librex 0.0.44 → 0.0.46

data/README.markdown

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 
 Currently based on:
-SVN Revision: 13354
+SVN Revision: 13557
 
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/lib/rex/compat.rb

@@ -37,7 +37,7 @@ ENABLE_PROCESSED_INPUT = 1
 
 def self.is_windows
 	return @@is_windows if @@is_windows
-	@@is_windows = (RUBY_PLATFORM =~ /mswin32|mingw32/) ? true : false
+	@@is_windows = (RUBY_PLATFORM =~ /mswin(32|64)|mingw(32|64)/) ? true : false
 end
 
 def self.is_cygwin

data/lib/rex/exceptions.rb

@@ -170,11 +170,9 @@ end
 
 ###
 #
-# This exception is raised when a connection attempt fails because the remote
-# side refused the connection.
+# This is a generic exception for errors that cause a connection to fail.
 #
 ###
-
 class ConnectionError < ::IOError
 	include SocketError
 	include HostCommunicationError
@@ -220,10 +218,12 @@ end
 #
 # This exception is raised when an attempt to use an address or port that is
 # already in use occurs, such as binding to a host on a given port that is
-# already in use.
+# already in use.  Note that Windows raises this in some cases when attempting
+# to connect to addresses that it can't handle, e.g. "0.0.0.0".  Thus, this is
+# a ConnectionError.
 #
 ###
-class AddressInUse < ::RuntimeError
+class AddressInUse < ConnectionError
 	include SocketError
 	include HostCommunicationError
 

