From d7005e679ebcf8031a6123314a3cdbcada5594d5 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Thu, 8 Sep 2022 15:56:56 -0400 Subject: [PATCH] Switch to using a submodule of TrustedSec/COFFLoader --- .gitmodules | 3 + .../source/extensions/bofloader/COFFLoader | 1 + .../.github/workflows/autorelease.yml | 61 -- .../bofloader/COFFLoader/.gitignore | 4 - .../bofloader/COFFLoader/COFFLoader.c | 628 ------------ .../bofloader/COFFLoader/COFFLoader.h | 135 --- .../bofloader/COFFLoader/LICENSE.txt | 25 - .../extensions/bofloader/COFFLoader/Makefile | 36 - .../extensions/bofloader/COFFLoader/README.md | 47 - .../extensions/bofloader/COFFLoader/beacon.h | 61 -- .../COFFLoader/beacon_compatibility.c | 355 ------- .../COFFLoader/beacon_compatibility.h | 66 -- .../bofloader/COFFLoader/beacon_generate.py | 96 -- .../extensions/bofloader/COFFLoader/dll.c | 30 - .../bofloader/COFFLoader/extension.json | 22 - .../extensions/bofloader/COFFLoader/test.c | 44 - .../source/extensions/bofloader/main.c | 54 +- .../ext_server_bofloader.vcxproj | 933 +++++++++--------- c/meterpreter/workspace/meterpreter.sln | 152 +-- 19 files changed, 521 insertions(+), 2232 deletions(-) create mode 160000 c/meterpreter/source/extensions/bofloader/COFFLoader delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/.github/workflows/autorelease.yml delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/.gitignore delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.c delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.h delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/LICENSE.txt delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/Makefile delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/README.md delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/beacon.h delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.c delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.h delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_generate.py delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/dll.c delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/extension.json delete mode 100644 c/meterpreter/source/extensions/bofloader/COFFLoader/test.c diff --git a/.gitmodules b/.gitmodules index aa1a4a30..68c4a63e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,6 @@ [submodule "c/meterpreter/source/extensions/kiwi/mimikatz"] path = c/meterpreter/source/extensions/kiwi/mimikatz url = https://github.com/rapid7/mimikatz +[submodule "c/meterpreter/source/extensions/bofloader/COFFLoader"] + path = c/meterpreter/source/extensions/bofloader/COFFLoader + url = https://github.com/TrustedSec/COFFLoader diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader b/c/meterpreter/source/extensions/bofloader/COFFLoader new file mode 160000 index 00000000..d69bc130 --- /dev/null +++ b/c/meterpreter/source/extensions/bofloader/COFFLoader @@ -0,0 +1 @@ +Subproject commit d69bc130ccdd6229b90307b0cef05f255587323b diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/.github/workflows/autorelease.yml b/c/meterpreter/source/extensions/bofloader/COFFLoader/.github/workflows/autorelease.yml deleted file mode 100644 index 86ab034f..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/.github/workflows/autorelease.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: Release - -on: - push: - tags: ["v[1-9]+.[0-9]+.