Merge pull request #158 from fireeye/minor-improvements

minor improvements

Author: drewvis

speakeasy/winenv/api/usermode/advapi32.py

@@ -1297,3 +1297,18 @@ def EnumServicesStatus(self, emu, argv, ctx={}):
 
         # TODO: Populate service status output
         return 1
+
+    @apihook('OpenService', argc=3, conv=_arch.CALL_CONV_STDCALL)
+    def OpenService(self, emu, argv, ctx={}):
+        '''
+        SC_HANDLE OpenServiceA(
+          SC_HANDLE hSCManager,
+          LPCSTR    lpServiceName,
+          DWORD     dwDesiredAccess
+        );
+        '''
+        hSCManager, lpServiceName, dwDesiredAccess = argv
+        cw = self.get_char_width(ctx)
+        svcname = self.read_mem_string(lpServiceName, cw)
+        argv[1] = svcname
+        return self.get_handle()

speakeasy/winenv/api/usermode/kernel32.py

@@ -451,7 +451,7 @@ def Process32First(self, emu, argv, ctx={}):
         data = self.mem_cast(pe, pe32)
         pe.th32ProcessID = proc.get_pid()
         if cw == 2:
-            pe.szExeFile = proc.image.encode('utf-16le') + b'\x00'
+            pe.szExeFile = proc.image.encode('utf-16le') + b'\x00\x00'
         else:
             pe.szExeFile = proc.image.encode('utf-8') + b'\x00'
 
@@ -490,7 +490,7 @@ def Process32Next(self, emu, argv, ctx={}):
         data = self.mem_cast(pe, pe32)
         pe.th32ProcessID = proc.get_pid()
         if cw == 2:
-            pe.szExeFile = proc.image.encode('utf-16le') + b'\x00'
+            pe.szExeFile = proc.image.encode('utf-16le') + b'\x00\x00'
         else:
             pe.szExeFile = proc.image.encode('utf-8') + b'\x00'