diff --git a/lib/msf/core/exploit/local/windows_kernel.rb b/lib/msf/core/exploit/local/windows_kernel.rb index cb9e991d16..5917334220 100644 --- a/lib/msf/core/exploit/local/windows_kernel.rb +++ b/lib/msf/core/exploit/local/windows_kernel.rb @@ -12,16 +12,16 @@ module Exploit::Local::WindowsKernel # @return [nil] If the address could not be found. # def find_haldispatchtable - kernel_info = find_sys_base(nil) - if kernel_info.nil? + kernel_address, kernel_name = find_sys_base(nil) + if kernel_address.nil? || kernel_name.nil? print_error("Failed to find the address of the Windows kernel") return nil end - vprint_status("Kernel Base Address: 0x#{kernel_info[0].to_s(16)}") + vprint_status("Kernel Base Address: 0x#{kernel_address.to_s(16)}") - h_kernel = session.railgun.kernel32.LoadLibraryExA(kernel_info[1], 0, 1) + h_kernel = session.railgun.kernel32.LoadLibraryExA(kernel_name, 0, 1) if h_kernel['return'] == 0 - print_error("Failed to load #{kernel_info[1]} (error: #{h_kernel['GetLastError']} #{h_kernel['ErrorMessage']})") + print_error("Failed to load #{kernel_name} (error: #{h_kernel['GetLastError']} #{h_kernel['ErrorMessage']})") return nil end h_kernel = h_kernel['return'] @@ -34,7 +34,7 @@ module Exploit::Local::WindowsKernel hal_dispatch_table = hal_dispatch_table['return'] hal_dispatch_table -= h_kernel - hal_dispatch_table += kernel_info[0] + hal_dispatch_table += kernel_address vprint_status("HalDispatchTable Address: 0x#{hal_dispatch_table.to_s(16)}") hal_dispatch_table end @@ -75,10 +75,10 @@ module Exploit::Local::WindowsKernel current_drvname = results['lpBaseName'][0,results['return']] if drvname.nil? if current_drvname.downcase.include?('krnl') - return [address, current_drvname] + return address, current_drvname end elsif drvname == current_drvname - return [address, current_drvname] + return address, current_drvname end end end