rex 2.0.5 → 2.0.7

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb

@@ -370,7 +370,6 @@ class ApiConstants
     win_const_mgr.add_const('SQL_CVT_LONGVARBINARY',0x00040000)
     win_const_mgr.add_const('WM_RESTORE_INDIVIDUALIZE',0x00000002)
     win_const_mgr.add_const('ARRAY_SEP_CHAR',0x00000009)
-    win_const_mgr.add_const('SC_MANAGER_CREATE_SERVICE',0x00000002)
     win_const_mgr.add_const('ERROR_NO_SAVEPOINT_WITH_OPEN_FILES',0x00001ABA)
     win_const_mgr.add_const('OID_FDDI_SMT_STATION_ACTION',0x03030277)
     win_const_mgr.add_const('OID_PNP_ADD_WAKE_UP_PATTERN',0xFD010103)
@@ -2357,7 +2356,70 @@ class ApiConstants
     win_const_mgr.add_const('RTM_VIEW_MASK_UCAST',0x00000001)
     win_const_mgr.add_const('CERT_ALT_NAME_VALUE_ERR_INDEX_MASK',0x0000FFFF)
     win_const_mgr.add_const('ERROR_NO_SUCH_GROUP',0x00000527)
+    
+    # Generic Access Rights
     win_const_mgr.add_const('GENERIC_ALL',0x10000000)
+    win_const_mgr.add_const('GENERIC_EXECUTE',0x20000000)
+    win_const_mgr.add_const('GENERIC_WRITE',0x40000000)
+    win_const_mgr.add_const('GENERIC_READ',0x80000000)
+    
+        
+    # Standard Access Rights
+    win_const_mgr.add_const('DELETE',0x00010000)
+    win_const_mgr.add_const('READ_CONTROL',0x00020000)
+    win_const_mgr.add_const('WRITE_DAC',0x00040000)
+    win_const_mgr.add_const('WRITE_OWNER',0x00080000)
+    win_const_mgr.add_const('ACCESS_SYSTEM_SECURITY',0x01000000)
+    
+    # Services
+    win_const_mgr.add_const('SERVICE_NO_CHANGE',0xFFFFFFFF)
+    
+    # Service Start Types
+    win_const_mgr.add_const('START_TYPE_BOOT',0x00000000)
+    win_const_mgr.add_const('START_TYPE_SYSTEM',0x00000001)
+    win_const_mgr.add_const('START_TYPE_AUTO',0x00000002)
+    win_const_mgr.add_const('START_TYPE_MANUAL',0x00000003)
+    win_const_mgr.add_const('START_TYPE_DISABLED',0x00000004)
+    
+    # Service States
+    win_const_mgr.add_const('SERVICE_STOPPED',0x00000001)
+    win_const_mgr.add_const('SERVICE_START_PENDING',0x00000002)
+    win_const_mgr.add_const('SERVICE_STOP_PENDING',0x00000003)
+    win_const_mgr.add_const('SERVICE_RUNNING',0x00000004)
+    win_const_mgr.add_const('SERVICE_CONTINUE_PENDING',0x00000005)
+    win_const_mgr.add_const('SERVICE_PAUSE_PENDING',0x00000006)
+    win_const_mgr.add_const('SERVICE_PAUSED',0x00000007)
+    
+    # Service Types
+    win_const_mgr.add_const('SERVICE_KERNEL_DRIVER',0x00000001)
+    win_const_mgr.add_const('SERVICE_FILE_SYSTEM_DRIVER',0x00000002)
+    win_const_mgr.add_const('SERVICE_ADAPTER',0x00000004)
+    win_const_mgr.add_const('SERVICE_RECOGNIZER_DRIVER',0x00000008)
+    win_const_mgr.add_const('SERVICE_WIN32_OWN_PROCESS',0x00000010)
+    win_const_mgr.add_const('SERVICE_WIN32_SHARE_PROCESS',0x00000020)
+    
+    # Service Manager Permissions
+    win_const_mgr.add_const('SC_MANAGER_CONNECT',0x00000001)
+    win_const_mgr.add_const('SC_MANAGER_CREATE_SERVICE',0x00000002)
+    win_const_mgr.add_const('SC_MANAGER_ENUMERATE_SERVICE',0x00000004)
+    win_const_mgr.add_const('SC_MANAGER_LOCK',0x00000008)
+    win_const_mgr.add_const('SC_MANAGER_QUERY_LOCK_STATUS',0x00000010)
+    win_const_mgr.add_const('SC_MANAGER_MODIFY_BOOT_CONFIG',0x00000020)
+    win_const_mgr.add_const('SC_MANAGER_USER_DEFINED_CONTROL',0x00000100)
+    win_const_mgr.add_const('SC_MANAGER_ALL_ACCESS',0x000F003F)
+    
+    # Service Permissions
+    win_const_mgr.add_const('SERVICE_QUERY_CONFIG',0x00000001)
+    win_const_mgr.add_const('SERVICE_CHANGE_CONFIG',0x00000002)
+    win_const_mgr.add_const('SERVICE_QUERY_STATUS',0x00000004)
