This key's fingerprint is A04C 5E09 ED02 B328 03EB 6116 93ED 732E 9231 8DBA

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQQNBFUoCGgBIADFLp+QonWyK8L6SPsNrnhwgfCxCk6OUHRIHReAsgAUXegpfg0b
rsoHbeI5W9s5to/MUGwULHj59M6AvT+DS5rmrThgrND8Dt0dO+XW88bmTXHsFg9K
jgf1wUpTLq73iWnSBo1m1Z14BmvkROG6M7+vQneCXBFOyFZxWdUSQ15vdzjr4yPR
oMZjxCIFxe+QL+pNpkXd/St2b6UxiKB9HT9CXaezXrjbRgIzCeV6a5TFfcnhncpO
ve59rGK3/az7cmjd6cOFo1Iw0J63TGBxDmDTZ0H3ecQvwDnzQSbgepiqbx4VoNmH
OxpInVNv3AAluIJqN7RbPeWrkohh3EQ1j+lnYGMhBktX0gAyyYSrkAEKmaP6Kk4j
/ZNkniw5iqMBY+v/yKW4LCmtLfe32kYs5OdreUpSv5zWvgL9sZ+4962YNKtnaBK3
1hztlJ+xwhqalOCeUYgc0Clbkw+sgqFVnmw5lP4/fQNGxqCO7Tdy6pswmBZlOkmH
XXfti6hasVCjT1MhemI7KwOmz/KzZqRlzgg5ibCzftt2GBcV3a1+i357YB5/3wXE
j0vkd+SzFioqdq5Ppr+//IK3WX0jzWS3N5Lxw31q8fqfWZyKJPFbAvHlJ5ez7wKA
1iS9krDfnysv0BUHf8elizydmsrPWN944Flw1tOFjW46j4uAxSbRBp284wiFmV8N
TeQjBI8Ku8NtRDleriV3djATCg2SSNsDhNxSlOnPTM5U1bmh+Ehk8eHE3hgn9lRp
2kkpwafD9pXaqNWJMpD4Amk60L3N+yUrbFWERwncrk3DpGmdzge/tl/UBldPoOeK
p3shjXMdpSIqlwlB47Xdml3Cd8HkUz8r05xqJ4DutzT00ouP49W4jqjWU9bTuM48
LRhrOpjvp5uPu0aIyt4BZgpce5QGLwXONTRX+bsTyEFEN3EO6XLeLFJb2jhddj7O
DmluDPN9aj639E4vjGZ90Vpz4HpN7JULSzsnk+ZkEf2XnliRody3SwqyREjrEBui
9ktbd0hAeahKuwia0zHyo5+1BjXt3UHiM5fQN93GB0hkXaKUarZ99d7XciTzFtye
/MWToGTYJq9bM/qWAGO1RmYgNr+gSF/fQBzHeSbRN5tbJKz6oG4NuGCRJGB2aeXW
TIp/VdouS5I9jFLapzaQUvtdmpaeslIos7gY6TZxWO06Q7AaINgr+SBUvvrff/Nl
l2PRPYYye35MDs0b+mI5IXpjUuBC+s59gI6YlPqOHXkKFNbI3VxuYB0VJJIrGqIu
Fv2CXwy5HvR3eIOZ2jLAfsHmTEJhriPJ1sUG0qlfNOQGMIGw9jSiy/iQde1u3ZoF
so7sXlmBLck9zRMEWRJoI/mgCDEpWqLX7hTTABEBAAG0x1dpa2lMZWFrcyBFZGl0
b3JpYWwgT2ZmaWNlIEhpZ2ggU2VjdXJpdHkgQ29tbXVuaWNhdGlvbiBLZXkgKFlv
dSBjYW4gY29udGFjdCBXaWtpTGVha3MgYXQgaHR0cDovL3dsY2hhdGMzcGp3cGxp
NXIub25pb24gYW5kIGh0dHBzOi8vd2lraWxlYWtzLm9yZy90YWxrKSA8Y29udGFj
dC11cy11c2luZy1vdXItY2hhdC1zeXN0ZW1Ad2lraWxlYWtzLm9yZz6JBD0EEwEK
ACcCGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlb6cdIFCQOznOoACgkQk+1z
LpIxjbrlqh/7B2yBrryWhQMGFj+xr9TIj32vgUIMohq94XYqAjOnYdEGhb5u5B5p
BNowcqdFB1SOEvX7MhxGAqYocMT7zz2AkG3kpf9f7gOAG7qA1sRiB+R7mZtUr9Kv
fQSsRFPb6RNzqqB9I9wPNGhBh1YWusUPluLINwbjTMnHXeL96HgdLT+fIBa8ROmn
