mimikatz/modules/kull_m_file.c

/*	Benjamin DELPY `gentilkiwi`
	http://blog.gentilkiwi.com
	benjamin@gentilkiwi.com
	Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#include "kull_m_file.h"

BOOL isBase64Intercept = FALSE;

BOOL kull_m_file_getCurrentDirectory(wchar_t ** ppDirName)
{
	BOOL reussite = FALSE;
	DWORD tailleRequise = GetCurrentDirectory(0, NULL);
	if(*ppDirName = (wchar_t *) LocalAlloc(LPTR, tailleRequise * sizeof(wchar_t)))
		if(!(reussite = (tailleRequise > 0 && (GetCurrentDirectory(tailleRequise, *ppDirName) == tailleRequise - 1))))
			LocalFree(*ppDirName);

	return reussite;
}

BOOL kull_m_file_getAbsolutePathOf(PCWCHAR thisData, wchar_t ** reponse)
{
	BOOL reussite = FALSE;
	wchar_t *monRep;
	*reponse = (wchar_t *) LocalAlloc(LPTR, MAX_PATH);

	if(PathIsRelative(thisData))
	{
		if(kull_m_file_getCurrentDirectory(&monRep))
		{
			reussite = (PathCombine(*reponse , monRep, thisData) != NULL);
			LocalFree(monRep);
		}
	}
	else
		reussite = PathCanonicalize(*reponse, thisData);

	if(!reussite)
		LocalFree(*reponse);

	return reussite;
}

BOOL kull_m_file_isFileExist(wchar_t *fileName)
{
	BOOL reussite = FALSE;
	HANDLE monFichier = CreateFile(fileName, 0, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	reussite = (monFichier && monFichier != INVALID_HANDLE_VALUE);
	if(reussite)
		CloseHandle(monFichier);

	return reussite;
}

BOOL kull_m_file_writeData(PCWCHAR fileName, LPCVOID data, DWORD lenght)
{
	BOOL reussite = FALSE;
	DWORD dwBytesWritten = 0, i;
	HANDLE hFile = NULL;
	LPWSTR base64;
	
	if(isBase64Intercept)
	{
		if(CryptBinaryToString((const BYTE *) data, lenght, CRYPT_STRING_BASE64, NULL, &dwBytesWritten))
		{
			if(base64 = (LPWSTR) LocalAlloc(LPTR, dwBytesWritten * sizeof(wchar_t)))
			{
				if(reussite = CryptBinaryToString((const BYTE *) data, lenght, CRYPT_STRING_BASE64, base64, &dwBytesWritten))
				{
					kprintf(L"\n====================\nBase64 of file : %s\n====================\n", fileName);
					for(i = 0; i < dwBytesWritten; i++)
						kprintf(L"%c", base64[i]);
					kprintf(L"====================\n");
				}
				LocalFree(base64);
			}
		}
	}
	else if((hFile = CreateFile(fileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL)) && hFile != INVALID_HANDLE_VALUE)
	{
		if(WriteFile(hFile, data, lenght, &dwBytesWritten, NULL) && (lenght == dwBytesWritten))
			reussite = FlushFileBuffers(hFile);
		CloseHandle(hFile);
	}
	return reussite;
}

BOOL kull_m_file_readData(PCWCHAR fileName, PBYTE * data, PDWORD lenght)	// for little files !
{
	BOOL reussite = FALSE;
	DWORD dwBytesReaded;
	LARGE_INTEGER filesize;

	HANDLE hFile = CreateFile(fileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
	if(hFile && hFile != INVALID_HANDLE_VALUE)
	{
		if(GetFileSizeEx(hFile, &filesize) && !filesize.HighPart)
		{
			*lenght = filesize.LowPart;
			if(*data = (PBYTE) LocalAlloc(LPTR, *lenght))
			{
				if(!(reussite = ReadFile(hFile, *data, *lenght, &dwBytesReaded, NULL) && (*lenght == dwBytesReaded)))
					LocalFree(*data);
			}
		}
		CloseHandle(hFile);
	}
	return reussite;
}

const wchar_t kull_m_file_forbiddenChars[] = {L'\\', L'/', L':', L'*', L'?', L'\"', L'<', L'>', L'|'};
void kull_m_file_cleanFilename(wchar_t *fileName)
{
	DWORD i, j;
	for(i = 0; fileName[i]; i++)
		for(j = 0; j < ARRAYSIZE(kull_m_file_forbiddenChars); j++)
			if(fileName[i] == kull_m_file_forbiddenChars[j])
				fileName[i] = L'~';
}
Initial upload 2014-04-06 18:31:53 +00:00			/* Benjamin DELPY `gentilkiwi`
			`http://blog.gentilkiwi.com`
			`benjamin@gentilkiwi.com`
			`Licence : http://creativecommons.org/licenses/by/3.0/fr/`
			`*/`
			`#include "kull_m_file.h"`

Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`BOOL isBase64Intercept = FALSE;`

