adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Post/Windows/Process.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

904 lines
57 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Post::Windows::Process
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Post::Windows::Process";
relpath = '../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../_index.html">Index (P)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../Post.html" title="Msf::Post (class)">Post</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Windows.html" title="Msf::Post::Windows (module)">Windows</a></span></span>
&raquo;
<span class="title">Process</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Post::Windows::Process
</h1>
<div class="box_info">
<dl>
<dt>Includes:</dt>
<dd><span class='object_link'><a href="../Process.html" title="Msf::Post::Process (module)">Process</a></span>, <span class='object_link'><a href="ReflectiveDLLInjection.html" title="Msf::Post::Windows::ReflectiveDLLInjection (module)">ReflectiveDLLInjection</a></span></dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/post/windows/process.rb</dd>
</dl>
</div>
<h2>Constant Summary</h2>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="ReflectiveDLLInjection.html" title="Msf::Post::Windows::ReflectiveDLLInjection (module)">ReflectiveDLLInjection</a></span></h3>
<p class="inherited"><span class='object_link'><a href="ReflectiveDLLInjection.html#PAGE_ALIGN-constant" title="Msf::Post::Windows::ReflectiveDLLInjection::PAGE_ALIGN (constant)">ReflectiveDLLInjection::PAGE_ALIGN</a></span></p>
<h3 class="inherited">Constants included
from <span class='object_link'><a href="../../ReflectiveDLLLoader.html" title="Msf::ReflectiveDLLLoader (module)">ReflectiveDLLLoader</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../ReflectiveDLLLoader.html#EXPORT_REFLECTIVELOADER-constant" title="Msf::ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER (constant)">ReflectiveDLLLoader::EXPORT_REFLECTIVELOADER</a></span></p>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#arch_check-instance_method" title="#arch_check (instance method)">#<strong>arch_check</strong>(test_arch, pid) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Checks the architecture of a payload and PID are compatible Returns true if they are false if they are not.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#execute_dll-instance_method" title="#execute_dll (instance method)">#<strong>execute_dll</strong>(rdll_path, param = nil, pid = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Injects a reflective DLL into a process, and executes it.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#execute_shellcode-instance_method" title="#execute_shellcode (instance method)">#<strong>execute_shellcode</strong>(shellcode, base_addr = nil, pid = nil) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Injects shellcode to a process, and executes it.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#get_notepad_pathname-instance_method" title="#get_notepad_pathname (instance method)">#<strong>get_notepad_pathname</strong>(bits, windir, client_arch) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>returns the path to the notepad process based on syswow extension.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(info = {}) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#inject_unhook-instance_method" title="#inject_unhook (instance method)">#<strong>inject_unhook</strong>(proc, bits, delay_sec) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Process.html" title="Msf::Post::Process (module)">Process</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Process.html#get_processes-instance_method" title="Msf::Post::Process#get_processes (method)">#get_processes</a></span>, <span class='object_link'><a href="../Process.html#has_pid%3F-instance_method" title="Msf::Post::Process#has_pid? (method)">#has_pid?