Test and handle REG_QWORD
This commit is contained in:
parent
2654752585
commit
d82774be59
|
@ -40,6 +40,7 @@ module Registry
|
|||
REG_BIG_ENDIAN = 5
|
||||
REG_LINK = 6
|
||||
REG_MULTI_SZ = 7
|
||||
REG_QWORD = 11
|
||||
|
||||
HKEY_CLASSES_ROOT = 0x80000000
|
||||
HKEY_CURRENT_USER = 0x80000001
|
||||
|
@ -383,7 +384,7 @@ protected
|
|||
|
||||
# split with ' ' yielding [valname,REGvaltype,REGdata] and extract reg type
|
||||
vtype = match_arr[0].split[1]
|
||||
if %w[ REG_SZ REG_MULTI_SZ REG_EXPAND_SZ REG_DWORD REG_BINARY REG_NONE ].include?(vtype)
|
||||
if %w[ REG_BINARY REG_DWORD REG_EXPAND_SZ REG_MULTI_SZ REG_NONE REG_QWORD REG_SZ ].include?(vtype)
|
||||
value['Type'] = self.class.const_get(vtype)
|
||||
end
|
||||
# treat the remainder of the line after the reg type as the reg value
|
||||
|
@ -391,7 +392,7 @@ protected
|
|||
case vtype
|
||||
when 'REG_BINARY'
|
||||
vdata = vdata.scan(/../).map { |x| x.hex.chr }.join
|
||||
when 'REG_DWORD'
|
||||
when 'REG_DWORD', 'REG_QWORD'
|
||||
if vdata.start_with?('0x')
|
||||
vdata = vdata[2..].to_i(16)
|
||||
else
|
||||
|
|
|
@ -122,6 +122,7 @@ REG_DWORD_LITTLE_ENDIAN = 4
|
|||
REG_DWORD_BIG_ENDIAN = 5
|
||||
REG_LINK = 6
|
||||
REG_MULTI_SZ = 7
|
||||
REG_QWORD = 11
|
||||
|
||||
##
|
||||
#
|
||||
|
|
|
@ -217,11 +217,13 @@ class Registry
|
|||
|
||||
case type
|
||||
when REG_DWORD
|
||||
data = [data.to_i].pack('V')
|
||||
data = [data.to_i].pack('L<')
|
||||
when REG_EXPAND_SZ
|
||||
data += "\x00".b
|
||||
when REG_MULTI_SZ
|
||||
data = data.join("\x00".b) + "\x00\x00".b
|
||||
when REG_QWORD
|
||||
data = [data.to_i].pack('Q<')
|
||||
when REG_SZ
|
||||
data += "\x00".b
|
||||
end
|
||||
|
@ -244,11 +246,13 @@ class Registry
|
|||
|
||||
case type
|
||||
when REG_DWORD
|
||||
data = [data.to_i].pack('V')
|
||||
data = [data.to_i].pack('L<')
|
||||
when REG_EXPAND_SZ
|
||||
data += "\x00".b
|
||||
when REG_MULTI_SZ
|
||||
data = data.join("\x00".b) + "\x00\x00".b
|
||||
when REG_QWORD
|
||||
data = [data.to_i].pack('Q<')
|
||||
when REG_SZ
|
||||
data += "\x00".b
|
||||
end
|
||||
|
@ -279,11 +283,13 @@ class Registry
|
|||
|
||||
case type
|
||||
when REG_DWORD
|
||||
data = data.unpack1('N')
|
||||
data = data.unpack1('L>')
|
||||
when REG_EXPAND_SZ
|
||||
data = data[0..-2]
|
||||
when REG_MULTI_SZ
|
||||
data = data[0..-3].split("\x00".b)
|
||||
when REG_QWORD
|
||||
data = data.unpack1('Q<')
|
||||
when REG_SZ
|
||||
data = data[0..-2]
|
||||
end
|
||||
|
@ -305,11 +311,13 @@ class Registry
|
|||
|
||||
case type
|
||||
when REG_DWORD
|
||||
data = data.unpack1('N')
|
||||
data = data.unpack1('L>')
|
||||
when REG_EXPAND_SZ
|
||||
data = data[0..-2]
|
||||
when REG_MULTI_SZ
|
||||
data = data[0..-3].split("\x00".b)
|
||||
when REG_QWORD
|
||||
data = data.unpack1('Q<')
|
||||
when REG_SZ
|
||||
data = data[0..-2]
|
||||
end
|
||||
|
@ -426,6 +434,7 @@ class Registry
|
|||
when 'REG_EXPAND_SZ' then REG_EXPAND_SZ
|
||||
when 'REG_MULTI_SZ' then REG_MULTI_SZ
|
||||
when 'REG_NONE' then REG_NONE
|
||||
when 'REG_QWORD' then REG_QWORD
|
||||
when 'REG_SZ' then REG_SZ
|
||||
else
|
||||
nil
|
||||
|
|
|
@ -202,6 +202,21 @@ class MetasploitModule < Msf::Post
|
|||
ret
|
||||
end
|
||||
|
||||
it "should write REG_QWORD values" do
|
||||
ret = true
|
||||
registry_setvaldata(%q#HKCU\test_key#, "test_val_qword", 1234, "REG_QWORD")
|
||||
valinfo = registry_getvalinfo(%q#HKCU\test_key#, "test_val_qword")
|
||||
if (valinfo.nil?)
|
||||
ret = false
|
||||
else
|
||||
ret &&= !!(valinfo["Type"] == 11)
|
||||
ret &&= !!(valinfo["Data"].kind_of? Numeric)
|
||||
ret &&= !!(valinfo["Data"] == 1234)
|
||||
end
|
||||
|
||||
ret
|
||||
end
|
||||
|
||||
it "should write REG_SZ values" do
|
||||
ret = true
|
||||
registry_setvaldata(%q#HKCU\test_key#, "test_val_str", "str!", "REG_SZ")
|
||||
|
|
Loading…
Reference in New Issue