From 4b4d596b7499e9bcc62d22c2670ea3372e6d736f Mon Sep 17 00:00:00 2001 From: Benjamin DELPY Date: Tue, 20 Mar 2018 02:02:33 +0100 Subject: [PATCH] [fix #138] Adapted Build mask from commend and msvcrt.dll reverse + fixed version command on x86 --- mimikatz/mimikatz.c | 2 +- mimikatz/modules/kuhl_m_standard.c | 17 ++++++++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/mimikatz/mimikatz.c b/mimikatz/mimikatz.c index 4e1d1237f..cb93ff47c 100644 --- a/mimikatz/mimikatz.c +++ b/mimikatz/mimikatz.c @@ -108,7 +108,7 @@ NTSTATUS mimikatz_initOrClean(BOOL Init) if(Init) { RtlGetNtVersionNumbers(&MIMIKATZ_NT_MAJOR_VERSION, &MIMIKATZ_NT_MINOR_VERSION, &MIMIKATZ_NT_BUILD_NUMBER); - MIMIKATZ_NT_BUILD_NUMBER &= 0x00003fff; + MIMIKATZ_NT_BUILD_NUMBER &= 0x00007fff; offsetToFunc = FIELD_OFFSET(KUHL_M, pInit); hr = CoInitializeEx(NULL, COINIT_MULTITHREADED); if(FAILED(hr)) diff --git a/mimikatz/modules/kuhl_m_standard.c b/mimikatz/modules/kuhl_m_standard.c index 81e99bcaa..168777a17 100644 --- a/mimikatz/modules/kuhl_m_standard.c +++ b/mimikatz/modules/kuhl_m_standard.c @@ -95,18 +95,17 @@ const wchar_t *version_libs[] = { }; NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[]) { - NTSTATUS status; - HMODULE hModule; - PNTQUERYSYSTEMINFORMATIONEX pNtQuerySystemInformationEx; - SYSTEM_ISOLATED_USER_MODE_INFORMATION iumi = {TRUE, FALSE /* 0 */}; DWORD i, len; PVOID buffer; UINT lenVer; VS_FIXEDFILEINFO *verInfo; - BOOL isWow64; - + BOOL isWow64 #ifdef _M_X64 - isWow64 = TRUE; + = TRUE; + NTSTATUS status; + HMODULE hModule; + PNTQUERYSYSTEMINFORMATIONEX pNtQuerySystemInformationEx; + SYSTEM_ISOLATED_USER_MODE_INFORMATION iumi = {TRUE, FALSE /* 0 */}; #else if(IsWow64Process(GetCurrentProcess(), &isWow64)) #endif @@ -118,7 +117,7 @@ NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[]) MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NUMBER, isWow64 ? L"64" : L"86", _MSC_FULL_VER, _MSC_BUILD ); } - + #ifdef _M_X64 if((MIMIKATZ_NT_BUILD_NUMBER >= KULL_M_WIN_MIN_BUILD_10) && (hModule = GetModuleHandle(L"ntdll"))) { if(pNtQuerySystemInformationEx = (PNTQUERYSYSTEMINFORMATIONEX) GetProcAddress(hModule, "NtQuerySystemInformationEx")) @@ -134,7 +133,7 @@ NTSTATUS kuhl_m_standard_version(int argc, wchar_t * argv[]) else PRINT_ERROR(L"NtQuerySystemInformationEx: %08x\n", status); } } - + #endif if(argc) { kprintf(L"\n");