Railgun DWORD handling

2024-11-05 14:57:30 +01:00 · 2014-12-23 10:44:29 +00:00 · 2014-12-23 10:44:29 +00:00 · 02864b4401
commit 02864b4401
parent d4707b8e07
1 changed files with 8 additions and 2 deletions
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb
@ -318,7 +318,10 @@ class DLL
      buffer = rec_out_only_buffers[buffer_item.addr, buffer_item.length_in_bytes]
      case buffer_item.datatype
        when "PDWORD"
-          return_hash[param_name] = buffer.unpack(native)[0]
+          # PDWORD is treated as a POINTER
+          return_hash[param_name] = buffer.unpack(native).first
+          # If PDWORD is treated correctly as a DWORD
+          return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
        when "PCHAR"
          return_hash[param_name] = asciiz_to_str(buffer)
        when "PWCHAR"
@ -338,7 +341,10 @@ class DLL
      buffer = rec_inout_buffers[buffer_item.addr, buffer_item.length_in_bytes]
      case buffer_item.datatype
        when "PDWORD"
-          return_hash[param_name] = buffer.unpack(native)[0]
+          # PDWORD is treated as a POINTER
+          return_hash[param_name] = buffer.unpack(native).first
+          # If PDWORD is treated correctly as a DWORD
+          return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
        when "PCHAR"
          return_hash[param_name] = asciiz_to_str(buffer)
        when "PWCHAR"