From 982d6c7f336e69cb66d443b60d289d98f018da98 Mon Sep 17 00:00:00 2001 From: hulto <7121375+hulto@users.noreply.github.com> Date: Sat, 24 Feb 2024 16:41:57 -0800 Subject: [PATCH 1/4] one --- implants/lib/eldritch/build.rs | 8 ++-- implants/lib/eldritch/src/file/list_impl.rs | 7 +++- .../lib/eldritch/src/pivot/arp_scan_impl.rs | 41 ++++++++++--------- 3 files changed, 31 insertions(+), 25 deletions(-) diff --git a/implants/lib/eldritch/build.rs b/implants/lib/eldritch/build.rs index 7ea4628ed..d57184e90 100644 --- a/implants/lib/eldritch/build.rs +++ b/implants/lib/eldritch/build.rs @@ -24,7 +24,7 @@ fn build_bin_create_file_dll() { println!("Starting cargo build lib"); let res = Command::new("cargo") - .args(&["build", "--lib"]) + .args(["build", "--lib"]) .current_dir(test_dll_path) .stderr(Stdio::piped()) .spawn() @@ -35,7 +35,7 @@ fn build_bin_create_file_dll() { let reader = BufReader::new(res); reader .lines() - .filter_map(|line| line.ok()) + .map_while(Result::ok) .for_each(|line| println!("cargo dll build: {}", line)); let relative_path_to_test_dll_file = @@ -65,7 +65,7 @@ fn build_bin_reflective_loader() { println!("Starting cargo build lib"); let res_build = Command::new("cargo") - .args(&[ + .args([ "build", "--release", "-Z", @@ -83,7 +83,7 @@ fn build_bin_reflective_loader() { let reader = BufReader::new(res_build); reader .lines() - .filter_map(|line| line.ok()) + .map_while(Result::ok) .for_each(|line| println!("cargo dll build: {}", line)); let relative_path_to_test_dll_file = "..\\..\\..\\bin\\reflective_loader\\target\\x86_64-pc-windows-msvc\\release\\reflective_loader.dll"; diff --git a/implants/lib/eldritch/src/file/list_impl.rs b/implants/lib/eldritch/src/file/list_impl.rs index 95064ad1c..9d6efe9d2 100644 --- a/implants/lib/eldritch/src/file/list_impl.rs +++ b/implants/lib/eldritch/src/file/list_impl.rs @@ -19,9 +19,12 @@ use std::os::macos::fs::MetadataExt; use std::os::unix::fs::PermissionsExt; #[cfg(target_os = "windows")] use std::os::windows::fs::MetadataExt; + use std::path::{Path, PathBuf}; +#[cfg(not(target_os = "windows"))] +use sysinfo::UserExt; -use sysinfo::{System, SystemExt, UserExt}; +use sysinfo::{System, SystemExt}; const UNKNOWN: &str = "UNKNOWN"; // https://stackoverflow.com/questions/6161776/convert-windows-filetime-to-second-in-unix-linux @@ -29,7 +32,7 @@ const UNKNOWN: &str = "UNKNOWN"; fn windows_tick_to_unix_tick(windows_tick: u64) -> i64 { const WINDOWS_TICK: u64 = 10000000; const SEC_TO_UNIX_EPOCH: u64 = 11644473600; - return (windows_tick / WINDOWS_TICK - SEC_TO_UNIX_EPOCH) as i64; + (windows_tick / WINDOWS_TICK - SEC_TO_UNIX_EPOCH) as i64 } fn create_file_from_pathbuf(path_entry: PathBuf) -> Result { diff --git a/implants/lib/eldritch/src/pivot/arp_scan_impl.rs b/implants/lib/eldritch/src/pivot/arp_scan_impl.rs index f333e8c41..3c840ac44 100644 --- a/implants/lib/eldritch/src/pivot/arp_scan_impl.rs +++ b/implants/lib/eldritch/src/pivot/arp_scan_impl.rs @@ -1,24 +1,27 @@ -use super::super::insert_dict_kv; -use anyhow::{anyhow, Result}; -use ipnetwork::{IpNetwork, Ipv4Network}; #[cfg(not(target_os = "windows"))] -use pnet::{ - datalink::{self, channel, Channel::Ethernet, NetworkInterface}, - packet::{ - arp::{ArpOperations, ArpPacket, MutableArpPacket}, - ethernet::{EtherType, EthernetPacket, MutableEthernetPacket}, - Packet, +use { + super::super::insert_dict_kv, + starlark::collections::SmallMap, + starlark::const_frozen_string, + std::collections::HashMap, + std::net::{IpAddr, Ipv4Addr}, + std::str::FromStr, + std::sync::{Arc, Mutex}, + std::time::{Duration, SystemTime}, + ipnetwork::{IpNetwork, Ipv4Network}, + pnet::{ + datalink::{self, channel, Channel::Ethernet, NetworkInterface}, + packet::{ + arp::{ArpOperations, ArpPacket, MutableArpPacket}, + ethernet::{EtherType, EthernetPacket, MutableEthernetPacket}, + Packet, + }, + util::MacAddr, }, - util::MacAddr, }; -use starlark::collections::SmallMap; -use starlark::const_frozen_string; + +use anyhow::{anyhow,Result}; use starlark::values::{dict::Dict, Heap}; -use std::collections::HashMap; -use std::net::{IpAddr, Ipv4Addr}; -use std::str::FromStr; -use std::sync::{Arc, Mutex}; -use std::time::{Duration, SystemTime}; #[cfg(not(target_os = "windows"))] #[derive(Debug, Clone, PartialEq)] @@ -265,8 +268,8 @@ pub fn arp_scan(starlark_heap: &Heap, target_cidrs: Vec) -> Result) -> Result> { - Err(anyhow::anyhow!