</a></span>, <span class='object_link'><a href="../Process.html#kill_process-instance_method" title="Msf::Post::Process#kill_process (method)">#kill_process</a></span>, <span class='object_link'><a href="../Process.html#meterpreter_get_processes-instance_method" title="Msf::Post::Process#meterpreter_get_processes (method)">#meterpreter_get_processes</a></span>, <span class='object_link'><a href="../Process.html#pidof-instance_method" title="Msf::Post::Process#pidof (method)">#pidof</a></span>, <span class='object_link'><a href="../Process.html#shell_get_processes-instance_method" title="Msf::Post::Process#shell_get_processes (method)">#shell_get_processes</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../File.html" title="Msf::Post::File (module)">File</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../File.html#_append_file_powershell-instance_method" title="Msf::Post::File#_append_file_powershell (method)">#_append_file_powershell</a></span>, <span class='object_link'><a href="../File.html#_append_file_unix_shell-instance_method" title="Msf::Post::File#_append_file_unix_shell (method)">#_append_file_unix_shell</a></span>, <span class='object_link'><a href="../File.html#_can_echo%3F-instance_method" title="Msf::Post::File#_can_echo? (method)">#_can_echo?</a></span>, <span class='object_link'><a href="../File.html#_read_file_meterpreter-instance_method" title="Msf::Post::File#_read_file_meterpreter (method)">#_read_file_meterpreter</a></span>, <span class='object_link'><a href="../File.html#_read_file_powershell-instance_method" title="Msf::Post::File#_read_file_powershell (method)">#_read_file_powershell</a></span>, <span class='object_link'><a href="../File.html#_read_file_powershell_fragment-instance_method" title="Msf::Post::File#_read_file_powershell_fragment (method)">#_read_file_powershell_fragment</a></span>, <span class='object_link'><a href="../File.html#_shell_command_with_success_code-instance_method" title="Msf::Post::File#_shell_command_with_success_code (method)">#_shell_command_with_success_code</a></span>, <span class='object_link'><a href="../File.html#_shell_process_with_success_code-instance_method" title="Msf::Post::File#_shell_process_with_success_code (method)">#_shell_process_with_success_code</a></span>, <span class='object_link'><a href="../File.html#_unix_max_line_length-instance_method" title="Msf::Post::File#_unix_max_line_length (method)">#_unix_max_line_length</a></span>, <span class='object_link'><a href="../File.html#_win_ansi_append_file-instance_method" title="Msf::Post::File#_win_ansi_append_file (method)">#_win_ansi_append_file</a></span>, <span class='object_link'><a href="../File.html#_win_ansi_write_file-instance_method" title="Msf::Post::File#_win_ansi_write_file (method)">#_win_ansi_write_file</a></span>, <span class='object_link'><a href="../File.html#_win_bin_append_file-instance_method" title="Msf::Post::File#_win_bin_append_file (method)">#_win_bin_append_file</a></span>, <span class='object_link'><a href="../File.html#_win_bin_write_file-instance_method" title="Msf::Post::File#_win_bin_write_file (method)">#_win_bin_write_file</a></span>, <span class='object_link'><a href="../File.html#_write_file_meterpreter-instance_method" title="Msf::Post::File#_write_file_meterpreter (method)">#_write_file_meterpreter</a></span>, <span class='object_link'><a href="../File.html#_write_file_powershell-instance_method" title="Msf::Post::File#_write_file_powershell (method)">#_write_file_powershell</a></span>, <span class='object_link'><a href="../File.html#_write_file_powershell_fragment-instance_method" title="Msf::Post::File#_write_file_powershell_fragment (method)">#_write_file_powershell_fragment</a></span>, <span class='object_link'><a href="../File.html#_write_file_unix_shell-instance_method" title="Msf::Post::File#_write_file_unix_shell (method)">#_write_file_unix_shell</a></span>, <span class='object_link'><a href="../File.html#append_file-instance_method" title="Msf::Post::File#append_file (method)">#append_file</a></span>, <span class='object_link'><a href="../File.html#attributes-instance_method" title="Msf::Post::File#attributes (method)">#attributes</a></span>, <span class='object_link'><a href="../File.html#cd-instance_method" title="Msf::Post::File#cd (method)">#cd</a></span>, <span class='object_link'><a href="../File.html#chmod-instance_method" title="Msf::Post::File#chmod (method)">#chmod</a></span>, <span class='object_link'><a href="../File.html#copy_file-instance_method" title="Msf::Post::File#copy_file (method)">#copy_file</a></span>, <span class='object_link'><a href="../File.html#dir-instance_method" title="Msf::Post::File#dir (method)">#dir</a></span>, <span class='object_link'><a href="../File.html#directory%3F-instance_method" title="Msf::Post::File#directory? (method)">#directory?