diff options
| author | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
|---|---|---|
| committer | clymb3r <bialek.joseph@gmail.com> | 2014-04-16 21:02:50 -0700 |
| commit | b783b459c12112509a733253df9f5935e104200c (patch) | |
| tree | e58bce1f7d2f2584d1426262cc609f153d774e51 /Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp | |
| parent | 47b90647c11cb4956c735cfa47628dc7dcb03bb6 (diff) | |
| parent | 946328cf9e6d6c60eca2bb9d71a38e210c1c3b6c (diff) | |
| download | PowerSploit-b783b459c12112509a733253df9f5935e104200c.tar.gz PowerSploit-b783b459c12112509a733253df9f5935e104200c.zip | |
Merge branch 'master' of https://github.com/mattifestation/PowerSploit
Conflicts:
Recon/Get-ComputerDetails.ps1
Recon/Recon.psd1
Diffstat (limited to 'Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp')
| -rw-r--r-- | Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp b/Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp deleted file mode 100644 index 2825451..0000000 --- a/Exfiltration/mimikatz-1.0/modules/mod_minidump.cpp +++ /dev/null @@ -1,163 +0,0 @@ -/* Benjamin DELPY `gentilkiwi` - http://blog.gentilkiwi.com - benjamin@gentilkiwi.com - Licence : http://creativecommons.org/licenses/by/3.0/fr/ -*/ -#include "mod_minidump.h" - -mod_minidump::mod_minidump() : monFichier(NULL), monFileMapping(NULL), mesDonnees(NULL) -{ -} - -mod_minidump::~mod_minidump(void) -{ - if(mesDonnees) - UnmapViewOfFile(mesDonnees); - - if(monFileMapping) - CloseHandle(monFileMapping); - - if(monFichier) - CloseHandle(monFichier); -} - -LPVOID mod_minidump::RVAtoPTR(RVA monRVA) -{ - return reinterpret_cast<PBYTE>(mesDonnees) + monRVA; -} - -bool mod_minidump::open(wchar_t * filename) -{ - bool resultat = false; - - if(monFichier = CreateFile(filename, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL)) - if(monFileMapping = CreateFileMapping(monFichier, NULL, PAGE_READONLY, 0, 0, NULL)) - if(mesDonnees = MapViewOfFile(monFileMapping, FILE_MAP_READ, 0, 0, 0)) - resultat = (reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->Signature == MINIDUMP_SIGNATURE) && (static_cast<WORD>(reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->Version) == MINIDUMP_VERSION); - - return resultat; -} - -MINIDUMP_TYPE mod_minidump::getFlags() -{ - return static_cast<MINIDUMP_TYPE>(reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->Flags); -} - -const wchar_t *FlagsString[] = { - L"MiniDumpNormal", - L"MiniDumpWithDataSegs", - L"MiniDumpWithFullMemory", - L"MiniDumpWithHandleData", - L"MiniDumpFilterMemory", - L"MiniDumpScanMemory", - L"MiniDumpWithUnloadedModules", - L"MiniDumpWithIndirectlyReferencedMemory", - L"MiniDumpFilterModulePaths", - L"MiniDumpWithProcessThreadData", - L"MiniDumpWithPrivateReadWriteMemory", - L"MiniDumpWithoutOptionalData", - L"MiniDumpWithFullMemoryInfo", - L"MiniDumpWithThreadInfo", - L"MiniDumpWithCodeSegs", - L"MiniDumpWithoutAuxiliaryState", - L"MiniDumpWithFullAuxiliaryState", - L"MiniDumpWithPrivateWriteCopyMemory", - L"MiniDumpIgnoreInaccessibleMemory", - L"MiniDumpWithTokenInformation" -}; - -bool mod_minidump::FlagsToStrings(vector<wstring> * monVecteur) -{ - return FlagsToStrings(getFlags(), monVecteur); -} - -bool mod_minidump::FlagsToStrings(MINIDUMP_TYPE Flags, vector<wstring> * monVecteur) -{ - bool resultat = false; - - if(!Flags) - { - monVecteur->push_back(FlagsString[0]); - resultat = true; - } - else if(Flags & MiniDumpValidTypeFlags) - { - DWORD shift, i; - for(shift = MiniDumpWithDataSegs, i = 1; shift <= MiniDumpWithTokenInformation; shift<<=1, i++) - { - if((Flags & shift) == shift) - monVecteur->push_back(FlagsString[i]); - } - resultat = true; - } - - return resultat; -} - -LPVOID mod_minidump::getStream(MINIDUMP_STREAM_TYPE type) -{ - PMINIDUMP_DIRECTORY mesRepertoires = reinterpret_cast<PMINIDUMP_DIRECTORY>(RVAtoPTR(reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->StreamDirectoryRva)); - for(DWORD i = 0; i < reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->NumberOfStreams; i++) - { - if(mesRepertoires[i].StreamType == type) - return RVAtoPTR(mesRepertoires[i].Location.Rva); - } - return NULL; -} - -PMINIDUMP_MODULE mod_minidump::getMinidumpModule(wstring & nomModule) -{ - if(PMINIDUMP_MODULE_LIST monObject = reinterpret_cast<PMINIDUMP_MODULE_LIST>(getStream(ModuleListStream))) - { - for(DWORD i = 0; i < monObject->NumberOfModules; i++) - { - PMINIDUMP_MODULE monModule = &monObject->Modules[i]; - PMINIDUMP_STRING monModuleString = reinterpret_cast<PMINIDUMP_STRING>(RVAtoPTR(monObject->Modules[i].ModuleNameRva)); - if(mod_text::wstr_ends_with(monModuleString->Buffer, monModuleString->Length / sizeof(wchar_t), nomModule.c_str(), nomModule.size())) - return monModule; - } - } - return NULL; -} - -bool mod_minidump::getStreamsVector(vector<PMINIDUMP_DIRECTORY> * monVecteur) -{ - PMINIDUMP_DIRECTORY mesRepertoires = reinterpret_cast<PMINIDUMP_DIRECTORY>(RVAtoPTR(reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->StreamDirectoryRva)); - for(DWORD i = 0; i < reinterpret_cast<PMINIDUMP_HEADER>(mesDonnees)->NumberOfStreams; monVecteur->push_back(&mesRepertoires[i++])); - return true; -} - -const wchar_t *StreamTypeString[] = { - L"UnusedStream", - L"ReservedStream0", - L"ReservedStream1", - L"ThreadListStream", - L"ModuleListStream", - L"MemoryListStream", - L"ExceptionStream", - L"SystemInfoStream", - L"ThreadExListStream", - L"Memory64ListStream", - L"CommentStreamA", - L"CommentStreamW", - L"HandleDataStream", - L"FunctionTableStream", - L"UnloadedModuleListStream", - L"MiscInfoStream", - L"MemoryInfoListStream", - L"ThreadInfoListStream", - L"HandleOperationListStream", - L"TokenStream" -}; - -wstring mod_minidump::StreamTypeToString(MINIDUMP_STREAM_TYPE monType) -{ - if(monType <= TokenStream) - return StreamTypeString[monType]; - else - { - wostringstream monStream; - monStream << L"Inconnu (" << monType << L")"; - return monStream.str(); - } -}
\ No newline at end of file |