+    win_const_mgr.add_const('SERVICE_ENUMERATE_DEPENDENTS',0x00000008)
+    win_const_mgr.add_const('SERVICE_START',0x00000010)
+    win_const_mgr.add_const('SERVICE_STOP',0x00000020)
+    win_const_mgr.add_const('SERVICE_PAUSE_CONTINUE',0x00000040)
+    win_const_mgr.add_const('SERVICE_INTERROGATE',0x00000080)
+    win_const_mgr.add_const('SERVICE_USER_DEFINED_CONTROL',0x00000100)
+    win_const_mgr.add_const('SERVICE_ALL_ACCESS',0x000F01FF)
+    
     win_const_mgr.add_const('LINEINITIALIZEEXOPTION_USECOMPLETIONPORT',0x00000003)
     win_const_mgr.add_const('AVIIF_TWOCC',0x00000002)
     win_const_mgr.add_const('TBTS_LEFT',0x00000001)
@@ -3408,7 +3470,6 @@ class ApiConstants
     win_const_mgr.add_const('SQL_DS_RESTRICT',0x00000002)
     win_const_mgr.add_const('SQL_FD_FETCH_NEXT',0x00000001)
     win_const_mgr.add_const('HTTP_QUERY_ACCEPT_LANGUAGE',0x0000001B)
-    win_const_mgr.add_const('SC_MANAGER_LOCK',0x00000008)
     win_const_mgr.add_const('CM_CDMASK_VALID',0x0000000F)
     win_const_mgr.add_const('DI_NEEDRESTART',0x00000080)
     win_const_mgr.add_const('DSOP_DOWNLEVEL_FILTER_NETWORK',0x80001000)
@@ -4450,7 +4511,6 @@ class ApiConstants
     win_const_mgr.add_const('WGL_SWAP_UNDERLAY1',0x00010000)
     win_const_mgr.add_const('CRYPTDLG_ACTION_MASK',0xFFFF0000)
     win_const_mgr.add_const('MCI_ANIM_WINDOW_HWND',0x00010000)
-    win_const_mgr.add_const('SERVICE_QUERY_CONFIG',0x00000001)
     win_const_mgr.add_const('MF_MEDIATYPE_EQUAL_FORMAT_DATA',0x00000004)
     win_const_mgr.add_const('USE_REMOTE_PARMNUM',0x00000002)
     win_const_mgr.add_const('CF_PALETTE',0x00000009)
@@ -5623,7 +5683,6 @@ class ApiConstants
     win_const_mgr.add_const('SQL_DROP_VIEW',0x0000008F)
     win_const_mgr.add_const('FEI_MODEM_POWERED_ON',0x00000011)
     win_const_mgr.add_const('WNODE_FLAG_INTERNAL',0x00000100)
-    win_const_mgr.add_const('SERVICE_START_PENDING',0x00000002)
     win_const_mgr.add_const('ERROR_SXS_INVALID_ACTCTXDATA_FORMAT',0x000036B2)
     win_const_mgr.add_const('ACMFILTERTAGDETAILS_FILTERTAG_CHARS',0x00000030)
     win_const_mgr.add_const('MAPI_E_ATTACHMENT_WRITE_FAILURE',0x0000000D)
@@ -9255,7 +9314,6 @@ class ApiConstants
     win_const_mgr.add_const('TAPE_SPACE_RELATIVE_BLOCKS',0x00000005)
     win_const_mgr.add_const('DBT_DEVICEARRIVAL',0x00008000)
     win_const_mgr.add_const('IMAGE_REL_ALPHA_REFHI',0x0000000A)
-    win_const_mgr.add_const('SERVICE_WIN32_SHARE_PROCESS',0x00000020)
     win_const_mgr.add_const('R2_NOTCOPYPEN',0x00000004)
     win_const_mgr.add_const('POLICY_ERRV_GLOBAL_GRP_PEAK_RATE',0x0000001A)
     win_const_mgr.add_const('VTBIT_CY',0x00000001)
@@ -9859,7 +9917,6 @@ class ApiConstants
     win_const_mgr.add_const('DISPID_FILELISTENUMDONE',0x000000C9)
     win_const_mgr.add_const('DBPROPVAL_IN_DISALLOWNULL',0x00000001)
     win_const_mgr.add_const('PP_PROVTYPE',0x00000010)
-    win_const_mgr.add_const('SERVICE_PAUSE_PENDING',0x00000006)
     win_const_mgr.add_const('MWMO_WAITALL',0x00000001)
     win_const_mgr.add_const('PIR_STATUS_ERROR',0x00000000)
     win_const_mgr.add_const('ERROR_DS_NO_DELETED_NAME',0x000020A3)
@@ -10819,7 +10876,6 @@ class ApiConstants
     win_const_mgr.add_const('LINEADDRCAPFLAGS_QUEUE',0x01000000)
     win_const_mgr.add_const('PRINTER_ACCESS_ADMINISTER',0x00000004)
     win_const_mgr.add_const('SECPKG_CALL_THREAD_TERM',0x00000080)
-    win_const_mgr.add_const('SERVICE_RECOGNIZER_DRIVER',0x00000008)
     win_const_mgr.add_const('MD_DIRBROW_SHOW_EXTENSION',0x00000010)
     win_const_mgr.add_const('HHWIN_BUTTON_BROWSE_BCK',0x00000001)