</a></span>, <span class='object_link'><a href="../File.html#executable%3F-instance_method" title="Msf::Post::File#executable? (method)">#executable?</a></span>, <span class='object_link'><a href="../File.html#exist%3F-instance_method" title="Msf::Post::File#exist? (method)">#exist?</a></span>, <span class='object_link'><a href="../File.html#expand_path-instance_method" title="Msf::Post::File#expand_path (method)">#expand_path</a></span>, <span class='object_link'><a href="../File.html#exploit_data-instance_method" title="Msf::Post::File#exploit_data (method)">#exploit_data</a></span>, <span class='object_link'><a href="../File.html#exploit_source-instance_method" title="Msf::Post::File#exploit_source (method)">#exploit_source</a></span>, <span class='object_link'><a href="../File.html#file%3F-instance_method" title="Msf::Post::File#file? (method)">#file?</a></span>, <span class='object_link'><a href="../File.html#file_local_write-instance_method" title="Msf::Post::File#file_local_write (method)">#file_local_write</a></span>, <span class='object_link'><a href="../File.html#file_remote_digestmd5-instance_method" title="Msf::Post::File#file_remote_digestmd5 (method)">#file_remote_digestmd5</a></span>, <span class='object_link'><a href="../File.html#file_remote_digestsha1-instance_method" title="Msf::Post::File#file_remote_digestsha1 (method)">#file_remote_digestsha1</a></span>, <span class='object_link'><a href="../File.html#file_remote_digestsha2-instance_method" title="Msf::Post::File#file_remote_digestsha2 (method)">#file_remote_digestsha2</a></span>, <span class='object_link'><a href="../File.html#find_writable_directories-instance_method" title="Msf::Post::File#find_writable_directories (method)">#find_writable_directories</a></span>, <span class='object_link'><a href="../File.html#immutable%3F-instance_method" title="Msf::Post::File#immutable? (method)">#immutable?</a></span>, <span class='object_link'><a href="../File.html#mkdir-instance_method" title="Msf::Post::File#mkdir (method)">#mkdir</a></span>, <span class='object_link'><a href="../File.html#pwd-instance_method" title="Msf::Post::File#pwd (method)">#pwd</a></span>, <span class='object_link'><a href="../File.html#read_file-instance_method" title="Msf::Post::File#read_file (method)">#read_file</a></span>, <span class='object_link'><a href="../File.html#readable%3F-instance_method" title="Msf::Post::File#readable? (method)">#readable?</a></span>, <span class='object_link'><a href="../File.html#rename_file-instance_method" title="Msf::Post::File#rename_file (method)">#rename_file</a></span>, <span class='object_link'><a href="../File.html#rm_f-instance_method" title="Msf::Post::File#rm_f (method)">#rm_f</a></span>, <span class='object_link'><a href="../File.html#rm_rf-instance_method" title="Msf::Post::File#rm_rf (method)">#rm_rf</a></span>, <span class='object_link'><a href="../File.html#setuid%3F-instance_method" title="Msf::Post::File#setuid? (method)">#setuid?</a></span>, <span class='object_link'><a href="../File.html#stat-instance_method" title="Msf::Post::File#stat (method)">#stat</a></span>, <span class='object_link'><a href="../File.html#upload_and_chmodx-instance_method" title="Msf::Post::File#upload_and_chmodx (method)">#upload_and_chmodx</a></span>, <span class='object_link'><a href="../File.html#upload_file-instance_method" title="Msf::Post::File#upload_file (method)">#upload_file</a></span>, <span class='object_link'><a href="../File.html#writable%3F-instance_method" title="Msf::Post::File#writable? (method)">#writable?