MemProcFS v3.7 API changes.

2026-05-06 22:02:04 +08:00 · 2021-01-09 18:14:52 +01:00
parent dae3c7e026
commit c9e6196407
6 changed files with 14 additions and 12 deletions
--- a/README.md
+++ b/README.md
@@ -19,6 +19,8 @@ _pypykatz_ for MemProcFS exposes mimikatz functionality in the folder `/py/secre
 3) Copy the _pypykatz_ for _MemProcFS_ plugin by copying all files from [`/files/plugins/pym_pypykatz`](https://github.com/ufrisk/MemProcFS-plugins/tree/master/files/plugins/pym_pypykatz) to corresponding folder in MemProcFS - overwriting any existing files there.
 4) Start MemProcFS.

+#### Last updated: 2021-01-11
+
 ## pypykatz regsecrets

 #### Author:
@@ -34,4 +36,4 @@ _regsecrets_ for MemProcFS exposes mimikatz functionality in the folder `/py/reg
 3) Copy the _pyregsecrets_ for _MemProcFS_ plugin by copying all files from [`/files/plugins/pym_regsecrets`](https://github.com/ufrisk/MemProcFS-plugins/tree/master/files/plugins/pym_regsecrets) to corresponding folder in MemProcFS - overwriting any existing files there.
 4) Start MemProcFS.

-#### Last updated: 2020-05-19
+#### Last updated: 2021-01-11
--- a/files/plugins/pym_pypykatz/pym_pypykatz.py
+++ b/files/plugins/pym_pypykatz/pym_pypykatz.py
@@ -142,14 +142,14 @@ def process_lsass():
 		pass
 		
 	
-def ReadAllResults(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadAllResults(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	"""
 	reads the all_results data as file on the virtual FS
 	"""
 	
 	return all_secrets[bytes_offset:bytes_offset+bytes_length].encode()

-def ReadLuid(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadLuid(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	"""
 	reads the secrets for a specific luid data as file on the virtual FS
 	"""
@@ -165,7 +165,7 @@ def ReadLuid(pid, file_name, file_attr, bytes_length, bytes_offset):
 			traceback.print_exc()
 		return None
 		
-def ReadKerberos(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadKerberos(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	try:
 		
 		t = file_name.rsplit('.', 1)[0]
@@ -179,7 +179,7 @@ def ReadKerberos(pid, file_name, file_attr, bytes_length, bytes_offset):
 			traceback.print_exc()
 		return None
 		
-def ReadErrors(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadErrors(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	try:
 			
 		if file_name == 'import_error.txt':
--- a/files/plugins/pym_pypykatz/version.txt
+++ b/files/plugins/pym_pypykatz/version.txt
@@ -1 +1 @@
-1.1.0
+1.2.0
--- a/files/plugins/pym_regsecrets/pym_regsecrets.py
+++ b/files/plugins/pym_regsecrets/pym_regsecrets.py
@@ -9,7 +9,7 @@
 # Author: Tamas Jos (@skelsec), info@skelsec.com
 #
 # adaptation to MemProcFS plugin by:
-# (c) Ulf Frisk, 2019
+# (c) Ulf Frisk, 2019-2021
 # Author: Ulf Frisk (@UlfFrisk), pcileech@frizk.net
 #

@@ -182,7 +182,7 @@ def parse_reg_catch():
 		


-def ReadResultFile(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadResultFile(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	"""
 	reads the all_results data as file on the virtual FS
 	"""
@@ -204,7 +204,7 @@ def ReadResultFile(pid, file_name, file_attr, bytes_length, bytes_offset):



-def ReadErrors(pid, file_name, file_attr, bytes_length, bytes_offset):
+def ReadErrors(pid, file_path, file_name, file_attr, bytes_length, bytes_offset):
 	try:
 			
 		if file_name == 'import_error.txt':
--- a/files/plugins/pym_regsecrets/version.txt
+++ b/files/plugins/pym_regsecrets/version.txt
@@ -1 +1 @@
-1.0.0
+1.1.0
--- a/versions.txt
+++ b/versions.txt
@@ -1,2 +1,2 @@
-pypykatz 1.1.0
-regsecrets 1.0.0
+pypykatz 1.2.0
+regsecrets 1.1.0
@@ -1 +1 @@
 .1.0
 .2.0
@@ -1 +1 @@
 .0.0
 .1.0