     win_const_mgr.add_const('COLOR_WINDOWFRAME',0x00000006)
@@ -11675,7 +11731,6 @@ class ApiConstants
     win_const_mgr.add_const('PORT_UAAC',0x00000091)
     win_const_mgr.add_const('D3DPBLENDCAPS_SRCALPHA',0x00000010)
     win_const_mgr.add_const('CALLBACK_STREAM_SWITCH',0x00000001)
-    win_const_mgr.add_const('GENERIC_EXECUTE',0x20000000)
     win_const_mgr.add_const('NUMPRS_PARENS',0x00000080)
     win_const_mgr.add_const('SHI1005_FLAGS_FORCE_SHARED_DELETE',0x00000200)
     win_const_mgr.add_const('SQL_HC_OFF',0x00000000)
@@ -11965,7 +12020,6 @@ class ApiConstants
     win_const_mgr.add_const('MCI_WAIT',0x00000002)
     win_const_mgr.add_const('SPI_SETDROPSHADOW',0x00001025)
     win_const_mgr.add_const('VK_OEM_PERIOD',0x000000BE)
-    win_const_mgr.add_const('SERVICE_CHANGE_CONFIG',0x00000002)
     win_const_mgr.add_const('CERT_STORE_PROV_WRITE_CTL_FUNC',0x0000000A)
     win_const_mgr.add_const('SUBLANG_TAMAZIGHT_ALGERIA_LATIN',0x00000002)
     win_const_mgr.add_const('XECR_PKCS7',0x00000002)
@@ -12173,7 +12227,6 @@ class ApiConstants
     win_const_mgr.add_const('MCI_VCR_FREEZE_OUTPUT',0x00020000)
     win_const_mgr.add_const('DEX_IDS_NO_SOURCE_NAMES',0x0000057D)
     win_const_mgr.add_const('SQL_OUTER_JOINS',0x00000026)
-    win_const_mgr.add_const('SERVICE_ENUMERATE_DEPENDENTS',0x00000008)
     win_const_mgr.add_const('CR_NO_SUCH_LOGICAL_DEV',0x00000014)
     win_const_mgr.add_const('IDC_PS_DISPLAYASICON',0x000001FA)
     win_const_mgr.add_const('GESTURE_UP_LEFT_LONG',0x00000000)
@@ -12243,7 +12296,6 @@ class ApiConstants
     win_const_mgr.add_const('ERROR_VOLSNAP_PREPARE_HIBERNATE',0x0000028F)
     win_const_mgr.add_const('TMT_CAPTIONBARHEIGHT',0x000004B5)
     win_const_mgr.add_const('IDM_ENABLE_INTERACTION',0x000008FE)
-    win_const_mgr.add_const('DELETE',0x00010000)
     win_const_mgr.add_const('CRYPTUI_WIZ_DIGITAL_SIGN_PVK',0x00000003)
     win_const_mgr.add_const('ERROR_CTX_MODEM_RESPONSE_NO_CARRIER',0x00001B65)
     win_const_mgr.add_const('OE_SETTING',0x00000004)
@@ -12431,7 +12483,7 @@ class ApiConstants
     win_const_mgr.add_const('ET_DITHERMODE',0x00000004)
     win_const_mgr.add_const('AA_A_ACL',0x00008000)
     win_const_mgr.add_const('MCI_UPDATE',0x00000854)
-    win_const_mgr.add_const('READ_CONTROL',0x00020000)
+
     win_const_mgr.add_const('ERROR_DS_DESTINATION_DOMAIN_NOT_IN_FOREST',0x00002157)
     win_const_mgr.add_const('IDM_IE50_PASTE',0x00000961)
     win_const_mgr.add_const('DB_NULL_HCHAPTER',0x00000000)
@@ -12739,7 +12791,6 @@ class ApiConstants
     win_const_mgr.add_const('OPF_DISABLECONVERT',0x00000008)
     win_const_mgr.add_const('D3DPCMPCAPS_LESS',0x00000002)
     win_const_mgr.add_const('D3DPRESENT_INTERVAL_TWO',0x00000002)
-    win_const_mgr.add_const('SERVICE_STOP',0x00000020)
     win_const_mgr.add_const('WLX_OPTION_SMART_CARD_INFO',0x00010002)
     win_const_mgr.add_const('MAX_LANA',0x000000FE)
     win_const_mgr.add_const('PLATFORM_ID_VMS',0x000002BC)
@@ -14732,7 +14783,6 @@ class ApiConstants
     win_const_mgr.add_const('CDIS_GRAYED',0x00000002)
     win_const_mgr.add_const('DISPID_QUIT',0x00000067)
     win_const_mgr.add_const('LINETOLLLISTOPTION_REMOVE',0x00000002)
-    win_const_mgr.add_const('SERVICE_WIN32_OWN_PROCESS',0x00000010)
     win_const_mgr.add_const('SM_FOCUS_TYPE_NT_DOMAIN',0x00000001)
     win_const_mgr.add_const('WINHTTP_CALLBACK_STATUS_REQUEST_ERROR',0x00200000)
     win_const_mgr.add_const('PORT_WPGS',0x0000030C)
@@ -15353,7 +15403,6 @@ class ApiConstants
     win_const_mgr.add_const('DEBUG_VSOURCE_MAPPED_IMAGE',0x00000002)