</a></span>, <span class='object_link'><a href="../File.html#write_file-instance_method" title="Msf::Post::File#write_file (method)">#write_file</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../Common.html" title="Msf::Post::Common (module)">Common</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../Common.html#clear_screen-instance_method" title="Msf::Post::Common#clear_screen (method)">#clear_screen</a></span>, <span class='object_link'><a href="../Common.html#cmd_exec-instance_method" title="Msf::Post::Common#cmd_exec (method)">#cmd_exec</a></span>, <span class='object_link'><a href="../Common.html#cmd_exec_get_pid-instance_method" title="Msf::Post::Common#cmd_exec_get_pid (method)">#cmd_exec_get_pid</a></span>, <span class='object_link'><a href="../Common.html#cmd_exec_with_result-instance_method" title="Msf::Post::Common#cmd_exec_with_result (method)">#cmd_exec_with_result</a></span>, <span class='object_link'><a href="../Common.html#command_exists%3F-instance_method" title="Msf::Post::Common#command_exists? (method)">#command_exists?</a></span>, <span class='object_link'><a href="../Common.html#create_process-instance_method" title="Msf::Post::Common#create_process (method)">#create_process</a></span>, <span class='object_link'><a href="../Common.html#get_env-instance_method" title="Msf::Post::Common#get_env (method)">#get_env</a></span>, <span class='object_link'><a href="../Common.html#get_envs-instance_method" title="Msf::Post::Common#get_envs (method)">#get_envs</a></span>, <span class='object_link'><a href="../Common.html#peer-instance_method" title="Msf::Post::Common#peer (method)">#peer</a></span>, <span class='object_link'><a href="../Common.html#report_virtualization-instance_method" title="Msf::Post::Common#report_virtualization (method)">#report_virtualization</a></span>, <span class='object_link'><a href="../Common.html#rhost-instance_method" title="Msf::Post::Common#rhost (method)">#rhost</a></span>, <span class='object_link'><a href="../Common.html#rport-instance_method" title="Msf::Post::Common#rport (method)">#rport</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="ReflectiveDLLInjection.html" title="Msf::Post::Windows::ReflectiveDLLInjection (module)">ReflectiveDLLInjection</a></span></h3>
<p class="inherited"><span class='object_link'><a href="ReflectiveDLLInjection.html#inject_dll_data_into_process-instance_method" title="Msf::Post::Windows::ReflectiveDLLInjection#inject_dll_data_into_process (method)">#inject_dll_data_into_process</a></span>, <span class='object_link'><a href="ReflectiveDLLInjection.html#inject_dll_into_process-instance_method" title="Msf::Post::Windows::ReflectiveDLLInjection#inject_dll_into_process (method)">#inject_dll_into_process</a></span>, <span class='object_link'><a href="ReflectiveDLLInjection.html#inject_into_process-instance_method" title="Msf::Post::Windows::ReflectiveDLLInjection#inject_into_process (method)">#inject_into_process</a></span></p>
<h3 class="inherited">Methods included from <span class='object_link'><a href="../../ReflectiveDLLLoader.html" title="Msf::ReflectiveDLLLoader (module)">ReflectiveDLLLoader</a></span></h3>
<p class="inherited"><span class='object_link'><a href="../../ReflectiveDLLLoader.html#load_rdi_dll-instance_method" title="Msf::ReflectiveDLLLoader#load_rdi_dll (method)">#load_rdi_dll</a></span>, <span class='object_link'><a href="../../ReflectiveDLLLoader.html#load_rdi_dll_from_data-instance_method" title="Msf::ReflectiveDLLLoader#load_rdi_dll_from_data (method)">#load_rdi_dll_from_data</a></span></p>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="arch_check-instance_method">
#<strong>arch_check</strong>(test_arch, pid) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Checks the architecture of a payload and PID are compatible Returns true if they are false if they are not</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
39
40
41
42
43
44
45
46
47</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 39</span>
<span class='kw'>def</span> <span class='id identifier rubyid_arch_check'>arch_check</span><span class='lparen'>(</span><span class='id identifier rubyid_test_arch'>test_arch</span><span class='comma'>,</span> <span class='id identifier rubyid_pid'>pid</span><span class='rparen'>)</span>
