C++ (Cpp) extract_file_ Exemples

Exemple #1

Fichier : winpmem.cpp Projet : AnwarMohamed/metasploit-payloads

int WinPmem32::extract_driver()
{
	// 32 bit acquisition defaults to physical device.
	default_mode_ = PMEM_MODE_PHYSICAL;

	if (!driver_filename_) {
		TCHAR path[MAX_PATH + 1];
		TCHAR filename[MAX_PATH + 1];

		// Gets the temp path env string (no guarantee it's a valid path).
		if (!GetTempPath(MAX_PATH, path)) {
			dprintf("[WINPMEM] Unable to determine temporary path.");
			goto error;
		}

		GetTempFileName(path, service_name, 0, filename);
		set_driver_filename(filename);

		driver_is_tempfile_ = true;
	};

	dprintf("[WINPMEM] Extracting driver to %S", driver_filename_);

	return extract_file_(WINPMEM_32BIT_DRIVER, driver_filename_);

error:
	return -1;
}

Exemple #2

Fichier : winpmem.cpp Projet : queer1/rekall

__int64 WinPmem32::load_driver_() {
  // 32 bit acquisition defaults to physical device.
  default_mode_ = PMEM_MODE_PHYSICAL;
  return extract_file_(WINPMEM_32BIT_DRIVER);
}

Exemple #3

Fichier : winpmem.cpp Projet : AnwarMohamed/metasploit-payloads

// Copy the pagefile to the current place in the output file.
void WinPmem::write_page_file()
{
	unsigned __int64 pagefile_offset = out_offset;
	TCHAR path[MAX_PATH + 1];
	TCHAR filename[MAX_PATH + 1];

	if (!GetTempPath(MAX_PATH, path)) {
		dprintf("[WINPMEM] Unable to determine temporary path.");
		goto error;
	}

	// filename is now the random path.
	GetTempFileName(path, L"fls", 0, filename);

	dprintf("[WINPMEM] Extracting fcat to %s", filename);
	if (extract_file_(WINPMEM_FCAT_EXECUTABLE, filename) < 0) {
		goto error;
	};

	SECURITY_ATTRIBUTES saAttr;
	HANDLE stdout_rd = NULL;
	HANDLE stdout_wr = NULL;

	saAttr.nLength = sizeof(SECURITY_ATTRIBUTES);
	saAttr.bInheritHandle = TRUE;
	saAttr.lpSecurityDescriptor = NULL;

	// Create a pipe for the child process's STDOUT.
	if (!CreatePipe(&stdout_rd, &stdout_wr, &saAttr, 0)) {
		dprintf("[WINPMEM] StdoutRd CreatePipe");
		goto error;
	};

	// Ensure the read handle to the pipe for STDOUT is not inherited.
	SetHandleInformation(stdout_rd, HANDLE_FLAG_INHERIT, 0);
	WCHAR command_line[1000];
	swprintf(command_line, 1000, L"%s %s \\\\.\\%s",
			filename, &pagefile_path_[3], pagefile_path_);

	CreateChildProcess(command_line, stdout_wr);
	dprintf("[WINPMEM] Preparing to read pagefile.");
	while (1) {
		DWORD bytes_read = buffer_size_;
		DWORD bytes_written = 0;

		if (!ReadFile(stdout_rd, buffer_, bytes_read, &bytes_read, NULL)) {
			break;
		};

		if (!WriteFile(out_fd_, buffer_, bytes_read, &bytes_written, NULL) ||
			bytes_written != bytes_read) {
			dprintf("[WINPMEM] Failed to write image file");
			goto error;
		};

		out_offset += bytes_written;
	};

error:
	// Write another metadata header.
	{
		char metadata[1000];
	    _snprintf_s(metadata, sizeof(metadata), _TRUNCATE,
				"# PMEM\n"
				"---\n"
				"PreviousHeader: %#llx\n"
				"PagefileOffset: %#llx\n"
				"PagefileSize: %#llx\n"
				"...\n",
			last_header_offset_,
			pagefile_offset,
			out_offset - pagefile_offset
		);

		DWORD metadata_len = (DWORD)strlen(metadata);
		DWORD bytes_written = 0;

		if (!WriteFile(out_fd_, metadata, metadata_len, &bytes_written, NULL) ||
			bytes_written != metadata_len) {
			dprintf("[WINPMEM] Failed to write image file");
		};

		out_offset += bytes_written;
	};

	DeleteFile(filename);
	return;
};

Exemple #4

Fichier : winpmem.cpp Projet : queer1/rekall

__int64 WinPmem64::load_driver_() {
  // 64 bit drivers use PTE acquisition by default.
  default_mode_ = PMEM_MODE_PTE;
  return extract_file_(WINPMEM_64BIT_DRIVER);
}