     win_const_mgr.add_const('ERROR_DS_OBJ_STRING_NAME_EXISTS',0x00002071)
     win_const_mgr.add_const('DPD_DELETE_ALL_FILES',0x00000004)
-    win_const_mgr.add_const('SERVICE_STOPPED',0x00000001)
     win_const_mgr.add_const('DMPAPER_ENV_PERSONAL',0x00000026)
     win_const_mgr.add_const('WM_RBUTTONDBLCLK',0x00000206)
     win_const_mgr.add_const('SQL_CURRENT_QUALIFIER',0x0000006D)
@@ -15754,7 +15803,6 @@ class ApiConstants
     win_const_mgr.add_const('ERROR_ABANDONED_WAIT_0',0x000002DF)
     win_const_mgr.add_const('SQL_API_SQLGETCURSORNAME',0x00000011)
     win_const_mgr.add_const('UINT8_MAX',0x00000000)
-    win_const_mgr.add_const('SERVICE_NO_CHANGE',0x00000000)
     win_const_mgr.add_const('AE_SRVCONT',0x00000002)
     win_const_mgr.add_const('RPC_S_GRP_ELT_NOT_REMOVED',0x00000789)
     win_const_mgr.add_const('ERROR_CONNECTED_OTHER_PASSWORD_DEFAULT',0x0000083D)
@@ -16075,7 +16123,6 @@ class ApiConstants
     win_const_mgr.add_const('ERRCLASS_UNK',0x0000000D)
     win_const_mgr.add_const('STREAM_MODIFIED_WHEN_READ',0x00000001)
     win_const_mgr.add_const('SENSITIVITY_PROP_NORMAL',0x00000000)
-    win_const_mgr.add_const('SERVICE_INTERROGATE',0x00000080)
     win_const_mgr.add_const('VK_BROWSER_FORWARD',0x000000A7)
     win_const_mgr.add_const('IDM_BLOCKDIRLTR',0x00000930)
     win_const_mgr.add_const('RF_LATTICE',0x00000800)
@@ -17110,7 +17157,6 @@ class ApiConstants
     win_const_mgr.add_const('TRUSTERROR_STEP_MESSAGE',0x00000008)
     win_const_mgr.add_const('LB_SETTABSTOPS',0x00000192)
     win_const_mgr.add_const('SQL_TL_ON',0x00000001)
-    win_const_mgr.add_const('SERVICE_FILE_SYSTEM_DRIVER',0x00000002)
     win_const_mgr.add_const('SCRIPTPROP_GCCONTROLSOFTCLOSE',0x00002000)
     win_const_mgr.add_const('OPATH_TOK_OPEN_PAREN',0x0000006A)
     win_const_mgr.add_const('IMAGE_SYM_CLASS_REGISTER_PARAM',0x00000011)
@@ -18538,7 +18584,6 @@ class ApiConstants
     win_const_mgr.add_const('DEBUG_OUTCTL_ALL_OTHER_CLIENTS',0x00000002)
     win_const_mgr.add_const('MAX_DDDEVICEID_STRING',0x00000200)
     win_const_mgr.add_const('USN_REASON_RENAME_NEW_NAME',0x00002000)
-    win_const_mgr.add_const('WRITE_DAC',0x00040000)
     win_const_mgr.add_const('BTH_ERROR_SUCCESS',0x00000000)
     win_const_mgr.add_const('SERVER_SEARCH_FLAG_PHANTOM_ROOT',0x00000002)
     win_const_mgr.add_const('SUBLANG_SINDHI_INDIA',0x00000001)
@@ -20372,7 +20417,6 @@ class ApiConstants
     win_const_mgr.add_const('KERB_CHECKSUM_CRC32',0x00000001)
     win_const_mgr.add_const('IMC_SETCOMPOSITIONFONT',0x0000000A)
     win_const_mgr.add_const('TVC_UNKNOWN',0x00000000)
-    win_const_mgr.add_const('SERVICE_RUNNING',0x00000004)
     win_const_mgr.add_const('PORT_HMMP_INDICATION',0x00000264)
     win_const_mgr.add_const('PARTID_MASK',0x00000000)
     win_const_mgr.add_const('SSRVOPT_PARAMTYPE',0x00000100)
@@ -20721,7 +20765,6 @@ class ApiConstants
     win_const_mgr.add_const('CB_MAX_FILENAME',0x00000100)
     win_const_mgr.add_const('MCI_VCR_SET_TRACKING',0x00400000)
     win_const_mgr.add_const('LANG_SINDHI',0x00000059)
-    win_const_mgr.add_const('SERVICE_ADAPTER',0x00000004)
     win_const_mgr.add_const('PCMCIA_DEF_MEMEND',0x00FFFFFF)
     win_const_mgr.add_const('D3DPTEXTURECAPS_MIPCUBEMAP',0x00010000)
     win_const_mgr.add_const('C2_NOTAPPLICABLE',0x00000000)
@@ -20938,7 +20981,6 @@ class ApiConstants
     win_const_mgr.add_const('CTF_REF_COUNTED',0x00000020)
     win_const_mgr.add_const('MCI_DEVTYPE_CD_AUDIO',0x00000204)
     win_const_mgr.add_const('D3DDEVCAPS_TLVERTEXSYSTEMMEMORY',0x00000040)
-    win_const_mgr.add_const('GENERIC_WRITE',0x40000000)
