Feature Request: QueryPerformanceData

[ghost-ng]

This is a feature request to implement the nmap lua script functionality of https://svn.nmap.org/nmap/scripts/smb-enum-processes.nse

This will display the running processes etc from the registry performance data counters.

Right now, rrp only has a way to open the performance data registry. Please implement a way to query AND parse the results.

# Open Performance Data
        openhkpd_result = rrp.hOpenPerformanceData(self.dce, samDesired=rrp.MAXIMUM_ALLOWED | rrp.KEY_ENUMERATE_SUB_KEYS | rrp.KEY_QUERY_VALUE)
        #openhkpd_result.dump()
        ans = rrp.hBaseRegQueryValue(self.dce, openhkpd_result['phKey'], lpValueName="Counter 009")
        result['title-database'] = parse_perf_title_data(ans[1])
        counter_ID = result['title-database']['Process']  # 230
        queryvalue_result = rrp.hBaseRegQueryValue(self.dce, openhkpd_result['phKey'], lpValueName=str(counter_ID))

The above hangs, the below has a not found error:

queryvalue_result = rrp.hBaseRegQueryValue(self.dce, openhkpd_result['phKey'], lpValueName="Counter " + str(counter_ID))

There is a very high chance I am not doing this the right.

[ghost-ng]

figured it out when the perf objects have multiple instances - so i can now get the remote processes, still having issues if instances are 0.

https://github.com/ghost-ng/slinger

src/slingerpkg/lib/winreg.py
|---- def show_process_list(self, args):
src/slingerpkg/lib/dcetransport.py
|---- def _hQueryPerformaceData(self, object_num, arch=64):
src/slingerpkg/lib/msrpcperformance.py