infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add railgun definitions for local exploit relevant functions.

bug/bundler_fix
Spencer McIntyre 2013-12-12 10:26:08 -05:00
parent 2218063201
commit a08c420862
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb
View File

@ -11,7 +11,7 @@ class Def_kernel32
def self.create_dll(dll_path = 'kernel32')
dll = DLL.new(dll_path, ApiConstants.manager)
dll.add_function( 'GetConsoleWindow', 'LPVOID',[])
dll.add_function( 'ActivateActCtx', 'BOOL',[
@ -496,7 +496,7 @@ class Def_kernel32
["HANDLE","hProcess","in"],
["PBLOB","lpThreadAttributes","in"],
["DWORD","dwStackSize","in"],
["PBLOB","lpStartAddress","in"],
["LPVOID","lpStartAddress","in"],
["PBLOB","lpParameter","in"],
["DWORD","dwCreationFlags","in"],
["PDWORD","lpThreadId","out"],

24
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb
View File

@ -12,6 +12,15 @@ class Def_ntdll
def self.create_dll(dll_path = 'ntdll')
dll = DLL.new(dll_path, ApiConstants.manager)
dll.add_function('NtAllocateVirtualMemory', 'DWORD',[
["DWORD","ProcessHandle","in"],
["PBLOB","BaseAddress","inout"],
["PDWORD","ZeroBits","in"],
["PBLOB","RegionSize","inout"],
["DWORD","AllocationType","in"],
["DWORD","Protect","in"]
])
dll.add_function('NtClose', 'DWORD',[
["DWORD","Handle","in"],
])
@ -33,13 +42,13 @@ class Def_ntdll
dll.add_function('NtDeviceIoControlFile', 'DWORD',[
["DWORD","FileHandle","in"],
["DWORD","Event","in"],
["PBLOB","ApcRoutine","in"],
["PBLOB","ApcContext","in"],
["PBLOB","IoStatusBlock","inout"],
["LPVOID","ApcRoutine","in"],
["LPVOID","ApcContext","in"],
["PDWORD","IoStatusBlock","out"],
["DWORD","IoControlCode","in"],
["PBLOB","InputBuffer","in"],
["LPVOID","InputBuffer","in"],
["DWORD","InputBufferLength","in"],
["PBLOB","OutputBuffer","inout"],
["LPVOID","OutputBuffer","in"],
["DWORD","OutputBufferLength","in"],
])
@ -68,6 +77,11 @@ class Def_ntdll
["PDWORD","ReturnLength","inout"],
])
dll.add_function('NtQueryIntervalProfile', 'DWORD',[
["DWORD","ProfileSource","in"],
["PDWORD","Interval","out"],
])
dll.add_function('NtQuerySystemInformation', 'DWORD',[
["DWORD","SystemInformationClass","in"],
["PBLOB","SystemInformation","inout"],