     win_const_mgr.add_const('SE_GROUP_ENABLED',0x00000004)
     win_const_mgr.add_const('PDH_REFRESHCOUNTERS',0x00000004)
     win_const_mgr.add_const('ERROR_CLUSTER_MAXNUM_OF_RESOURCES_EXCEEDED',0x000013D4)
@@ -21904,7 +21946,6 @@ class ApiConstants
     win_const_mgr.add_const('SHERB_NOCONFIRMATION',0x00000001)
     win_const_mgr.add_const('DEBUG_REQUEST_TARGET_EXCEPTION_RECORD',0x00000003)
     win_const_mgr.add_const('CERT_TRUST_INVALID_BASIC_CONSTRAINTS',0x00000400)
-    win_const_mgr.add_const('SERVICE_CONTINUE_PENDING',0x00000005)
     win_const_mgr.add_const('URLACTION_ACTIVEX_RUN',0x00001200)
     win_const_mgr.add_const('EMR_BITBLT',0x0000004C)
     win_const_mgr.add_const('DEBUG_ASMOPT_DEFAULT',0x00000000)
@@ -23291,7 +23332,6 @@ class ApiConstants
     win_const_mgr.add_const('HLNF_DISABLEWINDOWRESTRICTIONS',0x00800000)
     win_const_mgr.add_const('WINHTTP_OPTION_CONNECT_TIMEOUT',0x00000003)
     win_const_mgr.add_const('DS_NOIDLEMSG',0x00000100)
-    win_const_mgr.add_const('SC_MANAGER_CONNECT',0x00000001)
     win_const_mgr.add_const('CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG',0x00020000)
     win_const_mgr.add_const('ERROR_LOG_CLIENT_NOT_REGISTERED',0x000019ED)
     win_const_mgr.add_const('CERT_NAME_STR_REVERSE_FLAG',0x02000000)
@@ -23830,7 +23870,6 @@ class ApiConstants
     win_const_mgr.add_const('DISPID_IHTMLPLUGINSCOLLECTION_REFRESH',0x00000002)
     win_const_mgr.add_const('CM_OPEN_CLASS_KEY_BITS',0x00000001)
     win_const_mgr.add_const('HH_SAFE_DISPLAY_TOPIC',0x00000020)
-    win_const_mgr.add_const('SC_MANAGER_ENUMERATE_SERVICE',0x00000004)
     win_const_mgr.add_const('FPSR_MBZ0_V',0x00000003)
     win_const_mgr.add_const('ERROR_CLUSTER_NODE_ALREADY_HAS_DFS_ROOT',0x000013E0)
     win_const_mgr.add_const('WIA_DPF_FIRST',0x00000D02)
@@ -24022,7 +24061,6 @@ class ApiConstants
     win_const_mgr.add_const('DNS_RTYPE_HINFO',0x00000000)
     win_const_mgr.add_const('WM_COMPACTING',0x00000041)
     win_const_mgr.add_const('EXITPUB_FILE',0x00000001)
-    win_const_mgr.add_const('ACCESS_SYSTEM_SECURITY',0x01000000)
     win_const_mgr.add_const('IP_ADAPTER_IPV4_ENABLED',0x00000080)
     win_const_mgr.add_const('DXGI_USAGE_BACK_BUFFER',0x00000001)
     win_const_mgr.add_const('DVD_AUDIO_CAPS_MPEG2',0x00000002)
@@ -24229,7 +24267,6 @@ class ApiConstants
     win_const_mgr.add_const('PSH_USEHBMWATERMARK',0x00010000)
     win_const_mgr.add_const('APPCTR_MD_ID_BEGIN_RESERVED',0x00000000)
     win_const_mgr.add_const('ADMIN_STATE_ENABLED',0x00000002)
-    win_const_mgr.add_const('SERVICE_START',0x00000010)
     win_const_mgr.add_const('SQL_CONVERT_WVARCHAR',0x0000007E)
     win_const_mgr.add_const('SECPKG_CONTEXT_EXPORT_RESET_NEW',0x00000001)
     win_const_mgr.add_const('GESTURE_INFINITY',0x00000000)
@@ -24327,7 +24364,6 @@ class ApiConstants
     win_const_mgr.add_const('ICDRAW_NULLFRAME',0x10000000)
     win_const_mgr.add_const('JET_BASE_NAME_LENGTH',0x00000003)
     win_const_mgr.add_const('HHWIN_PROP_ONTOP',0x00000001)
-    win_const_mgr.add_const('SERVICE_PAUSED',0x00000007)
     win_const_mgr.add_const('ICEE_CREATE_FILE_PE32',0x00000001)
     win_const_mgr.add_const('CSIDL_PRINTERS',0x00000004)
     win_const_mgr.add_const('LINEBEARERMODE_MULTIUSE',0x00000004)
@@ -24628,7 +24664,6 @@ class ApiConstants
     win_const_mgr.add_const('POSTSCRIPT_DATA',0x00000025)
     win_const_mgr.add_const('MCIWNDF_NOMENU',0x00000008)
     win_const_mgr.add_const('OID_CO_TAPI_TRANSLATE_NDIS_CALLPARAMS',0xFE001005)
-    win_const_mgr.add_const('SERVICE_USER_DEFINED_CONTROL',0x00000100)