data/lib/rex/parser/ci_nokogiri.rb

@@ -0,0 +1,192 @@
+require File.join(File.expand_path(File.dirname(__FILE__)),"nokogiri_doc_mixin")
+
+require 'msf/core'
+
+module Rex
+	module Parser
+
+		# If Nokogiri is available, define the document class.
+		load_nokogiri && class CIDocument < Nokogiri::XML::SAX::Document
+
+		include NokogiriDocMixin
+
+		attr_reader :text
+
+		def initialize(*args)
+			super(*args)
+			@state[:has_text] = true
+		end
+
+		# Triggered every time a new element is encountered. We keep state
+		# ourselves with the @state variable, turning things on when we
+		# get here (and turning things off when we exit in end_element()).
+		def start_element(name=nil,attrs=[])
+			attrs = normalize_attrs(attrs)
+			block = @block
+
+			r = { :e => name }
+			attrs.each { |pair| r[pair[0]] = pair[1] }
+
+			if @state[:path]
+				@state[:path].push r
+			end
+
+			case name
+			when "entity"
+				@state[:path] = [ r ]
+				record_device(r)
+			when "property"
+				return if not @state[:address]
+				return if not @state[:props]
+				@state[:props] << [ r["type"], r["key"]]
+			end
+		end
+
+		# When we exit a tag, this is triggered.
+		def end_element(name=nil)
+			block = @block
+			case name
+			when "entity" # Wrap it up
+				if @state[:address]
+					host_object = report_host &block
+					report_services(host_object)
+					report_vulns(host_object)
+				end
+				# Reset the state once we close a host
+				@report_data = {:wspace => @args[:wspace]}
+				@state[:root] = {}
+			when "property"
+				if @state[:props]
+					@text.strip! if @text
+					process_property
+					@state[:props].pop
+				end
+			end
+			@state[:path].pop
+			@text = nil
+		end
+
+		def record_device(info)
+			if info["class"] and info["class"] == "host" and info["name"]
+				address = info["name"].to_s.gsub(/^.*\//, '')
+				return if address !~ /^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/
+				@state[:address] = address
+				@state[:props]   = []
+			end
+		end
+
+		def process_property
+			return if not @state[:props]
+			return if not @state[:props].length > 0
+			@state[:root] ||= {}
+			@cobj = @state[:root]
+			property_parser(0)
+		end
+
+		def property_parser(idx)
+			return if not @state[:props][idx]
+			case @state[:props][idx][0]
+			when "container", "ports", "entity", "properties"
+				@cobj[ @state[:props][idx][1] ] ||= {}
+				@cobj = @cobj[ @state[:props][idx][1] ]
+			else
+				@cobj[ state[:props][idx][1] ] = @text
+			end
+			property_parser(idx + 1)
+		end
+
+		def report_host(&block)
+			@report_data = {
+				:ports  => [:ignore],
+				:state  => Msf::HostState::Alive,
+				:host   => @state[:address]
+			}
+
+			if @state[:root]["dns names"] and @state[:root]["dns names"].keys.length > 0
+				@report_data[:name] = @state[:root]["dns names"].keys.first
+			end
+
+			if host_is_okay
+				@report_data.delete(:ports)
+
+				db.emit(:address, @report_data[:host],&block) if block
+				host_object = db_report(:host, @report_data.merge(
+					:workspace => @args[:wspace] ) )
+				if host_object
+					db.report_import_note(host_object.workspace, host_object)
+				end
+				host_object
+			end
+		end
+
+		def report_services(host_object)
+			return unless host_object.kind_of? ::Msf::DBManager::Host
+
+			snames = {}
+			( @state[:root]["services"] || {} ).each_pair do |sname, sinfo|
+				sinfo.each_pair do |pinfo,pdata|
+					snames[pinfo] = sname.dup
+				end
+			end
+
+			reported = []
+			if @state[:root]["tcp_ports"]
+				@state[:root]["tcp_ports"].each_pair do |pn, ps|
+					ps = "open" if ps == "listen"
+					svc = { :port => pn.to_i, :state => ps, :proto => 'tcp'}
+					if @state[:root]["Banners"] and @state[:root]["Banners"][pn.to_s]
+						svc[:info] = @state[:root]["Banners"][pn.to_s]
+					end
+					svc[:name] = snames["#{pn}-tcp"] if snames["#{pn}-tcp"]
+					reported << db_report(:service, svc.merge(:host => host_object))
+				end
+			end
+
+			if @state[:root]["udp_ports"]
+				@state[:root]["udp_ports"].each_pair do |pn, ps|
+					ps = "open" if ps == "listen"
+					svc = { :port => pn.to_i, :state => ps, :proto => 'udp'}
+					svc[:name] = snames["#{pn}-udp"] if snames["#{pn}-tcp"]
+					reported << db_report(:service, svc.merge(:host => host_object))
+				end
+			end
+
+			( @state[:root]["services"] || {} ).each_pair do |sname, sinfo|
+				sinfo.each_pair do |pinfo,pdata|
+					sport,sproto = pinfo.split("-")
+					db_report(:note, {
+						:host => host_object,
+						:port => sport.to_i,
+						:proto => sproto,
+						:ntype => "ci.#{sname}.fingerprint",
+						:data => pdata
+					})
+				end
+			end
+
+			reported
+		end
+
+		def report_vulns(host_object)
+			vuln_count = 0
+			block = @block
+			return unless host_object.kind_of? Msf::DBManager::Host
+			return unless @state[:root]["Vulnerabilities"]
+			@state[:root]["Vulnerabilities"].each_pair do |cve, vinfo|
+				vinfo.each_pair do |vname, vdesc|
+					data = {
+						:workspace => host_object.workspace,
+						:host => host_object,
+						:name => vname,
+						:info => vdesc,
+						:refs => [ cve ]
+					}
+					db_report(:vuln, data)
+				end
+			end
+		end
+
+	end
+end
+end
+

data/lib/rex/parser/nexpose_raw_nokogiri.rb

@@ -284,7 +284,10 @@ module Rex
 				info << @state[:service_fingerprint]["version"] if @state[:service_fingerprint]["version"]
 				port_hash[:info] = info.join(" ") if info[0]
 			end
-			@report_data[:ports] << port_hash
+			@report_data[:ports] << port_hash.clone
+			@state.delete :service_fingerprint
+			@state.delete :service
+			@report_data[:ports]
 		end
 
 		def actually_vulnerable(test)