0fjJVoWYHG8QtsKiZ+lo2m/J4HyuJanAYPgL6isSu/1bBSwhEIehlQIfXZuS3j35
12SsO1Zj2BBdgUIrADdMAMLneTs7oc1/PwxWYQ4OTdkay2deg1g/N6YqM2N7rn1W
7A6tmuH7dfMlhcqw8bf5veyag3RpKHGcm7utDB6k/bMBDMnKazUnM2VQoi1mutHj
kTCWn/vF1RVz3XbcPH94gbKxcuBi8cjXmSWNZxEBsbirj/CNmsM32Ikm+WIhBvi3
1mWvcArC3JSUon8RRXype4ESpwEQZd6zsrbhgH4UqF56pcFT2ubnqKu4wtgOECsw
K0dHyNEiOM1lL919wWDXH9tuQXWTzGsUznktw0cJbBVY1dGxVtGZJDPqEGatvmiR
o+UmLKWyxTScBm5o3zRm3iyU10d4gka0dxsSQMl1BRD3G6b+NvnBEsV/+KCjxqLU
vhDNup1AsJ1OhyqPydj5uyiWZCxlXWQPk4p5WWrGZdBDduxiZ2FTj17hu8S4a5A4
lpTSoZ/nVjUUl7EfvhQCd5G0hneryhwqclVfAhg0xqUUi2nHWg19npPkwZM7Me/3
+ey7svRUqxVTKbXffSOkJTMLUWqZWc087hL98X5rfi1E6CpBO0zmHeJgZva+PEQ/
ZKKi8oTzHZ8NNlf1qOfGAPitaEn/HpKGBsDBtE2te8PF1v8LBCea/d5+Umh0GELh
5eTq4j3eJPQrTN1znyzpBYkR19/D/Jr5j4Vuow5wEE28JJX1TPi6VBMevx1oHBuG
qsvHNuaDdZ4F6IJTm1ZYBVWQhLbcTginCtv1sadct4Hmx6hklAwQN6VVa7GLOvnY
RYfPR2QA3fGJSUOg8xq9HqVDvmQtmP02p2XklGOyvvfQxCKhLqKi0hV9xYUyu5dk
2L/A8gzA0+GIN+IYPMsf3G7aDu0qgGpi5Cy9xYdJWWW0DA5JRJc4/FBSN7xBNsW4
eOMxl8PITUs9GhOcc68Pvwyv4vvTZObpUjZANLquk7t8joky4Tyog29KYSdhQhne
oVODrdhTqTPn7rjvnwGyjLInV2g3pKw/Vsrd6xKogmE8XOeR8Oqk6nun+Y588Nsj
XddctWndZ32dvkjrouUAC9z2t6VE36LSyYJUZcC2nTg6Uir+KUTs/9RHfrvFsdI7
iMucdGjHYlKc4+YwTdMivI1NPUKo/5lnCbkEDQRVKAhoASAAvnuOR+xLqgQ6KSOO
RTkhMTYCiHbEsPmrTfNA9VIip+3OIzByNYtfFvOWY2zBh3H2pgf+2CCrWw3WqeaY
wAp9zQb//rEmhwJwtkW/KXDQr1k95D5gzPeCK9R0yMPfjDI5nLeSvj00nFF+gjPo
Y9Qb10jp/Llqy1z35Ub9ZXuA8ML9nidkE26KjG8FvWIzW8zTTYA5Ezc7U+8HqGZH
VsK5KjIO2GOnJiMIly9MdhawS2IXhHTV54FhvZPKdyZUQTxkwH2/8QbBIBv0OnFY
3w75Pamy52nAzI7uOPOU12QIwVj4raLC+DIOhy7bYf9pEJfRtKoor0RyLnYZTT3N
0H4AT2YeTra17uxeTnI02lS2Jeg0mtY45jRCU7MrZsrpcbQ464I+F411+AxI3NG3
cFNJOJO2HUMTa+2PLWa3cERYM6ByP60362co7cpZoCHyhSvGppZyH0qeX+BU1oyn
5XhT+m7hA4zupWAdeKbOaLPdzMu2Jp1/QVao5GQ8kdSt0n5fqrRopO1WJ/S1eoz+
Ydy3dCEYK+2zKsZ3XeSC7MMpGrzanh4pk1DLr/NMsM5L5eeVsAIBlaJGs75Mp+kr
ClQL/oxiD4XhmJ7MlZ9+5d/o8maV2K2pelDcfcW58tHm3rHwhmNDxh+0t5++i30y
BIa3gYHtZrVZ3yFstp2Ao8FtXe/1ALvwE4BRalkh+ZavIFcqRpiF+YvNZ0JJF52V
rwL1gsSGPsUY6vsVzhpEnoA+cJGzxlor5uQQmEoZmfxgoXKfRC69si0ReoFtfWYK
