infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add railgun definitions for local exploit relevant functions.

bug/bundler_fix
Spencer McIntyre 2013-12-12 10:26:08 -05:00
parent 2218063201
commit a08c420862
2 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb
View File

@ -496,7 +496,7 @@ class Def_kernel32
["HANDLE","hProcess","in"], ["HANDLE","hProcess","in"],
["PBLOB","lpThreadAttributes","in"], ["PBLOB","lpThreadAttributes","in"],
["DWORD","dwStackSize","in"], ["DWORD","dwStackSize","in"],
["PBLOB","lpStartAddress","in"], ["LPVOID","lpStartAddress","in"],
["PBLOB","lpParameter","in"], ["PBLOB","lpParameter","in"],
["DWORD","dwCreationFlags","in"], ["DWORD","dwCreationFlags","in"],
["PDWORD","lpThreadId","out"], ["PDWORD","lpThreadId","out"],

24
lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb
View File

@ -12,6 +12,15 @@ class Def_ntdll
def self.create_dll(dll_path = 'ntdll') def self.create_dll(dll_path = 'ntdll')
dll = DLL.new(dll_path, ApiConstants.manager) dll = DLL.new(dll_path, ApiConstants.manager)
dll.add_function('NtAllocateVirtualMemory', 'DWORD',[
["DWORD","ProcessHandle","in"],
["PBLOB","BaseAddress","inout"],
["PDWORD","ZeroBits","in"],
["PBLOB","RegionSize","inout"],
["DWORD","AllocationType","in"],
["DWORD","Protect","in"]
])
dll.add_function('NtClose', 'DWORD',[ dll.add_function('NtClose', 'DWORD',[
["DWORD","Handle","in"], ["DWORD","Handle","in"],
]) ])
@ -33,13 +42,13 @@ class Def_ntdll
dll.add_function('NtDeviceIoControlFile', 'DWORD',[ dll.add_function('NtDeviceIoControlFile', 'DWORD',[
["DWORD","FileHandle","in"], ["DWORD","FileHandle","in"],
["DWORD","Event","in"], ["DWORD","Event","in"],
["PBLOB","ApcRoutine","in"], ["LPVOID","ApcRoutine","in"],
["PBLOB","ApcContext","in"], ["LPVOID","ApcContext","in"],
["PBLOB","IoStatusBlock","inout"], ["PDWORD","IoStatusBlock","out"],
["DWORD","IoControlCode","in"], ["DWORD","IoControlCode","in"],
["PBLOB","InputBuffer","in"], ["LPVOID","InputBuffer","in"],
["DWORD","InputBufferLength","in"], ["DWORD","InputBufferLength","in"],
["PBLOB","OutputBuffer","inout"], ["LPVOID","OutputBuffer","in"],
["DWORD","OutputBufferLength","in"], ["DWORD","OutputBufferLength","in"],
]) ])
@ -68,6 +77,11 @@ class Def_ntdll
["PDWORD","ReturnLength","inout"], ["PDWORD","ReturnLength","inout"],
]) ])
dll.add_function('NtQueryIntervalProfile', 'DWORD',[
["DWORD","ProfileSource","in"],
["PDWORD","Interval","out"],
])
dll.add_function('NtQuerySystemInformation', 'DWORD',[ dll.add_function('NtQuerySystemInformation', 'DWORD',[
["DWORD","SystemInformationClass","in"], ["DWORD","SystemInformationClass","in"],
["PBLOB","SystemInformation","inout"], ["PBLOB","SystemInformation","inout"],