data/lib/rex/parser/nexpose_simple_nokogiri.rb

@@ -296,7 +296,10 @@ module Rex
 			if @state[:service_fingerprint]
 				port_hash[:info] = "#{@state[:service_fingerprint]}"
 			end
-			@report_data[:ports] << port_hash
+			@report_data[:ports] << port_hash.clone
+			@state.delete :service_fingerprint
+			@state.delete :service
+			@report_data[:ports]
 		end
 
 		def collect_service_fingerprint_description

data/lib/rex/pescan/analyze.rb

@@ -54,7 +54,7 @@ module Analyze
 			config(param)
 
 			epa = pe.hdr.opt.AddressOfEntryPoint
-			buf = pe.read_rva(epa, 256)
+			buf = pe.read_rva(epa, 256) || ""
 
 			@sigs.each_pair do |name, data|
 				begin

data/lib/rex/post/meterpreter/client.rb

@@ -151,7 +151,8 @@ class Client
 		ctx = generate_ssl_context()
 		ssl = OpenSSL::SSL::SSLSocket.new(sock, ctx)
 
-		if not ssl.respond_to?(:accept_nonblock)
+		# Use non-blocking OpenSSL operations on Windows
+		if not ( ssl.respond_to?(:accept_nonblock) and Rex::Compat.is_windows )
 			ssl.accept
 		else
 			begin

data/lib/rex/post/meterpreter/client_core.rb

@@ -311,8 +311,17 @@ class ClientCore < Extension
 	#
 	def shutdown
 		request  = Packet.create_request('core_shutdown')
-		# Don't wait for the response since the server will be dead
-		self.client.send_packet(request)
+
+		# If this is a standard TCP session, send and return
+		if not client.passive_service
+			self.client.send_packet(request)
+		else
+		# If this is a HTTP/HTTPS session we need to wait a few seconds
+		# otherwise the session may not receive the command before we
+		# kill the handler. This could be improved by the server side
+		# sending a reply to shutdown first.
+			self.client.send_packet_wait_response(request, 10)
+		end
 		true
 	end
 

data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb

@@ -0,0 +1,84 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/meterpreter/extensions/lanattacks/tlv'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Lanattacks
+
+###
+#
+# This meterpreter extension can currently run DHCP and TFTP servers
+#
+###
+class Lanattacks < Extension
+
+	def initialize(client)
+		super(client, 'lanattacks')
+
+		client.register_extension_aliases(
+			[{
+					'name' => 'lanattacks',
+					'ext'  => self
+			 },])
+	end
+
+	def start_dhcp
+		client.send_request(Packet.create_request('lanattacks_start_dhcp'))
+		true
+	end
+
+	def reset_dhcp
+		client.send_request(Packet.create_request('lanattacks_reset_dhcp'))
+		true
+	end
+
+	def set_dhcp_option(name, value)
+		request = Packet.create_request('lanattacks_set_dhcp_option')
+		request.add_tlv(TLV_TYPE_LANATTACKS_OPTION_NAME, name)
+		request.add_tlv(TLV_TYPE_LANATTACKS_OPTION, value)
+		client.send_request(request)
+		true
+	end
+
+	def load_dhcp_options(datastore)
+		datastore.each do |name, value|
+			if Regexp.new('DHCPIPSTART|DHCPIPEND|NETMASK|ROUTER|DNSSERVER|BROADCAST|'+
+					'SERVEONCE|PXE|HOSTNAME|HOSTSTART|FILENAME|PXECONF|SRVHOST') =~ name
+				set_dhcp_option(name,value)
+			end
+		end
+	end
+
+	def stop_dhcp
+		client.send_request(Packet.create_request('lanattacks_stop_dhcp'))
+		true
+	end
+
+	def start_tftp
+		client.send_request(Packet.create_request('lanattacks_start_tftp'))
+		true
+	end
+
+	def reset_tftp
+		client.send_request(Packet.create_request('lanattacks_reset_tftp'))
+		true
+	end
+
+	def add_tftp_file(filename, data)
+		request = Packet.create_request('lanattacks_add_tftp_file')
+		request.add_tlv(TLV_TYPE_LANATTACKS_OPTION_NAME, filename)
+		request.add_tlv(TLV_TYPE_LANATTACKS_RAW, data, false, true) #compress it
+		client.send_request(request)
+		true
+	end
+
+	def stop_tftp
+		client.send_request(Packet.create_request('lanattacks_stop_tftp'))
+		true
+	end
+end
+
+end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb

@@ -0,0 +1,16 @@
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Lanattacks
+
+TLV_TYPE_LANATTACKS_OPTION = TLV_META_TYPE_RAW| (TLV_EXTENSIONS + 1)
+TLV_TYPE_LANATTACKS_OPTION_NAME = TLV_META_TYPE_STRING| (TLV_EXTENSIONS + 2)
+TLV_TYPE_LANATTACKS_UINT = TLV_META_TYPE_UINT| (TLV_EXTENSIONS + 3)
+TLV_TYPE_LANATTACKS_RAW = TLV_META_TYPE_RAW| (TLV_EXTENSIONS + 4)
+
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb

@@ -138,6 +138,374 @@ module MockMagic
 					"cchReferencedDomainName"=>12
 				},
 			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptAcquireContextW',
+				:params => [["PDWORD", "phProv", "out"], ["PWCHAR", "pszContainer", "in"], ["PWCHAR", "pszProvider", "in"], ["DWORD", "dwProvType", "in"], ["DWORD", "dwflags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [4, nil, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 4026531840],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 4,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xF0",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00E\x00n\x00h\x00a\x00n\x00c\x00e\x00d\x00 \x00C\x00r\x00y\x00p\x00t\x00o\x00g\x00r\x00a\x00p\x00h\x00i\x00c\x00 \x00P\x00r\x00o\x00v\x00i\x00d\x00e\x00r\x00 \x00v\x001\x00.\x000\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptAcquireContextW',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "\xC8\xEB\x14\x00",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phProv"=>1371080},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptCreateHash',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "Algid", "in"], ["LPVOID", "hKey", "in"], ["DWORD", "dwFlags", "in"], ["PDWORD", "phHash", "out"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1371080, 32771, 0, 0, 4],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 4,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\xC8\xEB\x14\x00\x00\x00\x00\x00\x03\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptCreateHash',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "p\xEA\x14\x00",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phHash"=>1370736},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptHashData',
+				:params => [["LPVOID", "hHash", "in"], ["PWCHAR", "pbData", "in"], ["DWORD", "dwDataLen", "in"], ["DWORD", "dwFlags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1370736, "SmartFTP", 16, 0],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00p\xEA\x14\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "S\x00m\x00a\x00r\x00t\x00F\x00T\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptHashData',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptDeriveKey',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "Algid", "in"], ["LPVOID", "hBaseData", "in"], ["DWORD", "dwFlags", "in"], ["PDWORD", "phKey", "inout"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1371080, 26625, 1370736, 8388608, 4],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\xC8\xEB\x14\x00\x00\x00\x00\x00\x01h\x00\x00\x00\x00\x00\x00p\xEA\x14\x00\x00\x00\x00\x00\x00\x00\x80\x00\x03\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "\x04\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDeriveKey',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "\xA0\x9C\x15\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phKey"=>1416352},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptDecrypt',
+				:params => [["LPVOID", "hKey", "in"], ["LPVOID", "hHash", "in"], ["BOOL", "Final", "in"], ["DWORD", "dwFlags", "in"], ["PBLOB", "pbData", "inout"], ["PDWORD", "pdwDataLen", "inout"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1416352, 0, true, 0, "\x96\"\x83/\xCE|", 6],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\xA0\x9C\x15\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\b\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "\x96\"\x83/\xCE|\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDecrypt',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "q\x00u\x00x\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "pbData"=>"q\x00u\x00x\x00", "pdwDataLen"=>6},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptDestroyHash',
+				:params => [["LPVOID", "hHash", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1370736],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00p\xEA\x14\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDestroyHash',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptDestroyKey',
+				:params => [["LPVOID", "hKey", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1416352],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\xA0\x9C\x15\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDestroyKey',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x86/win32',
+				:name => 'CryptReleaseContext',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "dwFlags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1371080, 0],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\xC8\xEB\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptReleaseContext',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptAcquireContextW',