[0-9]+"] - branches: [main] - -jobs: - dll-build: - name: Build the DLL - if: startsWith( github.ref, 'refs/tags/v') - runs-on: ubuntu-latest - timeout-minutes: 10 - steps: - - name: OS Packages - run: | - sudo apt-get update --fix-missing && sudo apt-get -y install \ - git build-essential zlib1g zlib1g-dev wget zip unzip \ - mingw-w64 binutils-mingw-w64 g++-mingw-w64 gcc-multilib jq - - - name: Minisign - run: | - MINISIGN_TMP=`mktemp -d` - cd $MINISIGN_TMP - wget https://github.com/aead/minisign/releases/download/v0.2.0/minisign-linux-amd64.tar.gz - tar xvf minisign-linux-amd64.tar.gz - mv ./minisign ~/minisign - - - name: Check out code - uses: actions/checkout@v2 - - - name: Git Fetch Tags - run: git fetch --prune --unshallow --tags -f - - - name: Build artifacts - run: | - make clean - make all-dll - mkdir artifacts - VERSION=$(git describe --tags --abbrev=0) - cat extension.json | jq ".version |= \"$VERSION\"" > ./artifacts/extension.json - cp LICENSE.txt ./artifacts/LICENSE - mv *.dll ./artifacts/ - cd artifacts - tar -czvf ../coff-loader.tar.gz . - - - name: Sign Package - run: | - touch ~/minisign.key && chmod 600 ~/minisign.key - echo -e "${{ secrets.MINISIGN_PRIVATE_KEY }}" > ~/minisign.key - MANIFEST=$(cat ./artifacts/extension.json | base64 -w 0) - bash -c "echo \"\" | ~/minisign -s ~/minisign.key -S -m ./coff-loader.tar.gz -t \"$MANIFEST\" -x coff-loader.minisig" - - - name: "Publish Release" - uses: "marvinpinto/action-automatic-releases@latest" - with: - repo_token: "${{ secrets.GITHUB_TOKEN }}" - prerelease: false - files: | - ./coff-loader.tar.gz - ./coff-loader.minisig diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/.gitignore b/c/meterpreter/source/extensions/bofloader/COFFLoader/.gitignore deleted file mode 100644 index 3c3c7474..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*.exe -*.out -*.dll -.vscode \ No newline at end of file diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.c b/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.c deleted file mode 100644 index c039027d..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.c +++ /dev/null @@ -1,628 +0,0 @@ -/* - * COFF Loader Project - * ------------------- - * This is a re-implementation of a COFF loader, with a BOF compatibility layer - * it's meant to provide functional example of loading a COFF file in memory - * and maybe be useful. - */ -#include -#include -#include -#include - -#if defined(_WIN32) -#include -#include "beacon_compatibility.h" -#endif - -#include "COFFLoader.h" -/* Enable or disable debug output if testing or adding new relocation types */ -#ifdef DEBUG -#define DEBUG_PRINT(x, ...) printf(x, ##__VA_ARGS__) -#else -#define DEBUG_PRINT(x, ...) -#endif - -/* Defining symbols for the OS version, will try to define anything that is - * different between the arch versions by specifying them here. */ -#if defined(__x86_64__) || defined(_WIN64) -#define PREPENDSYMBOLVALUE "__imp_" -#else -#define PREPENDSYMBOLVALUE "__imp__" -#endif - -unsigned char *unhexlify(unsigned char *value, int *outlen) -{ - unsigned char *retval = NULL; - char byteval[3] = {0}; - int counter = 0; - int counter2 = 0; - char character = 0; - if (value == NULL) - { - return NULL; - } - DEBUG_PRINT("Unhexlify Strlen: %lu\n", (long unsigned int)strlen((char *)value)); - if (value == NULL || strlen((char *)value) % 2 != 0) - { - DEBUG_PRINT("Either value is NULL, or the hexlified string isn't valid\n"); - goto errcase; - } - - retval = calloc(strlen((char *)value) + 1, 1); - if (retval == NULL) - { - goto errcase; - } - - counter2 = 0; - #pragma warning(push) - #pragma warning(disable:4018) - #pragma warning(disable:4244) - for (counter = 0; counter < strlen((char *)value); counter += 2) - { - memcpy(byteval, value + counter, 2); - character = strtol(byteval, NULL, 16); - memcpy(retval + counter2, &character, 1); - counter2++; - } - *outlen = counter2; - #pragma warning(pop) -errcase: - return retval; -} - - - -/* Helper to just get the contents of a file, used for testing. Real - * implementations of this in an agent would use the tasking from the - * C2 server for this */ -unsigned char *getContents(char *filepath, uint32_t *outsize) -{ - FILE *fin = NULL; - uint32_t fsize = 0; - uint32_t readsize = 0; - unsigned char *buffer = NULL; - unsigned char *tempbuffer = NULL; - - fin = fopen(filepath, "rb"); - if (fin == NULL) - { - return NULL; - } - fseek(fin, 0, SEEK_END); - fsize = ftell(fin); - fseek(fin, 0, SEEK_SET); - tempbuffer = calloc(fsize, 1); - if (tempbuffer == NULL) - { - return NULL; - } - memset(tempbuffer, 0, fsize); - #pragma warning(push) - #pragma warning(disable:4267) - readsize = fread(tempbuffer, 1, fsize, fin); - #pragma warning(pop) - - fclose(fin); - buffer = calloc(readsize, 1); - if (buffer == NULL) - { - return NULL; - } - memset(buffer, 0, readsize); - memcpy(buffer, tempbuffer, readsize - 1); - free(tempbuffer); - *outsize = fsize; - return buffer; -} - -/* Helper function to process a symbol string, determine what function and - * library its from, and return the right function pointer. Will need to - * implement in the loading of the beacon internal functions, or any other - * internal functions you want to have available. */ -void *process_symbol(char *symbolstring) -{ - void *functionaddress = NULL; - char localcopy[1024] = {0}; - char *locallib = NULL; - char *localfunc = NULL; -#if defined(_WIN32) - int tempcounter = 0; - HMODULE llHandle = NULL; -#endif - - memcpy(localcopy, symbolstring, strlen(symbolstring)); - if (strncmp(symbolstring, PREPENDSYMBOLVALUE "Beacon", strlen(PREPENDSYMBOLVALUE "Beacon")) == 0 || strncmp(symbolstring, PREPENDSYMBOLVALUE "toWideChar", strlen(PREPENDSYMBOLVALUE "toWideChar")) == 0 || - strncmp(symbolstring, PREPENDSYMBOLVALUE "GetProcAddress", strlen(PREPENDSYMBOLVALUE "GetProcAddress")) == 0 || strncmp(symbolstring, PREPENDSYMBOLVALUE "LoadLibraryA", strlen(PREPENDSYMBOLVALUE "LoadLibraryA")) == 0 || - strncmp(symbolstring, PREPENDSYMBOLVALUE "GetModuleHandleA", strlen(PREPENDSYMBOLVALUE "GetModuleHandleA")) == 0 || strncmp(symbolstring, PREPENDSYMBOLVALUE "FreeLibrary", strlen(PREPENDSYMBOLVALUE "FreeLibrary")) == 0) - { - localfunc = symbolstring + strlen(PREPENDSYMBOLVALUE); - DEBUG_PRINT("\t\tInternalFunction: %s\n", localfunc); - /* TODO: Get internal symbol here and set to functionaddress, then - * return the pointer to the internal function*/ -#if defined(_WIN32) - for (tempcounter = 0; tempcounter < 29; tempcounter++) - { - if (InternalFunctions[tempcounter][0] != NULL) - { - if (strcmp(localfunc, (char *)(InternalFunctions[tempcounter][0])) == 0) - { - functionaddress = (void *)InternalFunctions[tempcounter][1]; - return functionaddress; - } - } - } -#endif - } - else if (strncmp(symbolstring, PREPENDSYMBOLVALUE, strlen(PREPENDSYMBOLVALUE)) == 0) - { - DEBUG_PRINT("\t\tYep its an external symbol\n"); - locallib = localcopy + strlen(PREPENDSYMBOLVALUE); - - locallib = strtok(locallib, "$"); - localfunc = strtok(NULL, "$"); - DEBUG_PRINT("\t\tLibrary: %s\n", locallib); - localfunc = strtok(localfunc, "@"); - DEBUG_PRINT("\t\tFunction: %s\n", localfunc); - /* Resolve the symbols here, and set the functionpointervalue */ -#if defined(_WIN32) - llHandle = LoadLibraryA(locallib); - DEBUG_PRINT("\t\tHandle: 0x%lx\n", llHandle); - functionaddress = GetProcAddress(llHandle, localfunc); - DEBUG_PRINT("\t\tProcAddress: 