("ARP Scanning is not available on Windows.")) +pub fn arp_scan(_starlark_heap: &Heap, _target_cidrs: Vec) -> Result> { + Err(anyhow!("ARP Scanning is not available on Windows.")) } #[cfg(not(target_os = "windows"))] From e62764fedf56f82c55595c7d516bc371bd36ca57 Mon Sep 17 00:00:00 2001 From: hulto <7121375+hulto@users.noreply.github.com> Date: Sat, 24 Feb 2024 17:06:01 -0800 Subject: [PATCH 2/4] Fix dll inject and reflect --- .../lib/eldritch/src/sys/dll_inject_impl.rs | 15 +++---- .../lib/eldritch/src/sys/dll_reflect_impl.rs | 40 ++++++++----------- 2 files changed, 22 insertions(+), 33 deletions(-) diff --git a/implants/lib/eldritch/src/sys/dll_inject_impl.rs b/implants/lib/eldritch/src/sys/dll_inject_impl.rs index 95d538ac4..7e9fcc493 100644 --- a/implants/lib/eldritch/src/sys/dll_inject_impl.rs +++ b/implants/lib/eldritch/src/sys/dll_inject_impl.rs @@ -39,7 +39,7 @@ pub fn dll_inject(dll_path: String, pid: u32) -> Result { // Allocate memory in the remote process that we'll copy the DLL path string to. let target_process_allocated_memory_handle = VirtualAllocEx( target_process_memory_handle, - 0 as *const c_void, + std::ptr::null::(), dll_path_null_terminated.len() + 1, MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE, @@ -51,13 +51,13 @@ pub fn dll_inject(dll_path: String, pid: u32) -> Result { target_process_allocated_memory_handle, dll_path_null_terminated.as_bytes().as_ptr() as *const c_void, dll_path_null_terminated.len(), - 0 as *mut usize, + std::ptr::null_mut::(), ); // Kickoff our DLL in the remote process let _remote_thread_return_val = CreateRemoteThread( target_process_memory_handle, - 0 as *const SECURITY_ATTRIBUTES, + std::ptr::null::(), 0, Some( // Translate our existing function return to the one LoadLibraryA wants. @@ -68,7 +68,7 @@ pub fn dll_inject(dll_path: String, pid: u32) -> Result { ), target_process_allocated_memory_handle, 0, - 0 as *mut u32, + std::ptr::null_mut::(), ); CloseHandle(target_process_memory_handle); @@ -124,11 +124,8 @@ mod tests { // kill the target process notepad let mut sys = System::new(); sys.refresh_processes(); - match sys.process(Pid::from_u32(target_pid)) { - Some(res) => { - res.kill_with(Signal::Kill); - } - None => {} + if let Some(res) = sys.process(Pid::from_u32(target_pid)) { + res.kill_with(Signal::Kill); } Ok(()) diff --git a/implants/lib/eldritch/src/sys/dll_reflect_impl.rs b/implants/lib/eldritch/src/sys/dll_reflect_impl.rs index 54233fc32..439786f7c 100644 --- a/implants/lib/eldritch/src/sys/dll_reflect_impl.rs +++ b/implants/lib/eldritch/src/sys/dll_reflect_impl.rs @@ -128,7 +128,7 @@ fn virtual_alloc_ex( ) -> anyhow::Result<*mut c_void> { let buffer_handle: *mut c_void = unsafe { VirtualAllocEx(hprocess, lpaddress, dwsize, flallocationtype, flprotect) }; - if buffer_handle == null_mut() { + if buffer_handle.is_null() { let error_code = unsafe { GetLastError() }; if error_code != 0 { return Err(anyhow::anyhow!( @@ -253,6 +253,7 @@ fn get_export_address_by_name( Err(anyhow::anyhow!("Function {} not found", export_name)) } +#[allow(dead_code)] // `function_offset` is never read in our code but does get passed to our remote process. #[cfg(target_os = "windows")] struct UserData { function_offset: u64, @@ -282,7 +283,7 @@ fn handle_dll_reflect( let remote_buffer = virtual_alloc_ex( process_handle, null_mut(), - image_size as usize, + image_size, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE, )?; @@ -291,7 +292,7 @@ fn handle_dll_reflect( process_handle, remote_buffer as _, reflective_loader_dll.as_ptr() as _, - image_size as usize, + image_size, )?; // Allocate and write user data to the remote process @@ -316,7 +317,7 @@ fn handle_dll_reflect( let remote_buffer_target_dll: *mut std::ffi::c_void = virtual_alloc_ex( process_handle, null_mut(), - user_data_ptr_size + target_dll_bytes.len() as usize, + user_data_ptr_size + target_dll_bytes.len(), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE, )?; @@ -337,7 +338,7 @@ fn handle_dll_reflect( process_handle, payload_ptr_in_remote_buffer as _, target_dll_bytes.as_slice().as_ptr() as _, - target_dll_bytes.len() as usize, + target_dll_bytes.len(), )?; // Find the loader entrypoint and hand off execution @@ -485,7 +486,7 @@ mod tests { let target_pid = expected_process.unwrap().id(); // Run our code. - let _res = handle_dll_reflect(test_dll_bytes.to_vec(), target_pid, "demo_init")?; + handle_dll_reflect(test_dll_bytes.to_vec(), target_pid, "demo_init")?; let delay = time::Duration::from_secs(DLL_EXEC_WAIT_TIME); thread::sleep(delay); @@ -500,11 +501,8 @@ mod tests { // kill the target process notepad let mut sys = System::new(); sys.refresh_processes(); - match sys.process(Pid::from_u32(target_pid)) { - Some(res) => { - res.kill_with(Signal::Kill); - } - None => {} + if let Some(res) = sys.process(Pid::from_u32(target_pid)) { + res.kill_with(Signal::Kill); } Ok(()) } @@ -524,14 +522,11 @@ mod tests { .spawn(); let target_pid = expected_process.unwrap().id() as i32; - let test_eldritch_script = format!