8Wu9sVQZW1dU6PgBB30X/b0Sw8hEzS0cpymyBXy8g+itdi0NicEeWHFKEsXa+HT7
mjQrMS7c84Hzx7ZOH6TpX2hkdl8Nc4vrjF4iff1+sUXj8xDqedrg29TseHCtnCVF
kfRBvdH2CKAkbgi9Xiv4RqAP9vjOtdYnj7CIG9uccek/iu/bCt1y/MyoMU3tqmSJ
c8QeA1L+HENQ/HsiErFGug+Q4Q1SuakHSHqBLS4TKuC+KO7tSwXwHFlFp47GicHe
rnM4v4rdgKic0Z6lR3QpwoT9KwzOoyzyNlnM9wwnalCLwPcGKpjVPFg1t6F+eQUw
WVewkizhF1sZBbED5O/+tgwPaD26KCNuofdVM+oIzVPOqQXWbaCXisNYXoktH3Tb
0X/DjsIeN4TVruxKGy5QXrvo969AQNx8Yb82BWvSYhJaXX4bhbK0pBIT9fq08d5R
IiaN7/nFU3vavXa+ouesiD0cnXSFVIRiPETCKl45VM+f3rRHtNmfdWVodyXJ1O6T
ZjQTB9ILcfcb6XkvH+liuUIppINu5P6i2CqzRLAvbHGunjvKLGLfvIlvMH1mDqxp
VGvNPwARAQABiQQlBBgBCgAPAhsMBQJW+nHeBQkDs5z2AAoJEJPtcy6SMY26Qtgf
/0tXRbwVOBzZ4fI5NKSW6k5A6cXzbB3JUxTHMDIZ93CbY8GvRqiYpzhaJVjNt2+9
zFHBHSfdbZBRKX8N9h1+ihxByvHncrTwiQ9zFi0FsrJYk9z/F+iwmqedyLyxhIEm
SHtWiPg6AdUM5pLu8GR7tRHagz8eGiwVar8pZo82xhowIjpiQr0Bc2mIAusRs+9L
jc+gjwjbhYIg2r2r9BUBGuERU1A0IB5Fx+IomRtcfVcL/JXSmXqXnO8+/aPwpBuk
bw8sAivSbBlEu87P9OovsuEKxh/PJ65duQNjC+2YxlVcF03QFlFLGzZFN7Fcv5JW
lYNeCOOz9NP9TTsR2EAZnacNk75/FYwJSJnSblCBre9xVA9pI5hxb4zu7CxRXuWc
QJs8Qrvdo9k4Jilx5U9X0dsiNH2swsTM6T1gyVKKQhf5XVCS4bPWYagXcfD9/xZE
eAhkFcAuJ9xz6XacT9j1pw50MEwZbwDneV93TqvHmgmSIFZow1aU5ACp+N/ksT6E
1wrWsaIJjsOHK5RZj/8/2HiBftjXscmL3K8k6MbDI8P9zvcMJSXbPpcYrffw9A6t
ka9skmLKKFCcsNJ0coLLB+mw9DVQGc2dPWPhPgtYZLwG5tInS2bkdv67qJ4lYsRM
jRCW5xzlUZYk6SWD4KKbBQoHbNO0Au8Pe/N1SpYYtpdhFht9fGmtEHNOGPXYgNLq
VTLgRFk44Dr4hJj5I1+d0BLjVkf6U8b2bN5PcOnVH4Mb+xaGQjqqufAMD/IFO4Ro
TjwKiw49pJYUiZbw9UGaV3wmg+fue9To1VKxGJuLIGhRXhw6ujGnk/CktIkidRd3
5pAoY5L4ISnZD8Z0mnGlWOgLmQ3IgNjAyUzVJRhDB5rVQeC6qX4r4E1xjYMJSxdz
Aqrk25Y//eAkdkeiTWqbXDMkdQtig2rY+v8GGeV0v09NKiT+6extebxTaWH4hAgU
FR6yq6FHs8mSEKC6Cw6lqKxOn6pwqVuXmR4wzpqCoaajQVz1hOgD+8QuuKVCcTb1
4IXXpeQBc3EHfXJx2BWbUpyCgBOMtvtjDhLtv5p+4XN55GqY+ocYgAhNMSK34AYD
AhqQTpgHAX0nZ2SpxfLr/LDN24kXCmnFipqgtE6tstKNiKwAZdQBzJJlyYVpSk93
6HrYTZiBDJk4jDBh6jAx+IZCiv0rLXBM6QxQWBzbc2AxDDBqNbea2toBSww8HvHf
hQV/G86Zis/rDOSqLT7e794ezD9RYPv55525zeCk3IKauaW5+WqbKlwosAPIMW2S
kFODIRd5oMI51eof+ElmB5V5T9lw0CHdltSM/hmYmp/5YotSyHUmk91GDFgkOFUc
J3x7gtxUMkTadELqwY6hrU8=
=BLTH
-----END PGP PUBLIC KEY BLOCK-----
		

