.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
using System.CommandLine;
using System.CommandLine.Parsing;
using System.IO;
namespace MsiAuthenticodeInject
{
internal class Program
{
private static void ValidateMsi(ArgumentResult symbolresult)
{
try
{
using (new MsiInjector(symbolresult.GetValueOrDefault<FileInfo>().FullName))
{
}
}
catch (Exception ex)
{
symbolresult.ErrorMessage = ex.Message;
}
}
private static Command BuildInjectCommand()
{
var command = new Command("inject", "Injects data after the certificate");
var targetArgument = new Argument<FileInfo>("MSI to inject");
command.AddArgument(targetArgument);
targetArgument.AddValidator(ValidateMsi);
var payloadArgument = new Argument<FileInfo>("payload to inject");
command.AddArgument(payloadArgument);
command.SetHandler((target, payload) =>
{
using MsiInjector injector = new MsiInjector(target.FullName);
injector.SetInjection(File.ReadAllBytes(payload.FullName));
}, targetArgument, payloadArgument);
return command;
}
private static Command BuildVerifyCommand()
{
var command = new Command("verify", "Verifies if data lies after certificate");
var pathArgument = new Argument<FileInfo>("MSI to verify");
command.AddArgument(pathArgument);
pathArgument.AddValidator(ValidateMsi);
command.SetHandler(path =>
{
using var injector = new MsiInjector(path.FullName);
var injection = injector.GetInjection();
Console.WriteLine(injection.Length == 0
? "No data found after certificate"
: $"Found {injection.Length} bytes of data after certificate");
}, pathArgument);
return command;
}
private static Command BuildExtractCommand()
{
var command = new Command("extract", "Extracts data after certificate");
var targetArgument = new Argument<FileInfo>("MSI to extract");
command.AddArgument(targetArgument);
targetArgument.AddValidator(ValidateMsi);
var destinationArgument = new Argument<FileInfo>("file to extract to");
command.AddArgument(destinationArgument);
command.SetHandler((target, destination) =>
{
using var injector = new MsiInjector(target.FullName);
var injection = injector.GetInjection();
File.WriteAllBytes(destination.FullName, injection);
}, targetArgument, destinationArgument);
return command;
}
public static int Main(string[] args)
{
var rootCommand = new RootCommand("MSI Certificate Padding Injection Tool");
rootCommand.AddCommand(BuildInjectCommand());
rootCommand.AddCommand(BuildExtractCommand());
rootCommand.AddCommand(BuildVerifyCommand());
return rootCommand.Invoke(args);
}
}
}