Use better variable names instad of an array

zeroSteiner · zeroSteiner · commit 2ed02c30a8ca · 2014-08-05T21:34:36.000-07:00
diff --git a/lib/msf/core/exploit/local/windows_kernel.rb b/lib/msf/core/exploit/local/windows_kernel.rb
@@ -12,16 +12,16 @@ module Exploit::Local::WindowsKernel
   # @return [nil] If the address could not be found.
   #
   def find_haldispatchtable
-    kernel_info = find_sys_base(nil)
-    if kernel_info.nil?
+    kernel_address, kernel_name = find_sys_base(nil)
+    if kernel_address.nil? || kernel_name.nil?
       print_error("Failed to find the address of the Windows kernel")
       return nil
     end
-    vprint_status("Kernel Base Address: 0x#{kernel_info[0].to_s(16)}")
+    vprint_status("Kernel Base Address: 0x#{kernel_address.to_s(16)}")
 
-    h_kernel = session.railgun.kernel32.LoadLibraryExA(kernel_info[1], 0, 1)
+    h_kernel = session.railgun.kernel32.LoadLibraryExA(kernel_name, 0, 1)
     if h_kernel['return'] == 0
-      print_error("Failed to load #{kernel_info[1]} (error: #{h_kernel['GetLastError']} #{h_kernel['ErrorMessage']})")
+      print_error("Failed to load #{kernel_name} (error: #{h_kernel['GetLastError']} #{h_kernel['ErrorMessage']})")
       return nil
     end
     h_kernel = h_kernel['return']
@@ -34,7 +34,7 @@ def find_haldispatchtable
     hal_dispatch_table = hal_dispatch_table['return']
 
     hal_dispatch_table -= h_kernel
-    hal_dispatch_table += kernel_info[0]
+    hal_dispatch_table += kernel_address
     vprint_status("HalDispatchTable Address: 0x#{hal_dispatch_table.to_s(16)}")
     hal_dispatch_table
   end
@@ -75,10 +75,10 @@ def find_sys_base(drvname)
       current_drvname = results['lpBaseName'][0,results['return']]
       if drvname.nil?
         if current_drvname.downcase.include?('krnl')
-          return [address, current_drvname]
+          return address, current_drvname
         end
       elsif drvname == current_drvname
-        return [address, current_drvname]
+        return address, current_drvname
       end
     end
   end
