From f44903cb53b1d4764437a76b240ba4f7c4dbe001 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:18:01 -0700 Subject: [PATCH 1/6] connect-tcp-socket: add ConnectEx via WSAID_CONNECTEX --- communication/socket/tcp/connect-tcp-socket.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index 9994acecb..1479423b3 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -15,3 +15,15 @@ rule: - api: ws2_32.connect - api: ws2_32.WSAConnect - api: ConnectEx + - and: + - api: WSAIoctl + - basic block: + # candidate for GUID: WSAID_CONNECTEX/25a207b9-ddf3-4660-8ee9-76e58c74063e + - number: 0x25A207B9 + - number: 0x4660DDF3 + - number: 0xE576E98E + - number: 0x3E06748C + # socket must be bound to ConnectEx + # https://gist.github.com/joeyadams/4158972 + - api: bind + From 0f6e2dacb3765592b9dd12f8019bcbdc9168a06e Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:20:27 -0700 Subject: [PATCH 2/6] connect-tcp-socket: fix lint issue --- communication/socket/tcp/connect-tcp-socket.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index 1479423b3..1c2ef6b56 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -19,10 +19,11 @@ rule: - api: WSAIoctl - basic block: # candidate for GUID: WSAID_CONNECTEX/25a207b9-ddf3-4660-8ee9-76e58c74063e - - number: 0x25A207B9 - - number: 0x4660DDF3 - - number: 0xE576E98E - - number: 0x3E06748C + - and: + - number: 0x25A207B9 + - number: 0x4660DDF3 + - number: 0xE576E98E + - number: 0x3E06748C # socket must be bound to ConnectEx # https://gist.github.com/joeyadams/4158972 - api: bind From b7809dae41e31171c866781a53d309d3d3ab1fe8 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:22:51 -0700 Subject: [PATCH 3/6] connect-tcp-socket: add SIO_GET_EXTENSION_FUNCTION_POINTER --- communication/socket/tcp/connect-tcp-socket.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index 1c2ef6b56..b7baea8f2 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -17,6 +17,7 @@ rule: - api: ConnectEx - and: - api: WSAIoctl + - number: 0xC8000006 = SIO_GET_EXTENSION_FUNCTION_POINTER - basic block: # candidate for GUID: WSAID_CONNECTEX/25a207b9-ddf3-4660-8ee9-76e58c74063e - and: From 06984304e4987035da8a67e4f8c506783aef12f8 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:25:44 -0700 Subject: [PATCH 4/6] connect-tcp-socket: add SO_UPDATE_CONNECT_CONTEXT --- communication/socket/tcp/connect-tcp-socket.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index b7baea8f2..fe7192634 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -16,15 +16,22 @@ rule: - api: ws2_32.WSAConnect - api: ConnectEx - and: - - api: WSAIoctl - - number: 0xC8000006 = SIO_GET_EXTENSION_FUNCTION_POINTER - basic block: # candidate for GUID: WSAID_CONNECTEX/25a207b9-ddf3-4660-8ee9-76e58c74063e - and: - number: 0x25A207B9 - number: 0x4660DDF3 - number: 0xE576E98E - - number: 0x3E06748C + - number: 0x3E06748C + - basic block: + - and: + - api: WSAIoctl + - number: 0xC8000006 = SIO_GET_EXTENSION_FUNCTION_POINTER + - basic block: + - and: + - api: setsockopt + - number: 0xFFFF = SOL_SOCKET + - number: 0x7010 = SO_UPDATE_CONNECT_CONTEXT # socket must be bound to ConnectEx # https://gist.github.com/joeyadams/4158972 - api: bind From ebb14294b184f2f67a86255286aefe098f42090c Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:28:13 -0700 Subject: [PATCH 5/6] whitespace --- communication/socket/tcp/connect-tcp-socket.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index fe7192634..cb89ea61d 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -22,7 +22,7 @@ rule: - number: 0x25A207B9 - number: 0x4660DDF3 - number: 0xE576E98E - - number: 0x3E06748C + - number: 0x3E06748C - basic block: - and: - api: WSAIoctl From 1f48bd02a6a5e0f19bd3765e8b9289a612550d56 Mon Sep 17 00:00:00 2001 From: Willi Ballenthin Date: Thu, 4 Feb 2021 16:38:09 -0700 Subject: [PATCH 6/6] whitespace --- communication/socket/tcp/connect-tcp-socket.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/communication/socket/tcp/connect-tcp-socket.yml b/communication/socket/tcp/connect-tcp-socket.yml index cb89ea61d..767c267b2 100644 --- a/communication/socket/tcp/connect-tcp-socket.yml +++ b/communication/socket/tcp/connect-tcp-socket.yml @@ -35,4 +35,3 @@ rule: # socket must be bound to ConnectEx # https://gist.github.com/joeyadams/4158972 - api: bind -