     win_const_mgr.add_const('JIFMK_FF',0x0000FFFF)
     win_const_mgr.add_const('DFCS_HOT',0x00001000)
     win_const_mgr.add_const('SI_CONTAINER',0x00000004)
@@ -25917,7 +25952,6 @@ class ApiConstants
     win_const_mgr.add_const('TOKEN_ADJUST_PRIVILEGES',0x00000020)
     win_const_mgr.add_const('CRL_REASON_UNSPECIFIED',0x00000000)
     win_const_mgr.add_const('SERVICE_STOP_REASON_MINOR_MIN',0x00000000)
-    win_const_mgr.add_const('SERVICE_PAUSE_CONTINUE',0x00000040)
     win_const_mgr.add_const('RPC_C_QOS_CAPABILITIES_SCHANNEL_FULL_AUTH_IDENTITY',0x00000020)
     win_const_mgr.add_const('FEI_SENDING',0x00000002)
     win_const_mgr.add_const('DOF_PROGMAN',0x00000001)
@@ -29144,7 +29178,6 @@ class ApiConstants
     win_const_mgr.add_const('DS_FORCE_REDISCOVERY',0x00000001)
     win_const_mgr.add_const('PDH_INVALID_INSTANCE',0xC0000BC5)
     win_const_mgr.add_const('LOCALSTATE_POLICYREMOVE_UNINSTALL',0x00000010)
-    win_const_mgr.add_const('SERVICE_STOP_PENDING',0x00000003)
     win_const_mgr.add_const('PS_JOIN_BEVEL',0x00001000)
     win_const_mgr.add_const('MFE_PRUNED_UPSTREAM',0x00000004)
     win_const_mgr.add_const('TMT_BTNTEXT',0x00000653)
@@ -30370,7 +30403,6 @@ class ApiConstants
     win_const_mgr.add_const('VK_DBE_NOROMAN',0x00000000)
     win_const_mgr.add_const('DNS_TYPE_CNAME',0x00000005)
     win_const_mgr.add_const('PID_IS_WORKINGDIR',0x00000005)
-    win_const_mgr.add_const('SC_MANAGER_QUERY_LOCK_STATUS',0x00000010)
     win_const_mgr.add_const('APPCOMMAND_MEDIA_PLAY_PAUSE',0x0000000E)
     win_const_mgr.add_const('MCI_ANIM_PLAY_SCAN',0x00100000)
     win_const_mgr.add_const('NOTIFY_CLASS_REGISTRY_CHANGE',0x00000004)
@@ -32077,7 +32109,6 @@ class ApiConstants
     win_const_mgr.add_const('RPC_S_SEC_PKG_ERROR',0x00000721)
     win_const_mgr.add_const('IPPORT_ECHO',0x00000007)
     win_const_mgr.add_const('APPSTATUS_STOPPED',0x00000000)
-    win_const_mgr.add_const('SERVICE_QUERY_STATUS',0x00000004)
     win_const_mgr.add_const('WMDM_DEVICECAP_CANPAUSE',0x00000010)
     win_const_mgr.add_const('PSP_USEFUSIONCONTEXT',0x00004000)
     win_const_mgr.add_const('SUBSCRIPTION_CAP_IS_CONTENTPARTNER',0x00000040)
@@ -33167,7 +33198,6 @@ class ApiConstants
     win_const_mgr.add_const('DISPID_CUSTOMIZESETTINGS',0x00000011)
     win_const_mgr.add_const('IMAGE_REL_I386_SECREL',0x0000000B)
     win_const_mgr.add_const('IF_TYPE_VOICE_FXS',0x00000066)
-    win_const_mgr.add_const('WRITE_OWNER',0x00080000)
     win_const_mgr.add_const('CALLBACK_FUNCTION',0x00030000)
     win_const_mgr.add_const('CRYPT_MODE_CTS',0x00000005)
     win_const_mgr.add_const('PAN_STROKEVARIATION_INDEX',0x00000005)
@@ -34303,7 +34333,6 @@ class ApiConstants
     win_const_mgr.add_const('DDPCAPS_1BIT',0x00000100)
     win_const_mgr.add_const('INADDR_LOOPBACK',0x00000007)
     win_const_mgr.add_const('HTTP_QUERY_SERVER',0x00000025)
-    win_const_mgr.add_const('GENERIC_READ',0x80000000)
     win_const_mgr.add_const('DSBI_EXPANDONOPEN',0x00040000)
     win_const_mgr.add_const('D3DUSAGE_DYNAMIC',0x00000200)
     win_const_mgr.add_const('MIN_PST_ERROR',0x800C0001)
@@ -36254,7 +36283,6 @@ class ApiConstants
     win_const_mgr.add_const('DBFLAGS_MULTITHREADTRANSACTIONS',0x00000200)
     win_const_mgr.add_const('ERROR_DBG_RIPEXCEPTION',0x000002B7)
     win_const_mgr.add_const('KSALLOCATOR_FLAG_NO_FRAME_INTEGRITY',0x00000100)
-    win_const_mgr.add_const('SC_MANAGER_MODIFY_BOOT_CONFIG',0x00000020)
     win_const_mgr.add_const('PBT_APMPOWERSTATUSCHANGE',0x0000000A)
     win_const_mgr.add_const('IDM_TRIED_INSERTTABLE',0x00000016)
