Add more documnetation, tidying

More of the usual, added during investigations.
2024-11-26 17:41:08 +01:00 · 2013-11-22 12:12:48 +10:00 · 2013-11-22 12:12:48 +10:00 · c947f9d1f6
commit c947f9d1f6
parent f3eaadd184
5 changed files with 88 additions and 69 deletions
--- a/c/meterpreter/make.bat
+++ b/c/meterpreter/make.bat
@ -46,6 +46,10 @@ IF "%ERRORLEVEL%" == "0" (
  )
 )

+FOR /F "usebackq tokens=1,2 delims==" %%i IN (`wmic os get LocalDateTime /VALUE 2^>NUL`) DO IF '.%%i.'=='.LocalDateTime.' SET LDT=%%j
+SET LDT=%LDT:~0,4%-%LDT:~4,2%-%LDT:~6,2% %LDT:~8,2%:%LDT:~10,2%:%LDT:~12,6%
+echo Finished %ldt%
+
 GOTO :END

 :CLEAN
--- a/c/meterpreter/source/common/arch/win/i386/base_dispatch.c
+++ b/c/meterpreter/source/common/arch/win/i386/base_dispatch.c
@ -1,9 +1,6 @@
 #include "common.h"
 #include "base_inject.h"

-// An external reference to the meterpreters main server thread, so we can shutdown gracefully after successfull migration.
-extern THREAD * serverThread;
-
 // see '/msf3/external/source/shellcode/x86/migrate/migrate.asm'
 BYTE migrate_stub_x86[] =	"\xFC\x8B\x74\x24\x04\x81\xEC\x00\x20\x00\x00\xE8\x89\x00\x00\x00"
 							"\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B\x52\x0C\x8B\x52\x14\x8B"
--- a/c/meterpreter/source/common/base.c
+++ b/c/meterpreter/source/common/base.c
@ -247,6 +247,7 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 	Command *commands[2] = { baseCommand, extensionCommand };
 	Command *command = NULL;
 	DWORD dwIndex;
+	LPCSTR lpMethod = NULL;

 	__try
 	{
@ -261,7 +262,8 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 					continue;
 				}

-				dprintf("[COMMAND] Executing command %s", command->method);
+				lpMethod = command->method;
+				dprintf("[COMMAND] Executing command %s", lpMethod);

 #ifdef _WIN32
 				// Impersonate the thread token if needed (only on Windows)
@ -269,7 +271,7 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				{
 					if (!ImpersonateLoggedOnUser(remote->hThreadToken))
 					{
-						dprintf("[COMMAND] Failed to impersonate thread token (%s) (%u)", command->method, GetLastError());
+						dprintf("[COMMAND] Failed to impersonate thread token (%s) (%u)", lpMethod, GetLastError());
 					}
 				}
 #endif
@ -287,12 +289,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				case PACKET_TLV_TYPE_REQUEST:
 				case PACKET_TLV_TYPE_PLAIN_REQUEST:
 					if (command->request.inline_handler) {
-						dprintf("[DISPATCH] executing inline request handler %s", command->method);
-						serverContinue = command->request.inline_handler(remote, packet, &result);
+						dprintf("[DISPATCH] executing inline request handler %s", lpMethod);
+						serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing request handler %s", command->method);
+						dprintf("[DISPATCH] executing request handler %s", lpMethod);
 						result = command->request.handler(remote, packet);
 					}
 					break;
@ -300,12 +302,12 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 				case PACKET_TLV_TYPE_PLAIN_RESPONSE:
 					if (command->response.inline_handler)
 					{
-						dprintf("[DISPATCH] executing inline response handler %s", command->method);
-						serverContinue = command->response.inline_handler(remote, packet, &result);
+						dprintf("[DISPATCH] executing inline response handler %s", lpMethod);
+						serverContinue = command->response.inline_handler(remote, packet, &result) && serverContinue;
 					}
 					else
 					{
-						dprintf("[DISPATCH] executing response handler %s", command->method);
+						dprintf("[DISPATCH] executing response handler %s", lpMethod);
 						result = command->response.handler(remote, packet);
 					}
 					break;
@ -325,11 +327,13 @@ BOOL command_process_inline(Command *baseCommand, Command *extensionCommand, Rem
 			{
 				packet_call_completion_handlers(remote, packet, requestId);
 			}
+
+			dprintf("[COMMAND] Completion handlers finished for %s. Returning: %s", lpMethod, (serverContinue ? "TRUE" : "FALSE"));
 		} while (0);
 	}
 	__except (EXCEPTION_EXECUTE_HANDLER)
 	{
-		dprintf("[COMMAND] Exception hit in command %s", command->method);
+		dprintf("[COMMAND] Exception hit in command %s", lpMethod);
 	}