( - r#" + let test_eldritch_script = r#" func_dll_reflect(input_params['dll_bytes'], input_params['target_pid'], "demo_init") -"# - ); +"#.to_string(); - let ast: AstModule; - match AstModule::parse( + let ast = match AstModule::parse( "test.eldritch", test_eldritch_script.to_owned(), &Dialect { @@ -539,9 +534,9 @@ func_dll_reflect(input_params['dll_bytes'], input_params['target_pid'], "demo_in ..Dialect::Extended }, ) { - Ok(res) => ast = res, + Ok(res) => res, Err(err) => return Err(err.into_anyhow()), - } + }; #[starlark_module] fn func_dll_reflect(builder: &mut GlobalsBuilder) { @@ -599,11 +594,8 @@ func_dll_reflect(input_params['dll_bytes'], input_params['target_pid'], "demo_in // kill the target process notepad let mut sys = System::new(); sys.refresh_processes(); - match sys.process(Pid::from_u32(target_pid as u32)) { - Some(res) => { - res.kill_with(Signal::Kill); - } - None => {} + if let Some(res) = sys.process(Pid::from_u32(target_pid as u32)) { + res.kill_with(Signal::Kill); } Ok(()) } From 76203bb8db6d2648eb1a80d19007e25859cf54b0 Mon Sep 17 00:00:00 2001 From: hulto <7121375+hulto@users.noreply.github.com> Date: Sat, 24 Feb 2024 17:09:52 -0800 Subject: [PATCH 3/4] reg and ip --- implants/lib/eldritch/src/sys/get_reg_impl.rs | 6 +- .../eldritch/src/sys/write_reg_hex_impl.rs | 73 +++++++++-------- .../eldritch/src/sys/write_reg_int_impl.rs | 73 +++++++++-------- .../eldritch/src/sys/write_reg_str_impl.rs | 78 +++++++++---------- 4 files changed, 114 insertions(+), 116 deletions(-) diff --git a/implants/lib/eldritch/src/sys/get_reg_impl.rs b/implants/lib/eldritch/src/sys/get_reg_impl.rs index 720e84bfb..3bc836221 100644 --- a/implants/lib/eldritch/src/sys/get_reg_impl.rs +++ b/implants/lib/eldritch/src/sys/get_reg_impl.rs @@ -70,13 +70,13 @@ mod tests { //Write something into temp regkey... let hkcu = RegKey::predef(HKEY_CURRENT_USER); let (nkey, _ndisp) = - hkcu.create_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.create_subkey(format!("SOFTWARE\\{}", id))?; nkey.set_value("FOO", &"BAR")?; let ares = get_reg( &binding, "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), ); let val2: Value<'_> = match ares?.get(const_frozen_string!("FOO").to_value()) { Ok(v) => Ok(v), @@ -84,7 +84,7 @@ mod tests { }? .unwrap(); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; assert_eq!(val2.unpack_str().unwrap(), "BAR"); diff --git a/implants/lib/eldritch/src/sys/write_reg_hex_impl.rs b/implants/lib/eldritch/src/sys/write_reg_hex_impl.rs index 9f42e3b67..387bc2244 100644 --- a/implants/lib/eldritch/src/sys/write_reg_hex_impl.rs +++ b/implants/lib/eldritch/src/sys/write_reg_hex_impl.rs @@ -100,7 +100,6 @@ mod tests { #[cfg(target_os = "windows")] { use super::*; - use std::str; use uuid::Uuid; use winreg::{enums::*, RegKey}; @@ -110,195 +109,195 @@ mod tests { //Write and then read REG_SZ into temp regkey... let mut _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_SZ".to_string(), "deadbeef".to_string(), ); let mut hkcu = RegKey::predef(HKEY_CURRENT_USER); let mut subky = - hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; let mut val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_NONE into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_NONE".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_EXPAND_SZ into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_EXPAND_SZ".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_BINARY into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_BINARY".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(hex::encode(val2.bytes), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(hex::encode(val2.bytes), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD_BIG_ENDIAN into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD_BIG_ENDIAN".