Contact

If you need help using Tor you can contact WikiLeaks for assistance in setting it up using our simple webchat available at: https://wikileaks.org/talk

If you can use Tor, but need to contact WikiLeaks for other reasons use our secured webchat available at http://wlchatc3pjwpli5r.onion

We recommend contacting us over Tor if you can.

Tor

Tor is an encrypted anonymising network that makes it harder to intercept internet communications, or see where communications are coming from or going to.

In order to use the WikiLeaks public submission system as detailed above you can download the Tor Browser Bundle, which is a Firefox-like browser available for Windows, Mac OS X and GNU/Linux and pre-configured to connect using the anonymising system Tor.

Tails

If you are at high risk and you have the capacity to do so, you can also access the submission system through a secure operating system called Tails. Tails is an operating system launched from a USB stick or a DVD that aim to leaves no traces when the computer is shut down after use and automatically routes your internet traffic through Tor. Tails will require you to have either a USB stick or a DVD at least 4GB big and a laptop or desktop computer.

Tips

Our submission system works hard to preserve your anonymity, but we recommend you also take some of your own precautions. Please review these basic guidelines.

1. Contact us if you have specific problems

If you have a very large submission, or a submission with a complex format, or are a high-risk source, please contact us. In our experience it is always possible to find a custom solution for even the most seemingly difficult situations.

2. What computer to use

If the computer you are uploading from could subsequently be audited in an investigation, consider using a computer that is not easily tied to you. Technical users can also use Tails to help ensure you do not leave any records of your submission on the computer.

3. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection – it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly. This includes other media organisations.

After

1. Do not talk about your submission to others

If you have any issues talk to WikiLeaks. We are the global experts in source protection – it is a complex field. Even those who mean well often do not have the experience or expertise to advise properly. This includes other media organisations.