<span class='comment'># get the pid arch
</span> <span class='id identifier rubyid_client'>client</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_processes'>processes</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span> <span class='kw'>do</span> <span class='op'>|</span><span class='id identifier rubyid_p'>p</span><span class='op'>|</span>
<span class='comment'># Check Payload Arch
</span> <span class='kw'>if</span> <span class='id identifier rubyid_pid'>pid</span> <span class='op'>==</span> <span class='id identifier rubyid_p'>p</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>pid</span><span class='tstring_end'>&quot;</span></span><span class='rbracket'>]</span>
<span class='kw'>return</span> <span class='id identifier rubyid_test_arch'>test_arch</span> <span class='op'>==</span> <span class='id identifier rubyid_p'>p</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>arch</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="execute_dll-instance_method">
#<strong>execute_dll</strong>(rdll_path, param = nil, pid = nil) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Injects a reflective DLL into a process, and executes it.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>rdll_path</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The path to the DLL to inject</p>
</div>
</li>
<li>
<span class='name'>param</span>
<span class='type'>(<tt>String</tt>, <tt>Integer</tt>, <tt>nil</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The parameter to pass to the DLL's entry point. If this value is a String then it will first be written into the process memory and then passed by reference. If the value is an Integer, then the value will be passed as is. If the value is nil, it'll be passed as a NULL pointer.</p>
</div>
</li>
<li>
<span class='name'>pid</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The process ID to inject to, if unspecified, a new instance of a random EXE from the process_list array will be launched to host the injected DLL.</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 72</span>
<span class='kw'>def</span> <span class='id identifier rubyid_execute_dll'>execute_dll</span><span class='lparen'>(</span><span class='id identifier rubyid_rdll_path'>rdll_path</span><span class='comma'>,</span> <span class='id identifier rubyid_param'>param</span><span class='op'>=</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_pid'>pid</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_process_list'>process_list</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>msiexec</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>netsh</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_pid'>pid</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='comment'># Get a random process from the process list to spawn.
</span> <span class='id identifier rubyid_process_cmd'>process_cmd</span> <span class='op'>=</span> <span class='id identifier rubyid_process_list'>process_list</span><span class='period'>.</span><span class='id identifier rubyid_sample'>sample</span>
<span class='comment'># Use Rex&#39;s PeParsey as per Spencer&#39;s suggestion to determine the true architecture of the DLL we are injecting.
</span> <span class='id identifier rubyid_pe'>pe</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>PeParsey</span><span class='op'>::</span><span class='const'>Pe</span><span class='period'>.</span><span class='id identifier rubyid_new_from_file'>new_from_file</span><span class='lparen'>(</span><span class='id identifier rubyid_rdll_path'>rdll_path</span><span class='comma'>,</span> <span class='kw'>true</span><span class='rparen'>)</span>
<span class='id identifier rubyid_arch'>arch</span> <span class='op'>=</span> <span class='id identifier rubyid_pe'>pe</span><span class='period'>.</span><span class='id identifier rubyid_hdr'>hdr</span><span class='period'>.</span><span class='id identifier rubyid_file'>file</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Machine</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='comment'># If the DLL is x86 but the host architecture is x64, then launch a 32 bit WoW64 binary to inject into.
