Moved and adapted code relating to looking up constant names by constant value

lib/msf/core/post/windows/railgun.rb

@@ -5,7 +5,7 @@ class Post
 module Windows
 module Railgun
 
-	# Go through each method and add a convenience method
+	# Go through each dll and add a corresponding convenience method of the same name
 	Rex::Post::Meterpreter::Extensions::Stdapi::Railgun::Railgun.builtin_dlls.each do |api|
 		# We will be interpolating within an eval. We exercise due paranoia.
 		unless api.to_s =~ /^\w+$/
@@ -15,7 +15,7 @@ module Railgun
 
 		# don't override existing methods
 		if method_defined? api.to_sym
-			# We don't warn in case the override is intentional
+			# We don't warn as the override may have been intentional
 			next
 		end
 
@@ -23,6 +23,20 @@ module Railgun
 		eval "def #{api.to_s}; railgun.#{api.to_s}; end"
 	end
 
+	#
+	# Return an array of windows constants names matching +winconst+
+	#
+	def select_const_names(winconst, filter_regex=nil)
+		return railgun.constant_manager.select_const_names(winconst, filter_regex)
+	end
+
+	#
+	# Returns an array of windows error code names for a given windows error code matching +err_code+ 
+	#
+	def error_lookup (err_code)
+		return select_const_names(err_code, /^ERROR_/)
+	end
+
 	def memread(address, length)
 		railgun.memread(address, length)
 	end

lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb

@@ -281,22 +281,6 @@ class Railgun
 	def const(str)
 		return constant_manager.parse(str)
 	end
-	
-	#
-	# Return an array of windows constants names matching +winconst+
-	#
-	
-	def const_reverse_lookup(winconst,filter_regex=nil)
-		return constant_manager.rev_lookup(winconst,filter_regex)
-	end
-	
-	#
-	# Returns an array of windows error code names for a given windows error code matching +err_code+ 
-	#
-	
-	def error_lookup (err_code,filter_regex=/^ERROR_/)
-		return constant_manager.rev_lookup(err_code,filter_regex)
-	end
 
 	#
 	# The multi-call shorthand (["kernel32", "ExitProcess", [0]])

lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb

@@ -18,8 +18,7 @@
 # DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 # (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 module Rex
@@ -33,6 +32,7 @@ module Railgun
 # Manages our library of windows constants
 #
 class WinConstManager
+	attr_reader :consts
 
 	def initialize(initial_consts = {})
 		@consts = {}
@@ -40,12 +40,10 @@ class WinConstManager
 		initial_consts.each_pair do |name, value|
 			add_const(name, value)
 		end
-
-		# Load utility
 	end
 
 	def add_const(name, value)
-		@consts[name] = value
+		consts[name] = value
 	end
 
 	# parses a string constaining constants and returns an integer
@@ -59,41 +57,38 @@ class WinConstManager
 		return_value = 0
 		for one_const in s.split('|')
 			one_const = one_const.strip()
-			if not @consts.has_key? one_const
+			if not consts.has_key? one_const
 				return nil # at least one "Constant" is unknown to us
 			end
-			return_value |= @consts[one_const]
+			return_value |= consts[one_const]
 		end
 		return return_value
 	end
 
 	def is_parseable(s)
-		return parse(s) != nil
-	end
-	
-	# looks up a windows constant (integer or hex) and returns an array of matching winconstant names
-	#
-	# this function will NOT throw an exception but return "nil" if it can't find an error code
-	def rev_lookup(winconst, filter_regex=nil)
-		c = winconst.to_i # this is what we're gonna reverse lookup
-		arr = [] # results array
-		@consts.each_pair do |k,v|
-			arr << k if v == c
-		end
-		if filter_regex # this is how we're going to filter the results
-			# in case we get passed a string instead of a Regexp
-			filter_regex = Regexp.new(filter_regex) unless filter_regex.class == Regexp
-			# do the actual filtering
-			arr.select! do |item|
-				item if item =~ filter_regex
-			end
-		end
-		return arr
+		return !parse(s).nil?
 	end
 
-	def is_parseable(s)
-		return parse(s) != nil
-	end	
+	#
+	# Returns an array of constant names that have a value matching "winconst"
+	# and (optionally) a name that matches "filter_regex"
+	# 
+	def select_const_names(winconst, filter_regex=nil)
+		matches = []
+
+		consts.each_pair do |name, value|
+			matches << name if value == winconst
+		end
+		
+		# Filter matches by name if a filter has been provided
+		unless filter_regex.nil?
+			matches.delete_if do |name|
+				name !~ filter_regex
+			end
+		end
+
+		return matches
+	end
 end
 
 end; end; end; end; end; end

lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb

@@ -12,6 +12,26 @@ module Extensions
 module Stdapi
 module Railgun
 class WinConstManager::UnitTest < Test::Unit::TestCase
+
+	def test_select_const_names
+		const_manager = WinConstManager.new
+
+		names = %w(W WW WWW)
+
+		names.each do |name|
+			const_manager.add_const(name, 23)
+		end
+
+		assert(const_manager.select_const_names(23).sort == names,
+			'select_const_names should return all names for given value')
+
+		const_manager.add_const('Skidoo!', 23)
+
+		assert(const_manager.select_const_names(23, /^\w{1,3}$/).sort == names,
+			'select_const_names should filter names with provided regex')
+		
+	end
+
 	def test_is_parseable
 		const_manager = WinConstManager.new