2. Act normal

If you are a high-risk source, avoid saying anything or doing anything after submitting which might promote suspicion. In particular, you should try to stick to your normal routine and behaviour.

3. Remove traces of your submission

If you are a high-risk source and the computer you prepared your submission on, or uploaded it from, could subsequently be audited in an investigation, we recommend that you format and dispose of the computer hard drive and any other storage media you used.

In particular, hard drives retain data after formatting which may be visible to a digital forensics team and flash media (USB sticks, memory cards and SSD drives) retain data even after a secure erasure. If you used flash media to store sensitive data, it is important to destroy the media.

If you do this and are a high-risk source you should make sure there are no traces of the clean-up, since such traces themselves may draw suspicion.

4. If you face legal action

If a legal action is brought against you as a result of your submission, there are organisations that may help you. The Courage Foundation is an international organisation dedicated to the protection of journalistic sources. You can find more details at https://www.couragefound.org.

WikiLeaks publishes documents of political or historical importance that are censored or otherwise suppressed. We specialise in strategic global publishing and large archives.

The following is the address of our secure site where you can anonymously upload your documents to WikiLeaks editors. You can only access this submissions system through Tor. (See our Tor tab for more information.) We also advise you to read our tips for sources before submitting.

wlupld3ptjvsgwqw.onion
Copy this address into your Tor browser. Advanced users, if they wish, can also add a further layer of encryption to their submission using our public PGP key.

If you cannot use Tor, or your submission is very large, or you have specific requirements, WikiLeaks provides several alternative methods. Contact us to discuss how to proceed.

Vault7: CIA Hacking Tools Revealed

Navigation: » Directory » Automated Implant Branch (AIB) » AIB Home » Projects » User #?


Owner: User #3375506

User #? Developer Guide

Note: This page is under development.

Overview

User #? is a software tool used to build custom installers for target computers running Microsoft Windows operating systems.

Concept of Operations

An operator uses User #? to build a custom installation executable, execute that installation executable on a target computer, and (optionally) decode the results of that execution.

Build

An operator uses the User #? builder to construct a custom installation executable.

The operator configures an installation executable to install one or more payloads using a variety of techniques. Each payload installer is built from individually configured components that implement part of the installation procedure.

The operator may designate that installation is contingent on the evaluation of the target environment. Target conditions are described using a custom rule language.

The operator may configure the tool to output a log file during execution for later exfiltration.

Execute

An operator runs the installation executable on a target computer running a Microsoft Windows operating system. The installation executable should be loaded into and executed solely within memory.

The operator is responsible for selecting the appropriate method for gaining on-target execution for the configured User #? tool.

If the executable has output a log file, the operator collects it from the filesystem for later analysis.

Decode

An operator decodes the runtime-generated log file to evaluate detailed execution results.

The execution log stores result codes from each installer component and facts evaluated as part of the target environment validation process.

Referenced Documents

NOD Persistent DLLDynamic Link Library v1

The User #? executable DLLDynamic Link Library is compliant with the NODNetwork Operations Division Persistent specification version 1. It can be safely loaded and executed in process memory.

In-memory Code Execution (ICEIn-memory Code Execution) v3

The User #? executable ICE-DLL is compliant with the In-memory Code Execution (ICEIn-memory Code Execution) specification version 3. It can be loaded as a module by an ICE-compliant loader using the ‘Fire’ execution mode.

System Design

User #? Composition

A User #? executable contains one or more installers. An installer is a stack of one or more installer components. User #? invokes each component of the stack in series to operate on a payload. The ultimate purpose of an installer is to persist a payload.

User #? will optionally evaluate rules to determine whether to execute an installation. Rules may be set on each installer and/or globally.

Executables

User #? executables contain and run one or more installers on a target system.

An executable may have a global rule that will be evaluated before execution of any installers. If a global rule is provided and evaluates to false the executable aborts operation.