</span> <span class='kw'>if</span> <span class='lparen'>(</span><span class='id identifier rubyid_arch'>arch</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>PeParsey</span><span class='op'>::</span><span class='const'>PeBase</span><span class='op'>::</span><span class='const'>IMAGE_FILE_MACHINE_I386</span><span class='rparen'>)</span> <span class='op'>&amp;&amp;</span> <span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_sysinfo'>sysinfo</span><span class='lbracket'>[</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Architecture</span><span class='tstring_end'>&#39;</span></span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span><span class='rparen'>)</span>
<span class='id identifier rubyid_windir'>windir</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_config'>config</span><span class='period'>.</span><span class='id identifier rubyid_getenv'>getenv</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>windir</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_process_cmd'>process_cmd</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_windir'>windir</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\SysWOW64\\</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_process_cmd'>process_cmd</span><span class='embexpr_end'>}</span><span class='tstring_content'>.exe</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Launching </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_process_cmd'>process_cmd</span><span class='embexpr_end'>}</span><span class='tstring_content'> to host the DLL...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_host_process'>host_process</span> <span class='op'>=</span> <span class='id identifier rubyid_client'>client</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_execute'>execute</span><span class='lparen'>(</span><span class='id identifier rubyid_process_cmd'>process_cmd</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='lbrace'>{</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Hidden</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='kw'>true</span> <span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_process'>process</span> <span class='op'>=</span> <span class='id identifier rubyid_client'>client</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_host_process'>host_process</span><span class='period'>.</span><span class='id identifier rubyid_pid'>pid</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../top-level-namespace.html#PROCESS_ALL_ACCESS-constant" title="PROCESS_ALL_ACCESS (constant)">PROCESS_ALL_ACCESS</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Process </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_pid'>pid</span><span class='embexpr_end'>}</span><span class='tstring_content'> launched.</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>rescue</span> <span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post.html" title="Rex::Post (module)">Post</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter.html" title="Rex::Post::Meterpreter (module)">Meterpreter</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter/RequestError.html" title="Rex::Post::Meterpreter::RequestError (class)">RequestError</a></span></span>
<span class='comment'># Reader Sandbox won&#39;t allow to create a new process:
</span> <span class='comment'># stdapi_sys_process_execute: Operation failed: Access is denied.
</span> <span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Operation failed. Trying to inject into the current process...</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_process'>process</span> <span class='op'>=</span> <span class='id identifier rubyid_client'>client</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span>
<span class='kw'>end</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_process'>process</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_pid'>pid</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../top-level-namespace.html#PROCESS_ALL_ACCESS-constant" title="PROCESS_ALL_ACCESS (constant)">PROCESS_ALL_ACCESS</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Reflectively injecting the DLL into </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_pid'>pid</span><span class='embexpr_end'>}</span><span class='tstring_content'>...</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_exploit_mem'>exploit_mem</span><span class='comma'>,</span> <span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='id identifier rubyid_inject_dll_into_process'>inject_dll_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='op'>::</span><span class='const'>File</span><span class='period'>.</span><span class='id identifier rubyid_expand_path'>expand_path</span><span class='lparen'>(</span><span class='id identifier rubyid_rdll_path'>rdll_path</span><span class='rparen'>)</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_param'>param</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>String</span><span class='rparen'>)</span>
<span class='comment'># if it&#39;s a string, treat it as data and copy it into the remote process then pass it by reference
</span> <span class='id identifier rubyid_param_ptr'>param_ptr</span> <span class='op'>=</span> <span class='id identifier rubyid_inject_into_process'>inject_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_process'>process</span><span class='comma'>,</span> <span class='id identifier rubyid_param'>param</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_param'>param</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='const'>Integer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_param_ptr'>param_ptr</span> <span class='op'>=</span> <span class='id identifier rubyid_param'>param</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_param'>param</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_param_ptr'>param_ptr</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>TypeError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>param must be a string, integer or nil</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_thread'>thread</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_exploit_mem'>exploit_mem</span> <span class='op'>+</span> <span class='id identifier rubyid_offset'>offset</span><span class='comma'>,</span> <span class='id identifier rubyid_param_ptr'>param_ptr</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="execute_shellcode-instance_method">
