diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
| commit | b783b459c12112509a733253df9f5935e104200c (patch) | |
| tree | e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/driver/modules.c | |
| parent | 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff) | |
| parent | 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff) | |
| download | PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip | |
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
Diffstat (limited to 'Exfiltration/mimikatz-1.0/driver/modules.c')
| -rw-r--r-- | Exfiltration/mimikatz-1.0/driver/modules.c | 110 |
1 files changed, 0 insertions, 110 deletions
diff --git a/Exfiltration/mimikatz-1.0/driver/modules.c b/Exfiltration/mimikatz-1.0/driver/modules.c deleted file mode 100644 index 7ca3551..0000000 --- a/Exfiltration/mimikatz-1.0/driver/modules.c +++ /dev/null @@ -1,110 +0,0 @@ -#include "modules.h" - -NTSTATUS kModulesList(LPWSTR pszDest, size_t cbDest, LPWSTR *ppszDestEnd, size_t *pcbRemaining) -{ - NTSTATUS status = STATUS_SUCCESS; - ULONG i; - ULONG modulesSize; - AUX_MODULE_EXTENDED_INFO* modules; - ULONG numberOfModules; - - *ppszDestEnd = pszDest; - *pcbRemaining= cbDest; - - status = AuxKlibInitialize(); - if(NT_SUCCESS(status)) - { - status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), NULL); - if (NT_SUCCESS(status)) - { - if(modulesSize > 0) - { - numberOfModules = modulesSize / sizeof(AUX_MODULE_EXTENDED_INFO); - modules = (AUX_MODULE_EXTENDED_INFO*) ExAllocatePoolWithTag(PagedPool, modulesSize, POOL_TAG); - - if(modules != NULL) - { - status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), modules); - if (NT_SUCCESS(status)) - { - for(i = 0; i < numberOfModules; i++) - { - status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, - L"%p - %.8u [%S] %S\n", - modules[i].BasicInfo.ImageBase, - modules[i].ImageSize, - modules[i].FullPathName + modules[i].FileNameOffset, - modules[i].FullPathName - ); - } - } - ExFreePoolWithTag(modules, POOL_TAG); - } - } - } - } - - return status; -} - -NTSTATUS getModuleFromAddr(ULONG_PTR theAddr, LPWSTR pszDest, size_t cbDest, LPWSTR *ppszDestEnd, size_t *pcbRemaining) -{ - NTSTATUS status = STATUS_SUCCESS; - ULONG i; - ULONG modulesSize; - AUX_MODULE_EXTENDED_INFO* modules; - ULONG numberOfModules; - - *ppszDestEnd = pszDest; - *pcbRemaining= cbDest; - - status = AuxKlibInitialize(); - if(NT_SUCCESS(status)) - { - status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), NULL); - if (NT_SUCCESS(status)) - { - if(modulesSize > 0) - { - numberOfModules = modulesSize / sizeof(AUX_MODULE_EXTENDED_INFO); - modules = (AUX_MODULE_EXTENDED_INFO*) ExAllocatePoolWithTag(PagedPool, modulesSize, POOL_TAG); - - if(modules != NULL) - { - status = AuxKlibQueryModuleInformation(&modulesSize, sizeof(AUX_MODULE_EXTENDED_INFO), modules); - if (NT_SUCCESS(status)) - { - for(i = 0; i < numberOfModules; i++) - { - status = STATUS_NOT_FOUND; - if(theAddr >= (ULONG_PTR) modules[i].BasicInfo.ImageBase && theAddr < ((ULONG_PTR) modules[i].BasicInfo.ImageBase + modules[i].ImageSize)) - { - status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, - L"%p [%S+%u]", - theAddr, - modules[i].FullPathName + modules[i].FileNameOffset, - theAddr - (ULONG_PTR) modules[i].BasicInfo.ImageBase - ); - break; - } - - - } - - if(status == STATUS_NOT_FOUND) - { - status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, L"%p [?]", theAddr); - if (NT_SUCCESS(status)) status = STATUS_NOT_FOUND; - } - } - ExFreePoolWithTag(modules, POOL_TAG); - } - } - } - } - - return status; -} - - - |