Add Windows Memory Search support using regex

c/meterpreter/source/common/common_command_ids.h

@@ -174,6 +174,7 @@
 #define COMMAND_ID_STDAPI_AUDIO_MIC_START 1115
 #define COMMAND_ID_STDAPI_AUDIO_MIC_STOP 1116
 #define COMMAND_ID_STDAPI_AUDIO_MIC_LIST 1117
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_SEARCH 1119
 #define COMMAND_ID_PRIV_ELEVATE_GETSYSTEM 2001
 #define COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE 2002
 #define COMMAND_ID_PRIV_FS_BLANK_FILE_MACE 2003

c/meterpreter/source/extensions/stdapi/server/precomp.h

@@ -26,5 +26,4 @@ extern HINSTANCE hAppInstance;
 
 #define strcasecmp _stricmp
 
-
 #endif

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -69,6 +69,7 @@ Command customCommands[] =
 	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT, request_sys_process_memory_protect),
 	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK, request_sys_process_memory_lock),
 	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK, request_sys_process_memory_unlock),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_SEARCH, request_sys_process_memory_search),
 
 	// Thread
 	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN, request_sys_process_thread_open),

c/meterpreter/source/extensions/stdapi/server/sys/process/process.h

@@ -46,6 +46,7 @@ DWORD request_sys_process_memory_query(Remote *remote, Packet *packet);
 DWORD request_sys_process_memory_protect(Remote *remote, Packet *packet);
 DWORD request_sys_process_memory_lock(Remote *remote, Packet *packet);
 DWORD request_sys_process_memory_unlock(Remote *remote, Packet *packet);
+DWORD request_sys_process_memory_search(Remote *remote, Packet *packet);
 
 // Thread
 DWORD request_sys_process_thread_open(Remote *remote, Packet *packet);

c/meterpreter/source/extensions/stdapi/stdapi.h

@@ -98,6 +98,17 @@
 #define TLV_TYPE_REGISTER_VALUE_32                    MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT,    TLV_TYPE_EXTENSION_STDAPI, 2542 )
 #define TLV_TYPE_REGISTER                             MAKE_CUSTOM_TLV( TLV_META_TYPE_GROUP,   TLV_TYPE_EXTENSION_STDAPI, 2550 )
 
+// Memory - Taken from Mettle: https://github.com/rapid7/mettle/blob/master/mettle/src/tlv_types.h#L262
+#define TLV_TYPE_MEMORY_SEARCH_NEEDLE                 MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING,  TLV_TYPE_EXTENSION_STDAPI, 2650 )
+#define TLV_TYPE_MEMORY_SEARCH_RESULTS                MAKE_CUSTOM_TLV( TLV_META_TYPE_GROUP,   TLV_TYPE_EXTENSION_STDAPI, 2651 )
+#define TLV_TYPE_MEMORY_SEARCH_MATCH_LEN			  MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT,    TLV_TYPE_EXTENSION_STDAPI, 2652 )
+#define TLV_TYPE_MEMORY_SEARCH_START_ADDR			  MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD,   TLV_TYPE_EXTENSION_STDAPI, 2653 )
+#define TLV_TYPE_MEMORY_SEARCH_SECT_LEN				  MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD,   TLV_TYPE_EXTENSION_STDAPI, 2654 )
+#define TLV_TYPE_MEMORY_SEARCH_MATCH_ADDR			  MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD,   TLV_TYPE_EXTENSION_STDAPI, 2655 )
+#define TLV_TYPE_MEMORY_SEARCH_MATCH_STR			  MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING,  TLV_TYPE_EXTENSION_STDAPI, 2656 )
+#define TLV_TYPE_MEMORY_SEARCH_NEEDLE_LENGTH          MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT,    TLV_TYPE_EXTENSION_STDAPI, 2657 )
+#define TLV_TYPE_MEMORY_SEARCH_MATCH_LEN_MAX          MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT,    TLV_TYPE_EXTENSION_STDAPI, 2658 )
+
 // Registry
 #define TLV_TYPE_HKEY                                 MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD,   TLV_TYPE_EXTENSION_STDAPI, 1000 )
 #define TLV_TYPE_ROOT_KEY                             TLV_TYPE_HKEY

c/meterpreter/source/tiny-regex-c/README.md

@@ -0,0 +1,3 @@
+# tiny-regex-c
+
+This library is taken from https://github.com/kokke/tiny-regex-c/tree/master (commit 2d306a5a71128853d18292e8bb85c8e745fbc9d0) with changes to support null-bytes.