     win_const_mgr.add_const('IMC_OPENSTATUSWINDOW',0x00000022)
@@ -38107,7 +38135,6 @@ class ApiConstants
     win_const_mgr.add_const('TIME_STAMP_CAPABLE',0x00000020)
     win_const_mgr.add_const('WIA_IPA_ITEM_CATEGORY',0x0000101D)
     win_const_mgr.add_const('DNS_UPDATE_SECURITY_OFF',0x00000010)
-    win_const_mgr.add_const('SERVICE_KERNEL_DRIVER',0x00000001)
     win_const_mgr.add_const('HANDLE_PARAM_IS_IN',0x00000040)
     win_const_mgr.add_const('IF_CHECK_SEND',0x00000002)
     win_const_mgr.add_const('MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT',0x00000800)

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

@@ -318,7 +318,10 @@ class DLL
       buffer = rec_out_only_buffers[buffer_item.addr, buffer_item.length_in_bytes]
       case buffer_item.datatype
         when "PDWORD"
-          return_hash[param_name] = buffer.unpack(native)[0]
+          # PDWORD is treated as a POINTER
+          return_hash[param_name] = buffer.unpack(native).first
+          # If PDWORD is treated correctly as a DWORD
+          return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
         when "PCHAR"
           return_hash[param_name] = asciiz_to_str(buffer)
         when "PWCHAR"
@@ -338,7 +341,10 @@ class DLL
       buffer = rec_inout_buffers[buffer_item.addr, buffer_item.length_in_bytes]
       case buffer_item.datatype
         when "PDWORD"
-          return_hash[param_name] = buffer.unpack(native)[0]
+          # PDWORD is treated as a POINTER
+          return_hash[param_name] = buffer.unpack(native).first
+          # If PDWORD is treated correctly as a DWORD
+          return_hash[param_name] = buffer.unpack('V').first if return_hash[param_name].nil?
         when "PCHAR"
           return_hash[param_name] = asciiz_to_str(buffer)
         when "PWCHAR"

data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb

@@ -154,31 +154,43 @@ class UI < Rex::Post::UI
   def screenshot( quality=50 )
     request = Packet.create_request( 'stdapi_ui_desktop_screenshot' )
     request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_QUALITY, quality )
+
     # include the x64 screenshot dll if the host OS is x64
     if( client.sys.config.sysinfo['Architecture'] =~ /^\S*x64\S*/ )
       screenshot_path = MeterpreterBinaries.path('screenshot','x64.dll')
-      screenshot_path = ::File.expand_path( screenshot_path )
+      if screenshot_path.nil?
+        raise RuntimeError, "screenshot.x64.dll not found", caller
+      end
+
       screenshot_dll  = ''
       ::File.open( screenshot_path, 'rb' ) do |f|
         screenshot_dll += f.read( f.stat.size )
       end
+
       request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_BUFFER, screenshot_dll, false, true )
       request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE64DLL_LENGTH, screenshot_dll.length )
     end
-    # but allways include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
+
+    # but always include the x86 screenshot dll as we can use it for wow64 processes if we are on x64
     screenshot_path = MeterpreterBinaries.path('screenshot','x86.dll')
-    screenshot_path = ::File.expand_path( screenshot_path )
+    if screenshot_path.nil?
+      raise RuntimeError, "screenshot.x86.dll not found", caller
+    end
+
     screenshot_dll  = ''
     ::File.open( screenshot_path, 'rb' ) do |f|
       screenshot_dll += f.read( f.stat.size )
     end
+
     request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER, screenshot_dll, false, true )
     request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_LENGTH, screenshot_dll.length )
