From 8b757c9be9973b4b7323ca0764cc2b82b7920690 Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Wed, 29 Nov 2023 13:07:52 +0000 Subject: [PATCH 1/3] Add Needle Length TLV --- lib/rex/post/meterpreter/extensions/stdapi/tlv.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb index 924838a4af55..9d3c19028612 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb @@ -211,6 +211,7 @@ module Stdapi TLV_TYPE_MEMORY_SEARCH_SECT_LEN = TLV_META_TYPE_QWORD | 2654 TLV_TYPE_MEMORY_SEARCH_MATCH_ADDR = TLV_META_TYPE_QWORD | 2655 TLV_TYPE_MEMORY_SEARCH_MATCH_STR = TLV_META_TYPE_STRING | 2656 +TLV_TYPE_MEMORY_SEARCH_NEEDLE_LEN = TLV_META_TYPE_UINT | 2657 ## # From f8a4f2203cbc05704cff2cb98f6096eaa7898c8f Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Wed, 29 Nov 2023 13:09:09 +0000 Subject: [PATCH 2/3] Add Needle Length to memory search request --- .../extensions/stdapi/sys/process_subsystem/memory.rb | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb index 936209280863..566f068631c1 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb @@ -139,7 +139,10 @@ def search(needles, min_search_len = 5, match_len = 500) request = Packet.create_request(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_SEARCH) request.add_tlv(TLV_TYPE_PID, process.pid) - needles.each { | needle | request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE, needle) } + needles.each do | needle | + request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE, needle) + request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE_LEN, needle.length) + end request.add_tlv(TLV_TYPE_MEMORY_SEARCH_MATCH_LEN, match_len) request.add_tlv(TLV_TYPE_UINT, min_search_len) From 5de9b0179232ed056ea8c516d9f109efe6023463 Mon Sep 17 00:00:00 2001 From: sjanusz-r7 Date: Wed, 29 Nov 2023 15:58:10 +0000 Subject: [PATCH 3/3] Use bytesize for needle size --- .../extensions/stdapi/sys/process_subsystem/memory.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb index 566f068631c1..5b5771208785 100644 --- a/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +++ b/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb @@ -141,7 +141,7 @@ def search(needles, min_search_len = 5, match_len = 500) request.add_tlv(TLV_TYPE_PID, process.pid) needles.each do | needle | request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE, needle) - request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE_LEN, needle.length) + request.add_tlv(TLV_TYPE_MEMORY_SEARCH_NEEDLE_LEN, needle.bytesize) end request.add_tlv(TLV_TYPE_MEMORY_SEARCH_MATCH_LEN, match_len) request.add_tlv(TLV_TYPE_UINT, min_search_len)