Skip to content

Commit 5954e23

Browse files
author
Brent Cook
committed
updates based on feedback
Add documentation to the view constants. Use include? rather than regexes
1 parent a42cc2e commit 5954e23

File tree

1 file changed

+18
-3
lines changed

1 file changed

+18
-3
lines changed

lib/msf/core/post/windows/registry.rb

Lines changed: 18 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,23 @@ module Registry
1010

1111
include Msf::Post::Windows::CliParse
1212

13+
#
14+
# This is the default view. It reflects what the remote process would see
15+
# natively. So, if you are using a remote 32-bit meterpreter session, you
16+
# will see 32-bit registry keys and values.
17+
#
1318
REGISTRY_VIEW_NATIVE = 0
19+
20+
#
21+
# Access 32-bit registry keys and values regardless of whether the session is
22+
# 32 or 64-bit.
23+
#
1424
REGISTRY_VIEW_32_BIT = 1
25+
26+
#
27+
# Access 64-bit registry keys and values regardless of whether the session is
28+
# 32 or 64-bit.
29+
#
1530
REGISTRY_VIEW_64_BIT = 2
1631

1732
#
@@ -160,7 +175,7 @@ def shell_registry_cmd(suffix, view = REGISTRY_VIEW_NATIVE)
160175

161176
def shell_registry_cmd_result(suffix, view = REGISTRY_VIEW_NATIVE)
162177
results = shell_registry_cmd(suffix, view);
163-
results =~ /The operation completed successfully/
178+
results.include?('The operation completed successfully')
164179
end
165180

166181
#
@@ -216,7 +231,7 @@ def shell_registry_enumkeys(key, view)
216231
reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR'
217232
bslashes = key.count('\\')
218233
results = shell_registry_cmd("query \"#{key}\"", view)
219-
if results !=~ /^Error:/
234+
unless results.include?('Error')
220235
results.each_line do |line|
221236
# now let's keep the ones that have a count = bslashes+1
222237
# feels like there's a smarter way to do this but...
@@ -239,7 +254,7 @@ def shell_registry_enumvals(key, view)
239254
reg_data_types << 'REG_DWORD_LITTLE_ENDIAN|REG_NONE|REG_EXPAND_SZ|REG_LINK|REG_FULL_RESOURCE_DESCRIPTOR'
240255
# REG QUERY KeyName [/v ValueName | /ve] [/s]
241256
results = shell_registry_cmd("query \"#{key}\"", view)
242-
if results !=~ /^Error:/
257+
unless results.include?('Error')
243258
if values = results.scan(/^ +.*[#{reg_data_types}].*/)
244259
# yanked the lines with legit REG value types like REG_SZ
245260
# now let's parse out the names (first field basically)

0 commit comments

Comments
 (0)