Executables may be constructed for both x86 and x64 architectures and in the following formats:

DLL

Microsoft Dynamic-Link Library

-    Compliant with NODNetwork Operations Division Persistence Specification v1

-    Executes in a thread created in the DLLDynamic Link Library entry point (DllMain)

-    Memory-loadable (compliant with NODNetwork Operations Division Persistence v1)

ICE DLL

ICEv3 Module

-    Compliant with In-memory Code Execution (ICEIn-memory Code Execution) Specification v3

-    Supports ‘Fire’ feature set

If no rules need to be evaluated by the executable, User #? uses an alternate executable, called a Cricket. A Cricket is equivalent to a User #?, but has been stripped of the rule processing engine.

Installers

Installers encapsulate the process used to install a payload on a target system. Installers are constructed from one or more components that each contribute to the installation process.

Installers run by passing a payload through each member of the component stack. An installer may invoke a component at run time or build time, depending on payload availability and the components’ execution time requirements. Installers are biased toward build-time execution of components to minimize on-target activity.

An installer may have a rule that will be evaluated before execution. If an installer rule is provided and evaluates to false the associated installer is skipped.

Components

Components form the functional portion of installers. Components may be used to introduce payloads to the installer stack, modify a payload on the stack, install a payload on a target, etc.

User #? users configure components individually before using them to construct installers. Components may be used in multiple installers.

Components may be developed by third-parties and added to an existing User #? build system.

Payloads

Payloads are the software tools that an installer is meant to persist on a target. Payloads are passed through each component on the installer stack.

Payloads are typed by format (EXE, DLL, SYS, PIC), architecture (x86, x64), and optional arguments and interface. The output type of a component must match exactly the input type of the next component on the stack.

User #? includes a built-in payload component which is used to introduce a payload to the component stack.

Rules

Rules are statements that describe on-target conditions required for the successful operation of an installer or a User #? executable as a whole. Rules use boolean operators to combine simple facts into complex expressions.

Logic

For any given executable, including some number of installers built from some sequence of components, User #? will operate according to the following logic.

Build Time

At build time, User #? will validate the executable and run the build time components.

Validation

For each installer in an executable, User #? evaluates the payload exchanges between the constituent components. User #? ensures that both the payload types and availabilities between each component are compatible.

Build Time Components

Some components are designed to operate on a payload at build time. For each installer in the executable, User #? will invoke the components to operate on the payload until the first run time component is reached. The output of the last build time component will be the input of the first run time component.

Run Time

At run time, User #? will evaluate the target environment and run the run time components.

Global Rule

An executable may be configured with a global rule that describes conditions that are required for the executable as a whole. Before executing any components, User #? will evaluate this global rule.

If the global rule does not evaluate to “true”, the User #? aborts operation.

Installer Rules

For each installer in the executable, a rule may be configured that describe required conditions for that particular installer. Before executing any of an installer’s run time components, User #? will evaluate its installer rule.

If the installer rule does not evaluate to “true”, the User #? skips that installer.

Run Time Components

For each installer in the executable, User #? invokes each run time component to operate on the payload. If any component fails, User #? will unwind, calling the components in reverse order to undo whatever actions they had taken.

Developing Components

Module Interface

The module interface is the interface that governs the interaction between User #? binaries and the component DLLs that run on target.

The component module interface requires that the module DLLDynamic Link Library export functions that perform a set of procedures. Module functions must be exported by ordinal only.

Install Procedure

const unsigned short COMPONENT_INSTALL_ORDINAL = 1;
typedef uint_64(__stdcall *InstallProcedure)(
void* config,
unsigned long config_size,
void* input_payload,
unsigned long input_payload_size,
void** output_payload,
unsigned long* output_payload_size
);

The component install procedure is called by User #? during the execution of a configured installer.

The install procedure is exported by the module on Ordinal 1.

The install procedure takes the following arguments:

config
- pointer to the configuration data associated with the component
config_size
- size of the configuration data in bytes
input_payload
- pointer to the input payload
input_payload_size
- size of the input payload in bytes
output_payload

- pointer to pointer to store output payload

The input payload may be modified in place and the output payload pointer set to the input payload pointer.

If more space is needed for the output, the module is responsible for allocating this buffer. The memory should be allocated using the User #? memory "functions".

output_payload_size
- pointer to size of the output payload in bytes

The install procedure returns a uint_64 code. An exit code of zero indicates success and a non-zero code indicates failure.

