From ee3c60a6bd646003e2b6ff86519ea638491a8051 Mon Sep 17 00:00:00 2001 From: Bryan Roe Date: Fri, 5 Feb 2021 14:45:43 -0800 Subject: [PATCH] Updated windows update, so that it will attempt to kill any zombie processes --- agents/meshcore.js | 14 +++++++++----- agents/recoverycore.js | 5 +++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/agents/meshcore.js b/agents/meshcore.js index f1bda269..151857cb 100644 --- a/agents/meshcore.js +++ b/agents/meshcore.js @@ -4012,13 +4012,16 @@ function bsd_execv(name, agentfilename, sessionid) { sendAgentMessage('Self Update failed because execv() failed', 3); } -function windows_execve(name, agentfilename, sessionid) { +function windows_execve(name, agentfilename, sessionid) +{ var libc; - try { + try + { libc = require('_GenericMarshal').CreateNativeProxy('msvcrt.dll'); libc.CreateMethod('_wexecve'); } - catch (xx) { + catch (xx) + { sendConsoleText('Self Update failed because msvcrt.dll is missing', sessionid); sendAgentMessage('Self Update failed because msvcrt.dll is missing', 3); return; @@ -4027,7 +4030,8 @@ function windows_execve(name, agentfilename, sessionid) { var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true }); var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize); var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true }); - var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & copy "' + process.cwd() + agentfilename + '.update" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update"', { wide: true }); + var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & "' + process.cwd() + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCk7CiAgICByZXF1aXJlKCdwcm9jZXNzLW1hbmFnZXInKS5lbnVtZXJhdGVQcm9jZXNzZXMoKS50aGVuKGZ1bmN0aW9uIChwcm9jKQogICAgewogICAgICAgIGZvciAodmFyIHAgaW4gcHJvYykKICAgICAgICB7CiAgICAgICAgICAgIGlmIChwcm9jW3BdLnBhdGggPT0gc2VydmljZUxvY2F0aW9uKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBwcm9jZXNzLmtpbGwocHJvY1twXS5waWQpOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIHByb2Nlc3MuZXhpdCgpOwogICAgfSk7Cn0KY2F0Y2goZSkKewogICAgcHJvY2Vzcy5leGl0KCk7Cn0=' + + ' "' + process.execPath + '" & copy "' + process.cwd() + agentfilename + '.update.exe" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update.exe"', { wide: true }); arg1.pointerBuffer().copy(args.toBuffer()); arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize); @@ -4105,7 +4109,7 @@ function agentUpdate_Start(updateurl, updateoptions) { agentUpdate_Start._selfupdate = null; }); agentUpdate_Start._selfupdate.on('response', function (img) { - this._file = require('fs').createWriteStream(agentfilename + '.update', { flags: 'wb' }); + this._file = require('fs').createWriteStream(agentfilename + (process.platform == 'win32' ? '.update.exe' : 'update'), { flags: 'wb' }); this._filehash = require('SHA384Stream').create(); this._filehash.on('hash', function (h) { if (updateoptions != null && updateoptions.hash != null) { diff --git a/agents/recoverycore.js b/agents/recoverycore.js index 7934108d..566378b0 100644 --- a/agents/recoverycore.js +++ b/agents/recoverycore.js @@ -338,7 +338,8 @@ function windows_execve(name, agentfilename, sessionid) { var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true }); var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize); var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true }); - var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & copy "' + process.cwd() + agentfilename + '.update" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update"', { wide: true }); + var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & "' + process.cwd() + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCk7CiAgICByZXF1aXJlKCdwcm9jZXNzLW1hbmFnZXInKS5lbnVtZXJhdGVQcm9jZXNzZXMoKS50aGVuKGZ1bmN0aW9uIChwcm9jKQogICAgewogICAgICAgIGZvciAodmFyIHAgaW4gcHJvYykKICAgICAgICB7CiAgICAgICAgICAgIGlmIChwcm9jW3BdLnBhdGggPT0gc2VydmljZUxvY2F0aW9uKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBwcm9jZXNzLmtpbGwocHJvY1twXS5waWQpOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIHByb2Nlc3MuZXhpdCgpOwogICAgfSk7Cn0KY2F0Y2goZSkKewogICAgcHJvY2Vzcy5leGl0KCk7Cn0=' + + ' "' + process.execPath + '" & copy "' + process.cwd() + agentfilename + '.update.exe" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update.exe"', { wide: true }); arg1.pointerBuffer().copy(args.toBuffer()); arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize); @@ -416,7 +417,7 @@ function agentUpdate_Start(updateurl, updateoptions) { agentUpdate_Start._selfupdate = null; }); agentUpdate_Start._selfupdate.on('response', function (img) { - this._file = require('fs').createWriteStream(agentfilename + '.update', { flags: 'wb' }); + this._file = require('fs').createWriteStream(agentfilename + (process.platform=='win32'?'.update.exe':'update'), { flags: 'wb' }); this._filehash = require('SHA384Stream').create(); this._filehash.on('hash', function (h) { if (updateoptions != null && updateoptions.hash != null) {