#<strong>execute_shellcode</strong>(shellcode, base_addr = nil, pid = nil) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Injects shellcode to a process, and executes it.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>shellcode</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The shellcode to execute</p>
</div>
</li>
<li>
<span class='name'>base_addr</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The base address to allocate memory</p>
</div>
</li>
<li>
<span class='name'>pid</span>
<span class='type'>(<tt>Integer</tt>)</span>
<em class="default">(defaults to: <tt>nil</tt>)</em>
&mdash;
<div class='inline'>
<p>The process ID to inject to, if unspecified, the shellcode will be executed in place.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
&mdash;
<div class='inline'>
<p>True if successful, otherwise false</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 127</span>
<span class='kw'>def</span> <span class='id identifier rubyid_execute_shellcode'>execute_shellcode</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode'>shellcode</span><span class='comma'>,</span> <span class='id identifier rubyid_base_addr'>base_addr</span><span class='op'>=</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_pid'>pid</span><span class='op'>=</span><span class='kw'>nil</span><span class='rparen'>)</span>
<span class='id identifier rubyid_pid'>pid</span> <span class='op'>||=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_getpid'>getpid</span>
<span class='id identifier rubyid_host'>host</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_sys'>sys</span><span class='period'>.</span><span class='id identifier rubyid_process'>process</span><span class='period'>.</span><span class='id identifier rubyid_open'>open</span><span class='lparen'>(</span><span class='id identifier rubyid_pid'>pid</span><span class='period'>.</span><span class='id identifier rubyid_to_i'>to_i</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../top-level-namespace.html#PROCESS_ALL_ACCESS-constant" title="PROCESS_ALL_ACCESS (constant)">PROCESS_ALL_ACCESS</a></span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_base_addr'>base_addr</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_shell_addr'>shell_addr</span> <span class='op'>=</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_allocate'>allocate</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_shell_addr'>shell_addr</span> <span class='op'>=</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_allocate'>allocate</span><span class='lparen'>(</span><span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span><span class='comma'>,</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_base_addr'>base_addr</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_protect'>protect</span><span class='lparen'>(</span><span class='id identifier rubyid_shell_addr'>shell_addr</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_memory'>memory</span><span class='period'>.</span><span class='id identifier rubyid_write'>write</span><span class='lparen'>(</span><span class='id identifier rubyid_shell_addr'>shell_addr</span><span class='comma'>,</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='rparen'>)</span> <span class='op'>&lt;</span> <span class='id identifier rubyid_shellcode'>shellcode</span><span class='period'>.</span><span class='id identifier rubyid_length'>length</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to write shellcode</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_vprint_status'>vprint_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Creating the thread to execute in 0x</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_shell_addr'>shell_addr</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='lparen'>(</span><span class='int'>16</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'> (pid=</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_pid'>pid</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_thread'>thread</span> <span class='op'>=</span> <span class='id identifier rubyid_host'>host</span><span class='period'>.</span><span class='id identifier rubyid_thread'>thread</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_shell_addr'>shell_addr</span><span class='comma'>,</span><span class='int'>0</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_thread'>thread</span><span class='period'>.</span><span class='id identifier rubyid_instance_of?'>instance_of?</span><span class='lparen'>(</span><span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post.html" title="Rex::Post (module)">Post</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter.html" title="Rex::Post::Meterpreter (module)">Meterpreter</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions.html" title="Rex::Post::Meterpreter::Extensions (module)">Extensions</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi.html" title="Rex::Post::Meterpreter::Extensions::Stdapi (module)">Stdapi</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi/Sys.html" title="Rex::Post::Meterpreter::Extensions::Stdapi::Sys (module)">Sys</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Rex/Post/Meterpreter/Extensions/Stdapi/Sys/Thread.html" title="Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Thread (class)">Thread</a></span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_vprint_error'>vprint_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to create thread</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>nil</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_thread'>thread</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="get_notepad_pathname-instance_method">
#<strong>get_notepad_pathname</strong>(bits, windir, client_arch) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>returns the path to the notepad process based on syswow extension</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
