More NotImplementedError for ARM64

Author: hakril

windows/injection.py

@@ -184,6 +184,8 @@ def perform_manual_getproc_loadlib(target, *args, **kwargs):
 
 
 def load_dll_in_remote_process(target, dll_path):
+    if target.architecture == gdef.IMAGE_FILE_MACHINE_ARM64:
+        raise NotImplementedError("Injection in ARM64 target process is not implemented")
     rpeb = target.peb
     if rpeb.Ldr:
         # LDR est parcourable, ca va etre deja plus simple..
@@ -372,6 +374,8 @@ def generate_python_exec_shellcode_64(target, PyDll):
 
 def inject_python_command(target, code_injected, PYDLL):
     """Postulate: PYDLL is already loaded in target process"""
+    if target.architecture == gdef.IMAGE_FILE_MACHINE_ARM64:
+        raise NotImplementedError("Injection in ARM64 target process is not implemented")
     PYCODE = code_injected + "\x00"
     # TODO: free this (how ? when ?)
     remote_python_code_addr = target.virtual_alloc(len(PYCODE))

windows/winobject/process.py

@@ -1168,11 +1168,16 @@ def create_thread(self, addr, param):
 
             :rtype: :class:`WinThread` or :class:`DeadThread`
 		"""
+        # We are using NtCreateThreadEx as  its more permissive about cross-bitness / cross-architecture
+        # And we can asume we known what we are doing -> So no safeguard ;)
+        thread_handle = HANDLE()
         if windows.current_process.bitness == 32 and self.bitness == 64:
-            thread_handle = HANDLE()
+            if self._is_x86_on_arm64():
+                raise NotImplementedError("Crossing heaven gate x86 -> arm64 not implemented")
             windows.syswow64.NtCreateThreadEx_32_to_64(ThreadHandle=byref(thread_handle) ,ProcessHandle=self.handle, lpStartAddress=addr, lpParameter=param)
-            return WinThread._from_handle(thread_handle.value)
-        return WinThread._from_handle(winproxy.CreateRemoteThread(hProcess=self.handle, lpStartAddress=addr, lpParameter=param))
+        else:
+            windows.winproxy.NtCreateThreadEx(ThreadHandle=byref(thread_handle) ,ProcessHandle=self.handle, lpStartAddress=addr, lpParameter=param)
+        return WinThread._from_handle(thread_handle.value)
 
     def load_library(self, dll_path):
         """Load the library in remote process

windows/winproxy/apis/ntdll.py

@@ -148,7 +148,7 @@ def NtCreateProcessEx(ProcessHandle, DesiredAccess, ObjectAttributes=None, Paren
     return NtCreateProcessEx.ctypes_function(ProcessHandle, DesiredAccess, ObjectAttributes, ParentProcess, Flags, SectionHandle, DebugPort, ExceptionPort, InJob)
 
 @NtdllProxy()
-def NtCreateThreadEx(ThreadHandle=None, DesiredAccess=0x1fffff, ObjectAttributes=0, ProcessHandle=NeededParameter, lpStartAddress=NeededParameter, lpParameter=NeededParameter, CreateSuspended=0, dwStackSize=0, Unknown1=0, Unknown2=0, Unknown=0):
+def NtCreateThreadEx(ThreadHandle=None, DesiredAccess=0x1fffff, ObjectAttributes=0, ProcessHandle=NeededParameter, lpStartAddress=NeededParameter, lpParameter=NeededParameter, CreateSuspended=0, dwStackSize=0, Unknown1=0, Unknown2=0, Unknown3=0):
     if ThreadHandle is None:
         ThreadHandle = ctypes.byref(gdef.HANDLE())
     return NtCreateThreadEx.ctypes_function(ThreadHandle, DesiredAccess, ObjectAttributes, ProcessHandle, lpStartAddress, lpParameter, CreateSuspended, dwStackSize, Unknown1, Unknown2, Unknown3)