 	packet_destroy(packet);
--- a/c/meterpreter/source/common/base_dispatch_common.c
+++ b/c/meterpreter/source/common/base_dispatch_common.c
@ -631,9 +631,11 @@ DWORD remote_request_core_shutdown( Remote *remote, Packet *packet, DWORD* pResu
 	packet_add_tlv_bool( response, TLV_TYPE_BOOL, TRUE );

 	// Transmit the response
+	dprintf("[DISPATCH] Ack shutdown request");
 	packet_transmit_response( result, remote, response );

 	*pResult = result;

-	return TRUE;
+	dprintf("[DISPATCH] Telling dispatch loop to finish");
+	return FALSE;
 }
--- a/c/meterpreter/source/server/server_setup.c
+++ b/c/meterpreter/source/server/server_setup.c
@ -1,3 +1,6 @@
+/*!
+ * @file server_setup.c
+ */
 #include "metsrv.h"
 #include "../../common/common.h"

@ -43,33 +46,37 @@ const unsigned int hAppInstance = 0x504b5320; // 'PKS '
 #define PREPEND_INFO  "### Info : "
 #define PREPEND_WARN  "### Warn : "

-/*
- * This thread is the main server thread which we use to syncronize a gracefull 
- * shutdown of the server during process migration.
- */
-THREAD * serverThread = NULL;
+/*! * @breif This thread is the main server thread. */
+static THREAD * serverThread = NULL;

-/*
- * An array of locks for use by OpenSSL.
- */
+/*! @brief An array of locks for use by OpenSSL. */
 static LOCK ** ssl_locks = NULL;

-/*
- * A callback function used by OpenSSL to leverage native system locks.
+/*!
+ * @brief A callback function used by OpenSSL to leverage native system locks.
+ * @param mode The lock mode to set.
+ * @param type The lock type to operate on.
+ * @param file Unused.
+ * @param line Unused.
 */
-static VOID server_locking_callback( int mode, int type, const char * file, int line )
+static VOID server_locking_callback(int mode, int type, const char * file, int line)
 {
-	if( mode & CRYPTO_LOCK )
-		lock_acquire( ssl_locks[type] );
+	if (mode & CRYPTO_LOCK)
+	{
+		lock_acquire(ssl_locks[type]);
+	}
 	else
-		lock_release( ssl_locks[type] );
+	{
+		lock_release(ssl_locks[type]);
+	}
 }

-/*
- * A callback function used by OpenSSL to get the current threads id.
- * While not needed on windows this must be used for posix meterpreter.
+/*!
+ * @brief A callback function used by OpenSSL to get the current threads id.
+ * @returns The current thread ID.
+ * @remarks While not needed on windows this must be used for posix meterpreter.
 */
-static DWORD server_threadid_callback( VOID )
+static DWORD server_threadid_callback(VOID)
 {
 #ifdef _WIN32
 	return GetCurrentThreadId();
@ -81,7 +88,7 @@ static DWORD server_threadid_callback( VOID )
 /*
 * Callback function for dynamic lock creation for OpenSSL.
 */
-static struct CRYPTO_dynlock_value * server_dynamiclock_create( const char * file, int line )
+static struct CRYPTO_dynlock_value * server_dynamiclock_create(const char * file, int line)
 {
 	return (struct CRYPTO_dynlock_value *)lock_create();
 }
@ -93,10 +100,14 @@ static void server_dynamiclock_lock( int mode, struct CRYPTO_dynlock_value * l,
 {
 	LOCK * lock = (LOCK *)l;

-	if( mode & CRYPTO_LOCK )
-		lock_acquire( lock );
+	if (mode & CRYPTO_LOCK)
+	{
+		lock_acquire(lock);
+	}
 	else
-		lock_release( lock );
+	{
+		lock_release(lock);
+	}
 }

 /*
@ -322,59 +333,62 @@ static BOOL server_negotiate_ssl(Remote *remote)
 	return success;
 }

