Change unhook extension to remove delay loading of metsrv

c/meterpreter/source/extensions/espia/espia.c

@@ -27,6 +27,7 @@ Command customCommands[] =
 
 /*!
  * @brief Initialize the server extension.
+ * @param api Pointer to the Meterpreter API structure.
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */

c/meterpreter/source/extensions/priv/server/priv.c

@@ -28,6 +28,7 @@ Command customCommands[] =
 
 /*!
  * @brief Initialize the server extension.
+ * @param api Pointer to the Meterpreter API structure.
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
@@ -35,7 +36,7 @@ DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
 {
     met_api = api;
 
-	met_api->command.register_all(customCommands);
+	met_api->command.register_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
@@ -47,11 +48,12 @@ DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
  */
 DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 {
-	met_api->command.deregister_all(customCommands);
+	met_api->command.deregister_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
 
+
 /*!
  * @brief Get the name of the extension.
  * @param buffer Pointer to the buffer to write the name to.

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -173,14 +173,15 @@ Command customCommands[] =
 
 /*!
  * @brief Initialize the server extension.
+ * @param api Pointer to the Meterpreter API structure.
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
 DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
 {
-	met_api = api;
+    met_api = api;
 
-	met_api->command.register_all(customCommands);
+	met_api->command.register_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
@@ -192,11 +193,12 @@ DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
  */
 DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 {
-	met_api->command.deregister_all(customCommands);
+	met_api->command.deregister_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
 
+
 /*!
  * @brief Get the name of the extension.
  * @param buffer Pointer to the buffer to write the name to.

c/meterpreter/source/extensions/unhook/unhook.c

@@ -2,9 +2,9 @@
  * @file unhook.c
  * @brief Entry point and intialisation functionality for the unhook extention.
  */
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
 
-#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h"
 // include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
 // but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the 
 // second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
@@ -13,10 +13,11 @@
 #include "unhook.h"
 #include "refresh.h"
 
-DWORD unhook_pe(Remote *remote, Packet *packet);
+// Required so that use of the API works.
+MetApi* met_api = NULL;
 
-// this sets the delay load hook function, see DelayLoadMetSrv.h
-EnableDelayLoadMetSrv();
+
+DWORD unhook_pe(Remote *remote, Packet *packet);
 
 Command customCommands[] =
 {
@@ -27,23 +28,28 @@ Command customCommands[] =
 };
 
 /*!
- * @brief Initialize the server extension
+ * @brief Initialize the server extension.
+ * @param api Pointer to the Meterpreter API structure.
+ * @param remote Pointer to the remote instance.
+ * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
+DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
 {
-	hMetSrv = remote->met_srv;
+    met_api = api;
 
-	command_register_all(customCommands);
+	met_api->command.register_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
 
 /*!
- * @brief Deinitialize the server extension
+ * @brief Deinitialize the server extension.
+ * @param remote Pointer to the remote instance.
+ * @return Indication of success or failure.
  */
 DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 {
-	command_deregister_all(customCommands);
+	met_api->command.deregister_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
@@ -51,13 +57,13 @@ DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 
 DWORD unhook_pe(Remote *remote, Packet *packet)
 {
-	Packet *response = packet_create_response(packet);
+	Packet *response = met_api->packet.create_response(packet);
 	DWORD result = ERROR_SUCCESS;
 	
 	RefreshPE();
 
-	packet_add_tlv_uint(response, TLV_TYPE_UNHOOK_RESPONSE, ERROR_SUCCESS);
-	packet_transmit_response(result, remote, response);
+	met_api->packet.add_tlv_uint(response, TLV_TYPE_UNHOOK_RESPONSE, ERROR_SUCCESS);
+	met_api->packet.transmit_response(result, remote, response);
 
 	return ERROR_SUCCESS;
 

c/meterpreter/workspace/ext_server_unhook/ext_server_unhook.vcxproj

@@ -84,7 +84,7 @@
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_UNHOOK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -134,7 +134,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_UNHOOK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -187,7 +187,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MaxSpeed</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_UNHOOK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -236,7 +236,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MaxSpeed</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\unhook;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_UNHOOK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>