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 0xdeadbeefu32.to_be_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_LINK into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_LINK".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_MULTI_SZ into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_MULTI_SZ".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_LIST into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_LIST".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(hex::encode(val2.bytes), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_FULL_RESOURCE_DESCRIPTOR into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_FULL_RESOURCE_DESCRIPTOR".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(hex::encode(val2.bytes), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_REQUIREMENTS_LIST into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_REQUIREMENTS_LIST".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(hex::encode(val2.bytes), "deadbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_QWORD into temp regkey... _ares = write_reg_hex( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_QWORD".to_string(), "deadbeefdeadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 0xdeadbeefdeadbeefu64.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; } Ok(()) diff --git a/implants/lib/eldritch/src/sys/write_reg_int_impl.rs b/implants/lib/eldritch/src/sys/write_reg_int_impl.rs index 9dffff65e..13dee9df8 100644 --- a/implants/lib/eldritch/src/sys/write_reg_int_impl.rs +++ b/implants/lib/eldritch/src/sys/write_reg_int_impl.rs @@ -92,7 +92,6 @@ mod tests { #[cfg(target_os = "windows")] { use super::*; - use std::str; use uuid::Uuid; use winreg::{enums::*, RegKey}; @@ -102,195 +101,195 @@ mod tests { //Write and then read REG_SZ into temp regkey... let mut _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_SZ".to_string(), 12345678, ); let mut hkcu = RegKey::predef(HKEY_CURRENT_USER); let mut subky = - hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; let mut val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_NONE into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_NONE".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_EXPAND_SZ into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_EXPAND_SZ".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_BINARY into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_BINARY".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD_BIG_ENDIAN into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD_BIG_ENDIAN".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_be_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_LINK into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_LINK".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_MULTI_SZ into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_MULTI_SZ".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_LIST into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_LIST".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_FULL_RESOURCE_DESCRIPTOR into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_FULL_RESOURCE_DESCRIPTOR".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_REQUIREMENTS_LIST into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_REQUIREMENTS_LIST".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_QWORD into temp regkey... _ares = write_reg_int( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_QWORD".to_string(), 12345678, ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_le_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; } Ok(()) diff --git a/implants/lib/eldritch/src/sys/write_reg_str_impl.rs b/implants/lib/eldritch/src/sys/write_reg_str_impl.rs index 9d6fad6c0..527237e7e 100644 --- a/implants/lib/eldritch/src/sys/write_reg_str_impl.rs +++ b/implants/lib/eldritch/src/sys/write_reg_str_impl.rs @@ -48,12 +48,12 @@ pub fn write_reg_str( nkey.set_raw_value(regname, &data)?; }, "REG_DWORD" => { - let parsed_value: u32 = u32::from_str_radix(®value, 10)?; + let parsed_value: u32 = regvalue.parse::()?; let data = RegValue{ vtype: REG_DWORD, bytes: parsed_value.to_le_bytes().to_vec()}; nkey.set_raw_value(regname, &data)?; }, "REG_DWORD_BIG_ENDIAN" => { - let parsed_value: u32 = u32::from_str_radix(®value, 10)?; + let parsed_value: u32 = regvalue.parse::()?; let data = RegValue{ vtype: REG_DWORD_BIG_ENDIAN, bytes: parsed_value.to_be_bytes().to_vec()}; nkey.set_raw_value(regname, &data)?; }, @@ -77,7 +77,7 @@ pub fn write_reg_str( nkey.set_raw_value(regname, &data)?; }, "REG_QWORD" => { - let parsed_value: u64 = u64::from_str_radix(®value, 10)?; + let parsed_value: u64 = regvalue.parse::()?; let data = RegValue{ vtype: REG_QWORD, bytes: parsed_value.to_le_bytes().to_vec()}; nkey.set_raw_value(regname, &data)?; }, @@ -105,195 +105,195 @@ mod tests { //Write and then read REG_SZ into temp regkey... let mut _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_SZ".to_string(), "BAR2".to_string(), ); let mut hkcu = RegKey::predef(HKEY_CURRENT_USER); let mut subky = - hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; let mut val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "BAR2"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_NONE into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_NONE".to_string(), "BAR2".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "BAR2"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_EXPAND_SZ into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_EXPAND_SZ".to_string(), "BAR2".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "BAR2"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_BINARY into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_BINARY".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(str::from_utf8(&val2.bytes), Ok("deadbeef")); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD".to_string(), "12345678".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "12345678"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_DWORD_BIG_ENDIAN into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_DWORD_BIG_ENDIAN".to_string(), "12345678".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.bytes, 12345678u32.to_be_bytes().to_vec()); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_LINK into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_LINK".to_string(), "BAR2".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "BAR2"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_MULTI_SZ into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_MULTI_SZ".to_string(), "dead,beef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "dead\nbeef"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_LIST into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_LIST".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(str::from_utf8(&val2.bytes), Ok("deadbeef")); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_FULL_RESOURCE_DESCRIPTOR into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_FULL_RESOURCE_DESCRIPTOR".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(str::from_utf8(&val2.bytes), Ok("deadbeef")); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_RESOURCE_REQUIREMENTS_LIST into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_RESOURCE_REQUIREMENTS_LIST".to_string(), "deadbeef".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(str::from_utf8(&val2.bytes), Ok("deadbeef")); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; //Write and then read REG_QWORD into temp regkey... _ares = write_reg_str( "HKEY_CURRENT_USER".to_string(), - format!("SOFTWARE\\{}", id.to_string()).to_string(), + format!("SOFTWARE\\{}", id), "FOO2".to_string(), "REG_QWORD".to_string(), "1234567812345678".to_string(), ); hkcu = RegKey::predef(HKEY_CURRENT_USER); - subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + subky = hkcu.open_subkey(format!("SOFTWARE\\{}", id))?; val2 = subky.get_raw_value("FOO2")?; assert_eq!(val2.to_string(), "1234567812345678"); //delete temp regkey - hkcu.delete_subkey(format!("SOFTWARE\\{}", id.to_string()).to_string())?; + hkcu.delete_subkey(format!("SOFTWARE\\{}", id))?; } Ok(()) From df8b0cd1482ada3b436ef0c40fa4a98501952013 Mon Sep 17 00:00:00 2001 From: hulto <7121375+hulto@users.noreply.github.com> Date: Sat, 24 Feb 2024 17:10:02 -0800 Subject: [PATCH 4/4] get ip --- implants/lib/eldritch/src/sys/get_ip_impl.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/implants/lib/eldritch/src/sys/get_ip_impl.rs b/implants/lib/eldritch/src/sys/get_ip_impl.rs index be8d7ad1c..2be850bf7 100644 --- a/implants/lib/eldritch/src/sys/get_ip_impl.rs +++ b/implants/lib/eldritch/src/sys/get_ip_impl.rs @@ -1,6 +1,6 @@ use std::net::IpAddr; -use anyhow::{Context, Result}; +use anyhow::Result; use network_interface::{NetworkInterface, NetworkInterfaceConfig}; use super::super::insert_dict_kv;