50
51
52
53
54
55
56
57
58
59
60
61</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 50</span>
<span class='kw'>def</span> <span class='id identifier rubyid_get_notepad_pathname'>get_notepad_pathname</span><span class='lparen'>(</span><span class='id identifier rubyid_bits'>bits</span><span class='comma'>,</span> <span class='id identifier rubyid_windir'>windir</span><span class='comma'>,</span> <span class='id identifier rubyid_client_arch'>client_arch</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X86</span> <span class='kw'>and</span> <span class='id identifier rubyid_client_arch'>client_arch</span> <span class='op'>==</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_windir'>windir</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\System32\\notepad.exe</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span> <span class='kw'>and</span> <span class='id identifier rubyid_client_arch'>client_arch</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_windir'>windir</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\System32\\notepad.exe</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span> <span class='kw'>and</span> <span class='id identifier rubyid_client_arch'>client_arch</span> <span class='op'>==</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_windir'>windir</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\Sysnative\\notepad.exe</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X86</span> <span class='kw'>and</span> <span class='id identifier rubyid_client_arch'>client_arch</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_cmd'>cmd</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_windir'>windir</span><span class='embexpr_end'>}</span><span class='tstring_content'>\\SysWOW64\\notepad.exe</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_cmd'>cmd</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="initialize-instance_method">
#<strong>initialize</strong>(info = {}) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 13</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_info'>info</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span>
<span class='id identifier rubyid_update_info'>update_info</span><span class='lparen'>(</span>
<span class='id identifier rubyid_info'>info</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Compat</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Meterpreter</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Commands</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='qwords_beg'>%w[</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_config_getenv</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_config_sysinfo</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_attach</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_execute</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_getpid</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_get_processes</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_allocate</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_protect</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_memory_write</span><span class='words_sep'>
</span><span class='tstring_content'>stdapi_sys_process_thread_create</span><span class='words_sep'>
</span><span class='tstring_end'>]</span></span>
<span class='rbrace'>}</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="inject_unhook-instance_method">
#<strong>inject_unhook</strong>(proc, bits, delay_sec) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
152
153
154
155
156
157
158
159
160
161
162
163
164</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/post/windows/process.rb', line 152</span>
<span class='kw'>def</span> <span class='id identifier rubyid_inject_unhook'>inject_unhook</span><span class='lparen'>(</span><span class='id identifier rubyid_proc'>proc</span><span class='comma'>,</span> <span class='id identifier rubyid_bits'>bits</span><span class='comma'>,</span> <span class='id identifier rubyid_delay_sec'>delay_sec</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X64</span>
<span class='id identifier rubyid_dll_file_name'>dll_file_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>x64.dll</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_bits'>bits</span> <span class='op'>==</span> <span class='const'>ARCH_X86</span>
<span class='id identifier rubyid_dll_file_name'>dll_file_name</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>x86.dll</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>else</span>
<span class='kw'>return</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_dll_file'>dll_file</span> <span class='op'>=</span> <span class='const'>MetasploitPayloads</span><span class='period'>.</span><span class='id identifier rubyid_meterpreter_ext_path'>meterpreter_ext_path</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>unhook</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span> <span class='id identifier rubyid_dll_file_name'>dll_file_name</span><span class='rparen'>)</span>
<span class='id identifier rubyid_dll'>dll</span><span class='comma'>,</span> <span class='id identifier rubyid_offset'>offset</span> <span class='op'>=</span> <span class='id identifier rubyid_inject_dll_into_process'>inject_dll_into_process</span><span class='lparen'>(</span><span class='id identifier rubyid_proc'>proc</span><span class='comma'>,</span> <span class='id identifier rubyid_dll_file'>dll_file</span><span class='rparen'>)</span>
<span class='id identifier rubyid_proc'>proc</span><span class='period'>.</span><span class='id identifier rubyid_thread'>thread</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_dll'>dll</span> <span class='op'>+</span> <span class='id identifier rubyid_offset'>offset</span><span class='comma'>,</span> <span class='int'>0</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='period'>.</span><span class='id identifier rubyid_sleep'>sleep</span><span class='lparen'>(</span><span class='id identifier rubyid_delay_sec'>delay_sec</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:01:37 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink