rdp fix

pypykatz/commons/readers/local/process.py

@@ -5,6 +5,7 @@
 from minidump.streams.SystemInfoStream import PROCESSOR_ARCHITECTURE
 import ntpath
 import os
+import math
 
 PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
 
@@ -293,6 +294,7 @@ def load_dll(self, dll_path):
 
 
 	def dpapi_memory_unprotect(self, protected_blob_addr, protected_blob_size, flags = 0):
+		protected_blob_size = 16 * math.ceil(protected_blob_size/16)
 		return self.dpapi_memory_unprotect_x64(protected_blob_addr, protected_blob_size, flags)
 
 	def dpapi_memory_unprotect_x64(self, protected_blob_addr, protected_blob_size, flags = 0):

pypykatz/rdp/packages/creds/decryptor.py

@@ -48,7 +48,7 @@ def add_entry(self, rdpcred_entry):
 			if rdpcred_entry.cbDomain <= 512 and rdpcred_entry.cbUsername <= 512 and rdpcred_entry.cbPassword <= 512 and rdpcred_entry.cbPassword > 0:
 				domainame = rdpcred_entry.Domain[:rdpcred_entry.cbDomain].decode('utf-16-le')
 				username = rdpcred_entry.UserName[:rdpcred_entry.cbUsername].decode('utf-16-le')
-				#password_raw = rdpcred_entry.Password[:rdpcred_entry.cbPassword]
+				password_raw = rdpcred_entry.Password[:rdpcred_entry.cbPassword]
 
 				if self.sysinfo.buildnumber >= WindowsMinBuild.WIN_10.value:
 					if self.process is None:
@@ -83,5 +83,9 @@ def start(self):
 				addr += self.decryptor_template.offset
 				self.reader.move(addr)
 				#print(hexdump(self.reader.peek(0x100)))
-				cred = self.decryptor_template.cred_struct(self.reader)
+				try:
+					cred = self.decryptor_template.cred_struct(self.reader)
+				except Exception as e:
+					logger.debug('Reading error! (this can be normal here) %s' % str(e))
+					continue
 				self.add_entry(cred)