infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use railgun helper functions

bug/bundler_fix
Meatballs 2014-08-10 21:52:12 +01:00
parent 2ed02c30a8
commit b277f588fb
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
lib/msf/core/exploit/local/windows_kernel.rb
View File

@ -48,23 +48,23 @@ module Exploit::Local::WindowsKernel
# @return [nil] If the name specified could not be found.
#
def find_sys_base(drvname)
if sysinfo['Architecture'] =~ /(x86|wow64)/i
ptr_size = 4
if session.railgun.util.pointer_size == 8
ptr = '<Q'
else
ptr_size = 8
ptr = 'V'
end
results = session.railgun.psapi.EnumDeviceDrivers(0, 0, ptr_size)
results = session.railgun.psapi.EnumDeviceDrivers(0, 0, session.railgun.util.pointer_size)
unless results['return']
print_error("EnumDeviceDrivers failed (error: #{results['GetLastError']} #{results['ErrorMessage']})")
return nil
end
results = session.railgun.psapi.EnumDeviceDrivers(results['lpcbNeeded'], results['lpcbNeeded'], ptr_size)
results = session.railgun.psapi.EnumDeviceDrivers(results['lpcbNeeded'], results['lpcbNeeded'], session.railgun.util.pointer_size)
unless results['return']
print_error("EnumDeviceDrivers failed (error: #{results['GetLastError']} #{results['ErrorMessage']})")
return nil
end
addresses = results['lpImageBase'][0..results['lpcbNeeded'] - 1].unpack((ptr_size == 4 ? 'V' : 'Q') + '*')
addresses = results['lpImageBase'][0..results['lpcbNeeded'] - 1].unpack("#{ptr}*")
addresses.each do |address|
results = session.railgun.psapi.GetDeviceDriverBaseNameA(address, 48, 48)