+				:params => [["PDWORD", "phProv", "out"], ["PWCHAR", "pszContainer", "in"], ["PWCHAR", "pszProvider", "in"], ["DWORD", "dwProvType", "in"], ["DWORD", "dwflags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [8, nil, "Microsoft Enhanced Cryptographic Provider v1.0", 1, 4026531840],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 8,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xF0\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "M\x00i\x00c\x00r\x00o\x00s\x00o\x00f\x00t\x00 \x00E\x00n\x00h\x00a\x00n\x00c\x00e\x00d\x00 \x00C\x00r\x00y\x00p\x00t\x00o\x00g\x00r\x00a\x00p\x00h\x00i\x00c\x00 \x00P\x00r\x00o\x00v\x00i\x00d\x00e\x00r\x00 \x00v\x001\x00.\x000\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptAcquireContextW',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "\x80\xCE\x1A\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phProv"=>1756800},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptCreateHash',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "Algid", "in"], ["LPVOID", "hKey", "in"], ["DWORD", "dwFlags", "in"], ["PDWORD", "phHash", "out"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1756800, 32771, 0, 0, 8],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 8,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x80\xCE\x1A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptCreateHash',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "\x00\xA3\x19\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phHash"=>1680128},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptHashData',
+				:params => [["LPVOID", "hHash", "in"], ["PWCHAR", "pbData", "in"], ["DWORD", "dwDataLen", "in"], ["DWORD", "dwFlags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1680128, "SmartFTP", 16, 0],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xA3\x19\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "S\x00m\x00a\x00r\x00t\x00F\x00T\x00P\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptHashData',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptDeriveKey',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "Algid", "in"], ["LPVOID", "hBaseData", "in"], ["DWORD", "dwFlags", "in"], ["PDWORD", "phKey", "inout"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1756800, 26625, 1680128, 8388608, 4],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x80\xCE\x1A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01h\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xA3\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "\x04\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDeriveKey',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "p\xA3\x19\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "phKey"=>1680240},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptDecrypt',
+				:params => [["LPVOID", "hKey", "in"], ["LPVOID", "hHash", "in"], ["BOOL", "Final", "in"], ["DWORD", "dwFlags", "in"], ["PBLOB", "pbData", "inout"], ["PDWORD", "pdwDataLen", "inout"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1680240, 0, true, 0, "\x85\"\x97/\xCC|", 6],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00p\xA3\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "\x85\"\x97/\xCC|\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDecrypt',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "b\x00a\x00z\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true, "pbData"=>"b\x00a\x00z\x00", "pdwDataLen"=>6},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptDestroyHash',
+				:params => [["LPVOID", "hHash", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1680128],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x00\xA3\x19\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDestroyHash',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptDestroyKey',
+				:params => [["LPVOID", "hKey", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1680240],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00p\xA3\x19\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptDestroyKey',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
+			{
+				:platform => 'x64/win64',
+				:name => 'CryptReleaseContext',
+				:params => [["LPVOID", "hProv", "in"], ["DWORD", "dwFlags", "in"]],
+				:return_type => 'BOOL',
+				:dll_name => 'advapi32',
+				:ruby_args => [1756800, 0],
+				:request_to_client => {
+					TLV_TYPE_RAILGUN_SIZE_OUT => 0,
+					TLV_TYPE_RAILGUN_STACKBLOB => "\x00\x00\x00\x00\x00\x00\x00\x00\x80\xCE\x1A\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_IN => "",
+					TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_DLLNAME => 'advapi32',
+					TLV_TYPE_RAILGUN_FUNCNAME => 'CryptReleaseContext',
+				},
+				:response_from_client => {
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT => "",
+					TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT => "",
+					TLV_TYPE_RAILGUN_BACK_RET => 1,
+					TLV_TYPE_RAILGUN_BACK_ERR => 0,
+				},
+				:returned_hash => {"GetLastError"=>0, "return"=>true},
+			},
 		]
 	end