Minor fix

jiuweigui · jiuweigui · commit e13f4f5b4ed6 · 2013-07-16T13:46:42.000+03:00
diff --git a/modules/post/windows/gather/enum_prefetch.rb b/modules/post/windows/gather/enum_prefetch.rb
@@ -92,7 +92,7 @@ def gather_prefetch_info(name_offset, hash_offset, lastrun_offset, runcount_offs
       client.railgun.kernel32.SetFilePointer(handle, hash_offset, 0, nil)
       hash = client.railgun.kernel32.ReadFile(handle, 4, 4, 4, nil)
 
-      # Finds the LastModified timestamp (MACE)
+      # Finds the LastModified/Created timestamp (MACE)
       lm = client.priv.fs.get_file_mace(filename)
 
       # Finds the Creation timestamp (MACE)
@@ -119,12 +119,6 @@ def run
 
     print_status("Prefetch Gathering started.")
 
-    if not is_admin?
-      print_error("You don't have enough privileges. Try getsystem.")
-      return nil
-    end
-
-
     begin
 
     # Check to see what Windows Version is running.
@@ -136,6 +130,10 @@ def run
     sysnfo = client.sys.config.sysinfo['OS']
 
     if sysnfo =~/(Windows XP)/
+      if not is_system?
+        print_error("You don't have enough privileges. Try getsystem.")
+        return nil
+      end
       # Offsets for WinXP
       print_good("Detected Windows XP (max 128 entries)")
       name_offset = 0x10
@@ -146,6 +144,10 @@ def run
       key_value = "StandardName"
 
     elsif sysnfo =~/(Windows 7)/
+      if not is_admin?
+        print_error("You don't have enough privileges. Try getsystem.")
+        return nil
+      end
       # Offsets for Win7
       print_good("Detected Windows 7 (max 128 entries)")
       name_offset = 0x10
