Skip to content
Browse files

Adds a new findpids command to meterpreter

findpids calls client.sys.process.get_processes like ps
but then filters out any processes that do not match
one of the process names supplied as arguments to the command.
`findpids explorer.exe notepad.exe` will return all processes
named explorer.exe or notepad.exe Allows for quick searching for
the pid you want. ideal for migration
  • Loading branch information...
1 parent a07f521 commit f906aa388417af1b581aa4744f090a9984295850 @dmaloney-r7 dmaloney-r7 committed Aug 29, 2012
Showing with 30 additions and 0 deletions.
  1. +30 −0 lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
View
30 lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb
@@ -58,6 +58,7 @@ def commands
"getuid" => "Get the user that the server is running as",
"kill" => "Terminate a process",
"ps" => "List running processes",
+ "findpids" => "Find Processes by name",
"reboot" => "Reboots the remote computer",
"reg" => "Modify and interact with the remote registry",
"rev2self" => "Calls RevertToSelf() on the remote machine",
@@ -75,6 +76,7 @@ def commands
"getuid" => [ "stdapi_sys_config_getuid" ],
"kill" => [ "stdapi_sys_process_kill" ],
"ps" => [ "stdapi_sys_process_get_processes" ],
+ "findpids" => [ "stdapi_sys_process_get_processes" ],
"reboot" => [ "stdapi_sys_power_exitwindows" ],
"reg" => [
"stdapi_registry_load_key",
@@ -284,6 +286,34 @@ def cmd_ps(*args)
return true
end
+ def cmd_findpids(*args)
+ if args.empty? or args.include? "-h"
+ print_line "You must supply one or more process name to search for"
+ print_line "e.g. findpids explorer.exe notepad.exe"
+ return true
+ end
+ processes = client.sys.process.get_processes
+ if (processes.length == 0)
+ print_line("No running processes were found.")
+ else
+ searched_procs = Rex::Post::Meterpreter::Extensions::Stdapi::Sys::ProcessList.new
+ processes.each do |proc|
+ if args.include? proc["name"]
+ searched_procs << proc
+ end
+ end
+ searched_procs.compact!
+ if searched_procs.length == 0
+ print_line("No running processes were found matching the supplied names.")
+ else
+ print_line
+ print_line(searched_procs.to_table("Indent" => 1).to_s)
+ print_line
+ end
+ end
+ return true
+ end
+
#
# Reboots the remote computer.
#

0 comments on commit f906aa3

Please sign in to comment.
Something went wrong with that request. Please try again.