Uninstall Procedure

const unsigned short COMPONENT_UNINSTALL_ORDINAL = 2;
typedef uint_64 (__stdcall *UninstallProcedure)(
void* config,
unsigned long config_size
);

The component uninstall procedure is called by User #? when trying to reverse an installer.

The uninstall procedure is exported by the module on Ordinal 2.

The uninstall procedure takes the following arguments:

config
- pointer to the configuration data associated with the component
config_size
- size of the configuration data in bytes

The uninstall procedure returns a uint_64 code. An exit code of zero indicates success and a non-zero code indicates failure.

Memory "Functions"

#define GHAlloc(size) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size)
#define GHReAlloc(mem, size) HeapReAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, mem, size)
#define GHFree(mem) HeapFree(GetProcessHeap(), 0, mem)

Component modules must use the specified User #? memory "functions" when allocating or deallocating shared memory. Currently, the only case when a component allocates memory shared with User #? is when allocating space for an output payload.

Script Interface

The script interface is the interface that governs the interaction between the User #? Builder and Decoder and the component Python module/package that runs at build time.

The script interface requires that the component implements a Python module/package that defines and registers a 'Component' subclass.

Component Base Class

class Component(object):
"""Object representing a User #? component instance.
    The Component class is subclassed by component scripts to define
the interface for instantiating their components.
    Attributes:
name (str): name of the component type
version (str): version of the component type
description (str): short, one-line description of the component type
"""
    name = ''
version = ''
description = ''
 
    XML_TAG_COMPONENT = 'Component'
XML_ATTR_ID = 'id'
XML_ATTR_TYPE = 'name'
XML_ATTR_VERSION = 'version'
 
    def __init__(self, instance_id):
"""Initialize a new component instance.
        Subclasses should call the Component.__init__ function.
        Args:
instance_id (str): identifier for the component instance
"""
self.instance_id = instance_id

 

    def __repr__(self):
return '{}({})'.format(type(self).__name__, self.instance_id)

 

    # View Functions
    def properties(self):
"""Generate a recursive series of key-value pairs describing component.
        Property keys must be strings. Property values may be a string or a
sequence of sub-keys and value pairs.
        Returns:
list: sequence of properties as key-value pairs
"""
raise NotImplementedError('{} does not implement properties method'.format(
type(self).__name__))

 

    def decode_install_result(self, code):
"""Decode the component result code returned by a call to the component module's
install command.
        A result code of zero is reserved for 'success'.
        Args:
code (int): 64-bit unsigned integer returned by component module during install
        Returns:
str: human-readable result message
"""
raise NotImplementedError('{} does not implement decode_install_result method'.format(
type(self).__name__))
 
    def decode_uninstall_result(self, code):
"""Decode the component result code returned by a call to the component module's
uninstall command.
        A result code of zero is reserved for 'success'.
        Args:
code (int): 64-bit unsigned integer returned by component module during uninstall
        Returns:
str: human-readable result message
"""
raise NotImplementedError('{} does not implement decode_uninstall_result method'.format(
type(self).__name__))
 
    # Command Line Functions
    @classmethod
def setup_parser(cls, parser):
"""Setup an argument parser for the component.
        The parser is used to parse command-line arguments to instantiate the
component. Parser is an argparse ArgumentParser that the component
can setup for its purposes.
        Args:
parser (argparse.ArgumentParser): parser to setup for the component
"""
        raise NotImplementedError('{} does not implement setup_parser method'.format(
            cls.__name__))
 
    @classmethod
def from_cmdline(cls, instance_id, args):
"""Instantiate a component from the command line.
        The component class is provided an argparse Namespace generated using
the parser initialized by ``setup_parser``.
        Args:
instance_id (str): identifier for the component instance
args (argparse.Namespace): argument namespace generated from command line
        Returns:
Component: instance of component initialized from command line
"""
raise NotImplementedError('{} does not implement from_cmdline method'.format(
cls.__name__))
 