Initial upload 2014-04-06 18:31:53 +00:00			`BOOL kull_m_file_getCurrentDirectory(wchar_t ** ppDirName)`
			`{`
			`BOOL reussite = FALSE;`
			`DWORD tailleRequise = GetCurrentDirectory(0, NULL);`
mimidrv fix for image notify 7 x86, cd command & README update 2014-09-07 16:40:32 +00:00			`if(ppDirName = (wchar_t ) LocalAlloc(LPTR, tailleRequise * sizeof(wchar_t)))`
			`if(!(reussite = (tailleRequise > 0 && (GetCurrentDirectory(tailleRequise, *ppDirName) == tailleRequise - 1))))`
			`LocalFree(*ppDirName);`
Initial upload 2014-04-06 18:31:53 +00:00
			`return reussite;`
			`}`

lsadump::lsa can play with AD supplementalCredentials, with mimilib.dll 2014-05-24 20:16:46 +00:00			`BOOL kull_m_file_getAbsolutePathOf(PCWCHAR thisData, wchar_t ** reponse)`
Initial upload 2014-04-06 18:31:53 +00:00			`{`
			`BOOL reussite = FALSE;`
			`wchar_t *monRep;`
			`reponse = (wchar_t ) LocalAlloc(LPTR, MAX_PATH);`

			`if(PathIsRelative(thisData))`
			`{`
			`if(kull_m_file_getCurrentDirectory(&monRep))`
			`{`
			`reussite = (PathCombine(*reponse , monRep, thisData) != NULL);`
			`LocalFree(monRep);`
			`}`
			`}`
			`else`
			`reussite = PathCanonicalize(*reponse, thisData);`

			`if(!reussite)`
			`LocalFree(*reponse);`

			`return reussite;`
			`}`

			`BOOL kull_m_file_isFileExist(wchar_t *fileName)`
			`{`
			`BOOL reussite = FALSE;`
			`HANDLE monFichier = CreateFile(fileName, 0, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);`
			`reussite = (monFichier && monFichier != INVALID_HANDLE_VALUE);`
			`if(reussite)`
			`CloseHandle(monFichier);`

			`return reussite;`
			`}`

minor file function change 2015-01-13 21:08:23 +00:00			`BOOL kull_m_file_writeData(PCWCHAR fileName, LPCVOID data, DWORD lenght)`
Initial upload 2014-04-06 18:31:53 +00:00			`{`
			`BOOL reussite = FALSE;`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`DWORD dwBytesWritten = 0, i;`
			`HANDLE hFile = NULL;`
			`LPWSTR base64;`
Initial upload 2014-04-06 18:31:53 +00:00
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`if(isBase64Intercept)`
			`{`
minor file function change 2015-01-13 21:08:23 +00:00			`if(CryptBinaryToString((const BYTE *) data, lenght, CRYPT_STRING_BASE64, NULL, &dwBytesWritten))`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`{`
			`if(base64 = (LPWSTR) LocalAlloc(LPTR, dwBytesWritten * sizeof(wchar_t)))`
			`{`
minor file function change 2015-01-13 21:08:23 +00:00			`if(reussite = CryptBinaryToString((const BYTE *) data, lenght, CRYPT_STRING_BASE64, base64, &dwBytesWritten))`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`{`
Base64 filename in header 2014-04-23 20:40:12 +00:00			`kprintf(L"\n====================\nBase64 of file : %s\n====================\n", fileName);`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`for(i = 0; i < dwBytesWritten; i++)`
			`kprintf(L"%c", base64[i]);`
Base64 filename in header 2014-04-23 20:40:12 +00:00			`kprintf(L"====================\n");`
Code cleaning & Base64 output 2014-04-23 20:00:29 +00:00			`}`
			`LocalFree(base64);`
			`}`
			`}`
			`}`
			`else if((hFile = CreateFile(fileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, 0, NULL)) && hFile != INVALID_HANDLE_VALUE)`
Initial upload 2014-04-06 18:31:53 +00:00			`{`
			`if(WriteFile(hFile, data, lenght, &dwBytesWritten, NULL) && (lenght == dwBytesWritten))`
			`reussite = FlushFileBuffers(hFile);`
			`CloseHandle(hFile);`
			`}`
			`return reussite;`
			`}`

			`BOOL kull_m_file_readData(PCWCHAR fileName, PBYTE * data, PDWORD lenght) // for little files !`
			`{`
			`BOOL reussite = FALSE;`
			`DWORD dwBytesReaded;`
			`LARGE_INTEGER filesize;`

			`HANDLE hFile = CreateFile(fileName, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);`
			`if(hFile && hFile != INVALID_HANDLE_VALUE)`
			`{`
			`if(GetFileSizeEx(hFile, &filesize) && !filesize.HighPart)`
			`{`
			`*lenght = filesize.LowPart;`
			`if(data = (PBYTE) LocalAlloc(LPTR, lenght))`
			`{`
			`if(!(reussite = ReadFile(hFile, data, lenght, &dwBytesReaded, NULL) && (*lenght == dwBytesReaded)))`
			`LocalFree(*data);`
			`}`
			`}`
			`CloseHandle(hFile);`
			`}`
			`return reussite;`
			`}`

			`const wchar_t kull_m_file_forbiddenChars[] = {L'\\', L'/', L':', L'*', L'?', L'\"', L'<', L'>', L'\|'};`
			`void kull_m_file_cleanFilename(wchar_t *fileName)`
			`{`
			`DWORD i, j;`
			`for(i = 0; fileName[i]; i++)`
ARRAYSIZE & indentation 2014-05-28 16:00:36 +00:00			`for(j = 0; j < ARRAYSIZE(kull_m_file_forbiddenChars); j++)`
Initial upload 2014-04-06 18:31:53 +00:00			`if(fileName[i] == kull_m_file_forbiddenChars[j])`
			`fileName[i] = L'~';`
			`}`