From 4357dc26cbe693fefe7555c2dc98683f097f2222 Mon Sep 17 00:00:00 2001
From: Matt Miller <mmiller@hick.org>
Date: Fri, 15 Apr 2005 08:19:04 +0000
Subject: [PATCH] added image enum

git-svn-id: file:///home/svn/incoming/trunk@2380 4d416f70-5f16-0410-b530-b9f4589650da
---
 .../stdapi/sys/process_subsystem/image.rb     | 37 +++++++++++++++++++
 .../post/meterpreter/extensions/stdapi/tlv.rb |  2 +
 2 files changed, 39 insertions(+)

diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
index e533033a71..8fa63eef4c 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb
@@ -32,6 +32,16 @@ class Image
 		self.process = process
 	end
 
+	def [](key)
+		each_image { |i|
+			if (i['name'].downcase == key.downcase)
+				return i['base']
+			end
+		}
+
+		return nil
+	end
+
 	# Loads an image file into the context of the process
 	def load(image_path)
 		request = Packet.create_request('stdapi_sys_process_image_load')
@@ -70,6 +80,33 @@ class Image
 		return true
 	end
 
+	# Enumerates through each image in the process
+	def each_image(&block)
+		get_images.each(&block)
+	end
+
+	# Returns an array of images in the process with hash objects that
+	# have keys for 'name', 'path', and 'base'
+	def get_images
+		request = Packet.create_request('stdapi_sys_process_image_get_images')
+		images  = []
+
+		request.add_tlv(TLV_TYPE_HANDLE, process.handle)
+
+		response = process.client.send_request(request)
+
+		response.each(TLV_TYPE_IMAGE_GROUP) { |i|
+			images <<
+				{
+					'name' => i.get_tlv_value(TLV_TYPE_IMAGE_NAME),
+					'base' => i.get_tlv_value(TLV_TYPE_IMAGE_BASE),
+					'path' => i.get_tlv_value(TLV_TYPE_IMAGE_FILE_PATH)
+				}
+		}
+
+		return images
+	end
+
 protected
 	attr_accessor :process
 
diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
index 9596447df8..338bb11652 100644
--- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb
@@ -51,6 +51,8 @@ TLV_TYPE_IMAGE_FILE_PATH    = TLV_META_TYPE_STRING  | 2401
 TLV_TYPE_PROCEDURE_NAME     = TLV_META_TYPE_STRING  | 2402
 TLV_TYPE_PROCEDURE_ADDRESS  = TLV_META_TYPE_UINT    | 2403
 TLV_TYPE_IMAGE_BASE         = TLV_META_TYPE_UINT    | 2404
+TLV_TYPE_IMAGE_GROUP        = TLV_META_TYPE_GROUP   | 2405
+TLV_TYPE_IMAGE_NAME         = TLV_META_TYPE_STRING  | 2406
 
 ##
 #