+
     # send the request and return the jpeg image if successfull.
     response = client.send_request( request )
     if( response.result == 0 )
       return response.get_tlv_value( TLV_TYPE_DESKTOP_SCREENSHOT )
     end
+
     return nil
   end
 

data/lib/rex/post/meterpreter/packet.rb

@@ -48,44 +48,47 @@ TLV_TEMP                    = 60000
 #
 # TLV Specific Types
 #
-TLV_TYPE_ANY                = TLV_META_TYPE_NONE   |   0
-TLV_TYPE_METHOD             = TLV_META_TYPE_STRING |   1
-TLV_TYPE_REQUEST_ID         = TLV_META_TYPE_STRING |   2
-TLV_TYPE_EXCEPTION          = TLV_META_TYPE_GROUP  |   3
-TLV_TYPE_RESULT             = TLV_META_TYPE_UINT   |   4
-
-
-TLV_TYPE_STRING             = TLV_META_TYPE_STRING |  10
-TLV_TYPE_UINT               = TLV_META_TYPE_UINT   |  11
-TLV_TYPE_BOOL               = TLV_META_TYPE_BOOL   |  12
-
-TLV_TYPE_LENGTH             = TLV_META_TYPE_UINT   |  25
-TLV_TYPE_DATA               = TLV_META_TYPE_RAW    |  26
-TLV_TYPE_FLAGS              = TLV_META_TYPE_UINT   |  27
-
-TLV_TYPE_CHANNEL_ID         = TLV_META_TYPE_UINT   |  50
-TLV_TYPE_CHANNEL_TYPE       = TLV_META_TYPE_STRING |  51
-TLV_TYPE_CHANNEL_DATA       = TLV_META_TYPE_RAW    |  52
-TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP  |  53
-TLV_TYPE_CHANNEL_CLASS      = TLV_META_TYPE_UINT   |  54
-TLV_TYPE_CHANNEL_PARENTID   = TLV_META_TYPE_UINT   |  55
-
-TLV_TYPE_SEEK_WHENCE        = TLV_META_TYPE_UINT   |  70
-TLV_TYPE_SEEK_OFFSET        = TLV_META_TYPE_UINT   |  71
-TLV_TYPE_SEEK_POS           = TLV_META_TYPE_UINT   |  72
-
-TLV_TYPE_EXCEPTION_CODE     = TLV_META_TYPE_UINT   | 300
-TLV_TYPE_EXCEPTION_STRING   = TLV_META_TYPE_STRING | 301
-
-TLV_TYPE_LIBRARY_PATH       = TLV_META_TYPE_STRING | 400
-TLV_TYPE_TARGET_PATH        = TLV_META_TYPE_STRING | 401
-TLV_TYPE_MIGRATE_PID        = TLV_META_TYPE_UINT   | 402
-TLV_TYPE_MIGRATE_LEN        = TLV_META_TYPE_UINT   | 403
-TLV_TYPE_MIGRATE_PAYLOAD    = TLV_META_TYPE_STRING | 404
-TLV_TYPE_MIGRATE_ARCH       = TLV_META_TYPE_UINT   | 405
-
-TLV_TYPE_CIPHER_NAME        = TLV_META_TYPE_STRING | 500
-TLV_TYPE_CIPHER_PARAMETERS  = TLV_META_TYPE_GROUP  | 501
+TLV_TYPE_ANY                 = TLV_META_TYPE_NONE   |   0
+TLV_TYPE_METHOD              = TLV_META_TYPE_STRING |   1
+TLV_TYPE_REQUEST_ID          = TLV_META_TYPE_STRING |   2
+TLV_TYPE_EXCEPTION           = TLV_META_TYPE_GROUP  |   3
+TLV_TYPE_RESULT              = TLV_META_TYPE_UINT   |   4
+
+
+TLV_TYPE_STRING              = TLV_META_TYPE_STRING |  10
+TLV_TYPE_UINT                = TLV_META_TYPE_UINT   |  11
+TLV_TYPE_BOOL                = TLV_META_TYPE_BOOL   |  12
+
+TLV_TYPE_LENGTH              = TLV_META_TYPE_UINT   |  25
+TLV_TYPE_DATA                = TLV_META_TYPE_RAW    |  26
+TLV_TYPE_FLAGS               = TLV_META_TYPE_UINT   |  27
+
+TLV_TYPE_CHANNEL_ID          = TLV_META_TYPE_UINT   |  50
+TLV_TYPE_CHANNEL_TYPE        = TLV_META_TYPE_STRING |  51
+TLV_TYPE_CHANNEL_DATA        = TLV_META_TYPE_RAW    |  52
+TLV_TYPE_CHANNEL_DATA_GROUP  = TLV_META_TYPE_GROUP  |  53
+TLV_TYPE_CHANNEL_CLASS       = TLV_META_TYPE_UINT   |  54
+TLV_TYPE_CHANNEL_PARENTID    = TLV_META_TYPE_UINT   |  55
+
+TLV_TYPE_SEEK_WHENCE         = TLV_META_TYPE_UINT   |  70
+TLV_TYPE_SEEK_OFFSET         = TLV_META_TYPE_UINT   |  71
+TLV_TYPE_SEEK_POS            = TLV_META_TYPE_UINT   |  72
+
+TLV_TYPE_EXCEPTION_CODE      = TLV_META_TYPE_UINT   | 300
+TLV_TYPE_EXCEPTION_STRING    = TLV_META_TYPE_STRING | 301
+
+TLV_TYPE_LIBRARY_PATH        = TLV_META_TYPE_STRING | 400
+TLV_TYPE_TARGET_PATH         = TLV_META_TYPE_STRING | 401
+TLV_TYPE_MIGRATE_PID         = TLV_META_TYPE_UINT   | 402
+TLV_TYPE_MIGRATE_LEN         = TLV_META_TYPE_UINT   | 403
+TLV_TYPE_MIGRATE_PAYLOAD     = TLV_META_TYPE_STRING | 404
+TLV_TYPE_MIGRATE_ARCH        = TLV_META_TYPE_UINT   | 405
+TLV_TYPE_MIGRATE_BASE_ADDR   = TLV_META_TYPE_UINT   | 407
+TLV_TYPE_MIGRATE_ENTRY_POINT = TLV_META_TYPE_UINT   | 408
+TLV_TYPE_MIGRATE_SOCKET_PATH = TLV_META_TYPE_STRING | 409
+
+TLV_TYPE_CIPHER_NAME         = TLV_META_TYPE_STRING | 500
+TLV_TYPE_CIPHER_PARAMETERS   = TLV_META_TYPE_GROUP  | 501
 
 #
 # Core flags