    # Save/Load Functions
    def save(self, dir_path):
"""Save a component to an xml string and data files.
        Component state/configuration are stored in XMLExtensible Markup Language with following format:
<Component id="..." type="..." version="...">...</Component>
        The id field should match the identifier provided for the instance.
The type field should match the name of the component.
The version field is provided to support component versioning.
        Args:
dir_path (str): path to directory to save bulk instance data
        Returns:
str: xml-formatted representation of the component
"""
raise NotImplementedError('{} does not implement save method'.format(
type(self).__name__))
 
    @classmethod
    def load(cls, instance_id, xml, dir_path):
"""Load a component from an xml string and data files.
        This function will parse the xml string and any backing data files, 
initialize a new instance of the component, and return that component
object.
        Args:
instance_id (str): identifier for the component instance
xml (str): xml-formatted representation of a component
Uses string previously generated by ``save`` function.
dir_path (str): path to directory to load bulk instance data
Uses directory previously provided to ``save`` function.
        Returns:
Component: instance of component initialized from xml and data
"""
raise NotImplementedError('{} does not implement load method'.format(
cls.__name__))
 
    # Build Functions
    def available_payloads(self, input_type, input_time, output_time):
"""Generate a list of payload types available for a given input.
        Args:
input_type (PayloadType or None): type of payload input to component
input_time (str): when payload is input to component ('build' or 'run')
output_time (str): when payload is output from component ('build' or 'run')
        Returns:
list of PayloadType: output types available for given parameters
List may include None if no payload is output from component;
this is only valid when output_time is 'run'.
"""
raise NotImplementedError('{} does not implement available_payloads '
'method'.format(type(self).__name__))
 
    @classmethod
def buildhook(cls, step, components):
"""Hook the component build process.
        This function will be called during the User #? build process between
a variety of build steps.
        The following steps are defined ...
prebuild : before the build has begun
prebuild-configs : before component configs/payloads built
prebuild-configs-installer : before per-installer component configs/payloads built
postbuild-configs-installer : after per-installer component configs/payloads built
postbuild-configs : after component configs/payloads built
prebuild-modules : before component modules built
postbuild-modules : after component modules built
postbuild : after the build has finished
        Args:
step (str): current build step
components (list of Component): instances of components to hook
"""
pass
 
    def build_payload(self, working_dir, input_type, output_type, input_data):
"""Build the output payload for the component with a given input.
        This function may be called when output_type was returned from
available_payloads(input_type, input_time, 'build'). If the output payload
is generated at build time, the component module will not be executed
at run time.
        Args:
working_dir (str): path to working directory for component
input_type (PayloadType): type of payload that is input
output_type (PayloadType): type of payload that shall be output
input_data (bytes): input payload data
        Returns:
bytes: output payload data with type specified by output_type
"""
raise NotImplementedError('{} does not implement build_payload method'.format(
type(self).__name__))
 
    def build_config(self, working_dir, input_type, output_type, input_data=None):
"""Build the runtime configuration for the component with a given input.
        This function may be called when output_type was returned from
available_payloads(input_type, input_time, 'run'). The configuration
data will be provided to the component module at run time. Input data
may be provided if input_time was 'build'.
        Args:
working_dir (str): path to working directory for component
input_type (PayloadType): type of payload that is input
output_type (PayloadType): type of payload that shall be output
input_data (bytes, optional): input payload data
        Returns:
bytes, optional: configuration data provided to module at runtime
"""
raise NotImplementedError('{} does not implement build_config method'.format(
type(self).__name__))
 
    @classmethod
def build_module(cls, working_dir, architecture, components):
"""Build a module for the component.
        User #? will use the same module for all components of a given type.
        The component script may customize the module based on the components
that it will be expected to execute.
        Args:
working_dir (str): path to working directory for component
arch (str): architecture of component module to build ('x86' or 'x64')
components (list of Component): instances of component to be executed by module
        Returns:
bytes: component module DLL
"""
raise NotImplementedError('{} does not implement build_module method'.format(
cls.__name__))

Component Registration

The component's Python module/package must call the register_component function with their component subclass whenever the module/package is imported.


Previous versions:

| 1 empty | 2 |

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh