From 517dcfea053b0df5bd464ee2afec06c2816b2f97 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 2 Apr 2015 05:02:09 -0500 Subject: [PATCH] convert wds queries to use unicode --- .../source/extensions/stdapi/server/fs/search.c | 17 ++++++++++------- .../source/extensions/stdapi/server/fs/search.h | 4 ++-- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/c/meterpreter/source/extensions/stdapi/server/fs/search.c b/c/meterpreter/source/extensions/stdapi/server/fs/search.c index 705d6830..7537cf8b 100644 --- a/c/meterpreter/source/extensions/stdapi/server/fs/search.c +++ b/c/meterpreter/source/extensions/stdapi/server/fs/search.c @@ -264,10 +264,10 @@ HRESULT wds_execute(ICommand * pCommand, Packet * pResponse) dbBindings[1].cbMaxLen = MAX_PATH; dbBindings[1].dwFlags = 0; dbBindings[1].eParamIO = DBPARAMIO_NOTPARAM; - dbBindings[1].wType = DBTYPE_STR; + dbBindings[1].wType = DBTYPE_WSTR; dbBindings[1].obStatus = offsetof(SEARCH_ROW, dbPathStatus); dbBindings[1].obLength = offsetof(SEARCH_ROW, dwPathLength); - dbBindings[1].obValue = offsetof(SEARCH_ROW, cPathValue); + dbBindings[1].obValue = offsetof(SEARCH_ROW, wPathValue); hr = IAccessor_CreateAccessor(pAccessor, DBACCESSOR_ROWDATA, 2, (DBBINDING *)&dbBindings, 0, &hAccessor, NULL); if (FAILED(hr)) @@ -288,17 +288,19 @@ HRESULT wds_execute(ICommand * pCommand, Packet * pResponse) if (FAILED(hr)) BREAK_WITH_ERROR("[SEARCH] wds_execute: IRowset_GetData Failed", hr); - if (_memicmp("iehistory:", rowSearchResults.cPathValue, 10) == 0) + char *path = wchar_to_utf8(rowSearchResults.wPathValue); + + if (_memicmp("iehistory:", path, 10) == 0) { // "iehistory://{*}/" - char * cpHistory = strstr(rowSearchResults.cPathValue, "}"); + char * cpHistory = strstr(path, "}"); if (cpHistory) search_add_result(pResponse, "", cpHistory+2, 0); } - else if (_memicmp("mapi:", rowSearchResults.cPathValue, 5) == 0) + else if (_memicmp("mapi:", path, 5) == 0) { // "mapi://{*}/" - char * cpHistory = strstr(rowSearchResults.cPathValue, "}"); + char * cpHistory = strstr(path, "}"); if (cpHistory) search_add_result(pResponse, "", cpHistory+2, 0); } @@ -307,7 +309,7 @@ HRESULT wds_execute(ICommand * pCommand, Packet * pResponse) size_t i = 0; char * cpFileName = ""; char * cpFile = ""; - char * cpDirectory = (char *)&rowSearchResults.cPathValue; + char * cpDirectory = path; if (_memicmp("file:", cpDirectory, strlen("file:")) == 0) cpDirectory = (char *)(cpDirectory + strlen("file:")); @@ -335,6 +337,7 @@ HRESULT wds_execute(ICommand * pCommand, Packet * pResponse) dprintf("[SEARCH] wds_execute. Found: %s\\%s", cpDirectory, cpFileName); } + free(path); hr = IRowset_ReleaseRows(pRowset, dbCount, pRows, NULL, NULL, NULL); if (FAILED(hr)) BREAK_WITH_ERROR("[SEARCH] wds_execute: IRowset_ReleaseRows Failed", hr); diff --git a/c/meterpreter/source/extensions/stdapi/server/fs/search.h b/c/meterpreter/source/extensions/stdapi/server/fs/search.h index 7fba2b03..56c4d71b 100644 --- a/c/meterpreter/source/extensions/stdapi/server/fs/search.h +++ b/c/meterpreter/source/extensions/stdapi/server/fs/search.h @@ -21,7 +21,7 @@ typedef struct _WDS_INTERFACE ISearchManager * pSearchManager; ISearchCatalogManager * pSearchCatalogManager; ISearchCrawlScopeManager * pCrawlScopeManager; - + // WDS 2... HMODULE hQuery; LOCATECATALOGSA pLocateCatalogsA; @@ -50,7 +50,7 @@ typedef struct _SEARCH_ROW DWORD dwPadding4; DWORD dwPathLength; DWORD dwPadding5; - CHAR cPathValue[MAX_PATH]; + WCHAR wPathValue[MAX_PATH]; } SEARCH_ROW; // we manually define these ourselves...