-/*
- * The servers main dispatch loop for incoming requests using SSL over TCP
+/*!
+ * @brief The servers main dispatch loop for incoming requests using SSL over TCP
+ * @param remote Pointer to the remote endpoint for this server connection.
+ * @returns Indication of success or failure.
 */
-static DWORD server_dispatch( Remote * remote )
+static DWORD server_dispatch(Remote * remote)
 {
-	LONG result     = ERROR_SUCCESS;
+	BOOL running = TRUE;
+	LONG result = ERROR_SUCCESS;
 	Packet * packet = NULL;
-	THREAD * cpt    = NULL;
+	THREAD * cpt = NULL;

-	dprintf( "[DISPATCH] entering server_dispatch( 0x%08X )", remote );
+	dprintf("[DISPATCH] entering server_dispatch( 0x%08X )", remote);

 	// Bring up the scheduler subsystem.
-	result = scheduler_initialize( remote );
-	if( result != ERROR_SUCCESS )
-		return result;
-
-	while( TRUE )
+	result = scheduler_initialize(remote);
+	if (result != ERROR_SUCCESS)
 	{
-		if( event_poll( serverThread->sigterm, 0 ) )
+		return result;
+	}
+
+	while (running)
+	{
+		if (event_poll(serverThread->sigterm, 0))
 		{
-			dprintf( "[DISPATCH] server dispatch thread signaled to terminate..." );
+			dprintf("[DISPATCH] server dispatch thread signaled to terminate...");
 			break;
 		}

-		result = server_socket_poll( remote, 100 );
-		if( result > 0 )
+		result = server_socket_poll(remote, 100);
+		if (result > 0)
 		{
-			result = packet_receive( remote, &packet );
-			if( result != ERROR_SUCCESS ) {
-				dprintf( "[DISPATCH] packet_receive returned %d, exiting dispatcher...", result );		
+			result = packet_receive(remote, &packet);
+			if (result != ERROR_SUCCESS)
+			{
+				dprintf("[DISPATCH] packet_receive returned %d, exiting dispatcher...", result);
 				break;
 			}

-			if( !command_handle( remote, packet ) )
-			{
-				dprintf( "[DISPATCH] command_process indicated server stop. Exiting." );
-				break;
-			}
+			running = command_handle(remote, packet);
+			dprintf("[DISPATCH] command_process result: %s", (running ? "continue" : "stop"));
 		}
-		else if( result < 0 )
+		else if (result < 0)
 		{
-			dprintf( "[DISPATCH] server_socket_poll returned %d, exiting dispatcher...", result );
+			dprintf("[DISPATCH] server_socket_poll returned %d, exiting dispatcher...", result);
 			break;
 		}
 	}

-	dprintf( "[DISPATCH] calling scheduler_destroy..." );
+	dprintf("[DISPATCH] calling scheduler_destroy...");
 	scheduler_destroy();

-	dprintf( "[DISPATCH] calling command_join_threads..." );
+	dprintf("[DISPATCH] calling command_join_threads...");
 	command_join_threads();

-	dprintf( "[DISPATCH] leaving server_dispatch." );
+	dprintf("[DISPATCH] leaving server_dispatch.");

 	return result;
 }
@ -385,6 +399,7 @@ static DWORD server_dispatch( Remote * remote )
 */
 static DWORD server_dispatch_http_wininet( Remote * remote )
 {
+	BOOL running = TRUE;
 	LONG result     = ERROR_SUCCESS;
 	Packet * packet = NULL;
 	THREAD * cpt    = NULL;
@ -455,7 +470,7 @@ static DWORD server_dispatch_http_wininet( Remote * remote )
 	if( result != ERROR_SUCCESS )
 		return result;

-	while( TRUE )
+	while(running)
 	{
 		if (remote->comm_timeout != 0 && remote->comm_last_packet + remote->comm_timeout < current_unix_timestamp()) {
 			dprintf("[DISPATCH] Shutting down server due to communication timeout");
@ -501,11 +516,8 @@ static DWORD server_dispatch_http_wininet( Remote * remote )

 		dprintf("[DISPATCH] Returned result: %d", result);

-		if( !command_handle( remote, packet ) )
-		{
-			dprintf( "[DISPATCH] command_process indicated server stop. Exiting." );
-			break;
-		}
+		running = command_handle(remote, packet);
+		dprintf("[DISPATCH] command_process result: %s", (running ? "continue" : "stop"));
 	}

 	// Close WinInet handles