Updated windows update, so that it will attempt to kill any zombie processes

This commit is contained in:
Bryan Roe 2021-02-05 14:45:43 -08:00
parent 2739432997
commit ee3c60a6bd
2 changed files with 12 additions and 7 deletions

View File

@ -4012,13 +4012,16 @@ function bsd_execv(name, agentfilename, sessionid) {
sendAgentMessage('Self Update failed because execv() failed', 3); sendAgentMessage('Self Update failed because execv() failed', 3);
} }
function windows_execve(name, agentfilename, sessionid) { function windows_execve(name, agentfilename, sessionid)
{
var libc; var libc;
try { try
{
libc = require('_GenericMarshal').CreateNativeProxy('msvcrt.dll'); libc = require('_GenericMarshal').CreateNativeProxy('msvcrt.dll');
libc.CreateMethod('_wexecve'); libc.CreateMethod('_wexecve');
} }
catch (xx) { catch (xx)
{
sendConsoleText('Self Update failed because msvcrt.dll is missing', sessionid); sendConsoleText('Self Update failed because msvcrt.dll is missing', sessionid);
sendAgentMessage('Self Update failed because msvcrt.dll is missing', 3); sendAgentMessage('Self Update failed because msvcrt.dll is missing', 3);
return; return;
@ -4027,7 +4030,8 @@ function windows_execve(name, agentfilename, sessionid) {
var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true }); var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true });
var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize); var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize);
var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true }); var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true });
var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & copy "' + process.cwd() + agentfilename + '.update" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update"', { wide: true }); var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & "' + process.cwd() + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCk7CiAgICByZXF1aXJlKCdwcm9jZXNzLW1hbmFnZXInKS5lbnVtZXJhdGVQcm9jZXNzZXMoKS50aGVuKGZ1bmN0aW9uIChwcm9jKQogICAgewogICAgICAgIGZvciAodmFyIHAgaW4gcHJvYykKICAgICAgICB7CiAgICAgICAgICAgIGlmIChwcm9jW3BdLnBhdGggPT0gc2VydmljZUxvY2F0aW9uKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBwcm9jZXNzLmtpbGwocHJvY1twXS5waWQpOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIHByb2Nlc3MuZXhpdCgpOwogICAgfSk7Cn0KY2F0Y2goZSkKewogICAgcHJvY2Vzcy5leGl0KCk7Cn0=' +
' "' + process.execPath + '" & copy "' + process.cwd() + agentfilename + '.update.exe" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update.exe"', { wide: true });
arg1.pointerBuffer().copy(args.toBuffer()); arg1.pointerBuffer().copy(args.toBuffer());
arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize); arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize);
@ -4105,7 +4109,7 @@ function agentUpdate_Start(updateurl, updateoptions) {
agentUpdate_Start._selfupdate = null; agentUpdate_Start._selfupdate = null;
}); });
agentUpdate_Start._selfupdate.on('response', function (img) { agentUpdate_Start._selfupdate.on('response', function (img) {
this._file = require('fs').createWriteStream(agentfilename + '.update', { flags: 'wb' }); this._file = require('fs').createWriteStream(agentfilename + (process.platform == 'win32' ? '.update.exe' : 'update'), { flags: 'wb' });
this._filehash = require('SHA384Stream').create(); this._filehash = require('SHA384Stream').create();
this._filehash.on('hash', function (h) { this._filehash.on('hash', function (h) {
if (updateoptions != null && updateoptions.hash != null) { if (updateoptions != null && updateoptions.hash != null) {

View File

@ -338,7 +338,8 @@ function windows_execve(name, agentfilename, sessionid) {
var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true }); var cmd = require('_GenericMarshal').CreateVariable(process.env['windir'] + '\\system32\\cmd.exe', { wide: true });
var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize); var args = require('_GenericMarshal').CreateVariable(3 * require('_GenericMarshal').PointerSize);
var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true }); var arg1 = require('_GenericMarshal').CreateVariable('cmd.exe', { wide: true });
var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & copy "' + process.cwd() + agentfilename + '.update" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update"', { wide: true }); var arg2 = require('_GenericMarshal').CreateVariable('/C wmic service "' + name + '" call stopservice & "' + process.cwd() + agentfilename + '.update.exe" -b64exec ' + 'dHJ5CnsKICAgIHZhciBzZXJ2aWNlTG9jYXRpb24gPSBwcm9jZXNzLmFyZ3YucG9wKCk7CiAgICByZXF1aXJlKCdwcm9jZXNzLW1hbmFnZXInKS5lbnVtZXJhdGVQcm9jZXNzZXMoKS50aGVuKGZ1bmN0aW9uIChwcm9jKQogICAgewogICAgICAgIGZvciAodmFyIHAgaW4gcHJvYykKICAgICAgICB7CiAgICAgICAgICAgIGlmIChwcm9jW3BdLnBhdGggPT0gc2VydmljZUxvY2F0aW9uKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBwcm9jZXNzLmtpbGwocHJvY1twXS5waWQpOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIHByb2Nlc3MuZXhpdCgpOwogICAgfSk7Cn0KY2F0Y2goZSkKewogICAgcHJvY2Vzcy5leGl0KCk7Cn0=' +
' "' + process.execPath + '" & copy "' + process.cwd() + agentfilename + '.update.exe" "' + process.execPath + '" & wmic service "' + name + '" call startservice & erase "' + process.cwd() + agentfilename + '.update.exe"', { wide: true });
arg1.pointerBuffer().copy(args.toBuffer()); arg1.pointerBuffer().copy(args.toBuffer());
arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize); arg2.pointerBuffer().copy(args.toBuffer(), require('_GenericMarshal').PointerSize);
@ -416,7 +417,7 @@ function agentUpdate_Start(updateurl, updateoptions) {
agentUpdate_Start._selfupdate = null; agentUpdate_Start._selfupdate = null;
}); });
agentUpdate_Start._selfupdate.on('response', function (img) { agentUpdate_Start._selfupdate.on('response', function (img) {
this._file = require('fs').createWriteStream(agentfilename + '.update', { flags: 'wb' }); this._file = require('fs').createWriteStream(agentfilename + (process.platform=='win32'?'.update.exe':'update'), { flags: 'wb' });
this._filehash = require('SHA384Stream').create(); this._filehash = require('SHA384Stream').create();
this._filehash.on('hash', function (h) { this._filehash.on('hash', function (h) {
if (updateoptions != null && updateoptions.hash != null) { if (updateoptions != null && updateoptions.hash != null) {