From 2d54a1a978ea76cdcdbc1cb299df925e6331330a Mon Sep 17 00:00:00 2001
From: Benjamin DELPY <benjamin@gentilkiwi.com>
Date: Sun, 16 Aug 2020 10:37:36 +0200
Subject: [PATCH] [fix #301] Not using _time32() anymore, not in XP msvcrt

---
 .../modules/dpapi/packages/kuhl_m_dpapi_cloudap.c     |  4 ++--
 modules/kull_m_string.c                               | 11 +++++++++++
 modules/kull_m_string.h                               |  1 +
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c b/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c
index df56b1f..5790af0 100644
--- a/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c
+++ b/mimikatz/modules/dpapi/packages/kuhl_m_dpapi_cloudap.c
@@ -113,7 +113,7 @@ NTSTATUS kuhl_m_dpapi_cloudap_keyvalue_derived(int argc, wchar_t * argv[])
 		{
 			if(kull_m_string_args_byName(argc, argv, L"iat", &szIat, NULL))
 				time32 = wcstol(szIat, NULL, 0);
-			else _time32(&time32);
+			else kull_m_string_get_time32(&time32);
 			kprintf(L"Issued at  : %ld\n", time32);
 
 			if(isDerivedKey)
@@ -215,7 +215,7 @@ PSTR generate_simplePayload(PCWSTR PrimaryRefreshToken, __time32_t *iat)
 
 	if(iat)
 		time32 = *iat;
-	else _time32(&time32);
+	else kull_m_string_get_time32(&time32);
 
 	if(kull_m_string_quick_urlsafe_base64_to_Binary(PrimaryRefreshToken, &data, &cbData))
 	{
diff --git a/modules/kull_m_string.c b/modules/kull_m_string.c
index 8196490..032caec 100644
--- a/modules/kull_m_string.c
+++ b/modules/kull_m_string.c
@@ -155,6 +155,17 @@ void kull_m_string_wprintf_hex(LPCVOID lpData, DWORD cbData, DWORD flags)
 		kprintf(L"\n};\n");
 }
 
+__time32_t kull_m_string_get_time32(__time32_t * _Time)
+{
+	__time32_t ret;
+	FILETIME SystemTimeAsFileTime;
+	GetSystemTimeAsFileTime(&SystemTimeAsFileTime);
+	ret = (__time32_t) (*(PLONGLONG) &SystemTimeAsFileTime - 116444736000000000) / 10000000;
+	if(_Time)
+		*_Time = ret;
+	return ret;
+}
+
 void kull_m_string_displayFileTime(IN PFILETIME pFileTime)
 {
 	SYSTEMTIME st;
diff --git a/modules/kull_m_string.h b/modules/kull_m_string.h
index 45794f8..97ca439 100644
--- a/modules/kull_m_string.h
+++ b/modules/kull_m_string.h
@@ -80,6 +80,7 @@ BOOL kull_m_string_stringToHex(IN LPCWCHAR string, IN LPBYTE hex, IN DWORD size)
 BOOL kull_m_string_stringToHexBuffer(IN LPCWCHAR string, IN LPBYTE *hex, IN DWORD *size);
 
 void kull_m_string_wprintf_hex(LPCVOID lpData, DWORD cbData, DWORD flags);
+__time32_t kull_m_string_get_time32(__time32_t * _Time);
 void kull_m_string_displayFileTime(IN PFILETIME pFileTime);
 void kull_m_string_displayLocalFileTime(IN PFILETIME pFileTime);
 BOOL kull_m_string_FileTimeToString(IN PFILETIME pFileTime, OUT WCHAR string[14 + 1]);