0x%p\n", functionaddress); -#endif - } - return functionaddress; -} - -int LoadAndRun(char *argsBuffer, uint32_t bufferSize, goCallback callback) -{ -#if defined(_WIN32) - // argsBuffer: functionname |coff_data | args_data - datap parser; - char *functionName; - unsigned char *coff_data = NULL; - unsigned char *arguments_data = NULL; - int filesize = 0; - int arguments_size = 0; - - BeaconDataParse(&parser, argsBuffer, bufferSize); - functionName = BeaconDataExtract(&parser, NULL); - if (functionName == NULL) - { - return 1; - } - coff_data = (unsigned char *)BeaconDataExtract(&parser, &filesize); - if (coff_data == NULL) - { - return 1; - } - arguments_data = (unsigned char *)BeaconDataExtract(&parser, &arguments_size); - if (arguments_data == NULL) - { - return 1; - } - - return RunCOFF(functionName, coff_data, filesize, arguments_data, arguments_size, callback); -#else - return 0; -#endif -} -// #endif -/* Just a generic runner for testing, this is pretty much just a reference - * implementation, return values will need to be checked, more relocation - * types need to be handled, and needs to have different arguments for use - * in any agent. */ -int RunCOFF(char *functionname, unsigned char *coff_data, uint32_t filesize, unsigned char *argumentdata, int argumentSize, goCallback callback) -{ - coff_file_header_t *coff_header_ptr = NULL; - coff_sect_t *coff_sect_ptr = NULL; - coff_reloc_t *coff_reloc_ptr = NULL; - coff_sym_t *coff_sym_ptr = NULL; - char *outdata = NULL; - int outdataSize = 0; - int retcode = 0; - int counter = 0; - int reloccount = 0; - int tempcounter = 0; - uint32_t symptr = 0; - long unsigned int old_prot = 0; - uint32_t protect = 0; - uint32_t protect_index = 0; -#ifdef _WIN32 - void *funcptrlocation = NULL; - int32_t offsetvalue = 0; -#endif - char *entryfuncname = functionname; -#if defined(__x86_64__) || defined(_WIN64) -#ifdef _WIN32 - uint64_t longoffsetvalue = 0; -#endif -#else - /* Set the input function name to match the 32 bit version */ - entryfuncname = calloc(strlen(functionname) + 2, 1); - if (entryfuncname == NULL) - { - return 1; - } - (void)sprintf(entryfuncname, "_%s", functionname); -#endif - -#ifdef _WIN32 - /* NOTE: I just picked a size, look to see what is max/normal. */ - char *sectionMapping[25] = {0}; -#ifdef DEBUG - int sectionSize[25] = {0}; -#endif - void (*foo)(char *in, unsigned long datalen); - char *functionMapping = NULL; - int functionMappingCount = 0; -#endif - - if (coff_data == NULL) - { - DEBUG_PRINT("Can't execute NULL\n"); - return 1; - } - coff_header_ptr = (coff_file_header_t *)coff_data; - DEBUG_PRINT("Machine 0x%X\n", coff_header_ptr->Machine); - DEBUG_PRINT("Number of sections: %d\n", coff_header_ptr->NumberOfSections); - DEBUG_PRINT("TimeDateStamp : %X\n", coff_header_ptr->TimeDateStamp); - DEBUG_PRINT("PointerToSymbolTable : 0x%X\n", coff_header_ptr->PointerToSymbolTable); - DEBUG_PRINT("NumberOfSymbols: %d\n", coff_header_ptr->NumberOfSymbols); - DEBUG_PRINT("OptionalHeaderSize: %d\n", coff_header_ptr->SizeOfOptionalHeader); - DEBUG_PRINT("Characteristics: %d\n", coff_header_ptr->Characteristics); - DEBUG_PRINT("\n"); - coff_sym_ptr = (coff_sym_t *)(coff_data + coff_header_ptr->PointerToSymbolTable); - - /* Handle the allocation and copying of the sections we're going to use - * for right now I'm just VirtualAlloc'ing memory, this can be changed to - * other methods, but leaving that up to the person implementing it. */ - for (counter = 0; counter < coff_header_ptr->NumberOfSections; counter++) - { - coff_sect_ptr = (coff_sect_t *)(coff_data + sizeof(coff_file_header_t) + (sizeof(coff_sect_t) * counter)); - DEBUG_PRINT("Name: %s\n", coff_sect_ptr->Name); - DEBUG_PRINT("VirtualSize: 0x%X\n", coff_sect_ptr->VirtualSize); - DEBUG_PRINT("VirtualAddress: 0x%X\n", coff_sect_ptr->VirtualAddress); - DEBUG_PRINT("SizeOfRawData: 0x%X\n", coff_sect_ptr->SizeOfRawData); - DEBUG_PRINT("PointerToRelocations: 0x%X\n", coff_sect_ptr->PointerToRelocations); - DEBUG_PRINT("PointerToRawData: 0x%X\n", coff_sect_ptr->PointerToRawData); - DEBUG_PRINT("NumberOfRelocations: %d\n", coff_sect_ptr->NumberOfRelocations); - /* NOTE: When changing the memory loading information of the loader, - * you'll want to use this field and the defines from the Section - * Flags table of Microsofts page, some defined in COFFLoader.h */ - DEBUG_PRINT("Characteristics: %x\n", coff_sect_ptr->Characteristics); -#ifdef _WIN32 - DEBUG_PRINT("Allocating 0x%x bytes\n", coff_sect_ptr->VirtualSize); - /* NOTE: Might want to allocate as PAGE_READWRITE and VirtualProtect - * before execution to either PAGE_READWRITE or PAGE_EXECUTE_READ - * depending on the Section Characteristics. Parse them all again - * before running and set the memory permissions. */ - sectionMapping[counter] = VirtualAlloc(NULL, coff_sect_ptr->SizeOfRawData, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_READWRITE); -#ifdef DEBUG - sectionSize[counter] = coff_sect_ptr->SizeOfRawData; -#endif - if (sectionMapping[counter] == NULL) - { - DEBUG_PRINT("Failed to allocate memory\n"); - } - DEBUG_PRINT("Allocated section %d at %p\n", counter, sectionMapping[counter]); - memcpy(sectionMapping[counter], coff_data + coff_sect_ptr->PointerToRawData, coff_sect_ptr->SizeOfRawData); - -#endif - } - - /* Allocate and setup the GOT for functions, same here as above. */ -#ifdef _WIN32 -#ifdef _WIN64 - functionMapping = VirtualAlloc(NULL, 2048, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_READWRITE); -#else - functionMapping = VirtualAlloc(NULL, 2048, MEM_COMMIT | MEM_RESERVE | MEM_TOP_DOWN, PAGE_READWRITE); -#endif -#endif - #pragma warning(push) - #pragma warning(disable:4244) - - /* Start parsing the relocations, and *hopefully* handle them correctly. */ - for (counter = 0; counter < coff_header_ptr->NumberOfSections; counter++) - { - DEBUG_PRINT("Doing Relocations of section: %d\n", counter); - coff_sect_ptr = (coff_sect_t *)(coff_data + sizeof(coff_file_header_t) + (sizeof(coff_sect_t) * counter)); - coff_reloc_ptr = (coff_reloc_t *)(coff_data + coff_sect_ptr->PointerToRelocations); - for (reloccount = 0; reloccount < coff_sect_ptr->NumberOfRelocations; reloccount++) - { - DEBUG_PRINT("\tVirtualAddress: 0x%X\n", coff_reloc_ptr->VirtualAddress); - DEBUG_PRINT("\tSymbolTableIndex: 0x%X\n", coff_reloc_ptr->SymbolTableIndex); - DEBUG_PRINT("\tType: 0x%X\n", coff_reloc_ptr->Type); - if (coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].first.Name[0] != 0) - { - symptr = coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].first.value[1]; - DEBUG_PRINT("\tSymPtr: 0x%X\n", symptr); - DEBUG_PRINT("\tSymName: %s\n", coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].first.Name); - DEBUG_PRINT("\tSectionNumber: 0x%X\n", coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber); - - /* This is the code for relative offsets in other sections of the COFF file. */ -#ifdef _WIN32 -#ifdef _WIN64 - /* Type == 1 relocation is the 64-bit VA of the relocation target */ - if (coff_reloc_ptr->Type == IMAGE_REL_AMD64_ADDR64) - { - memcpy(&longoffsetvalue, sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, sizeof(uint64_t)); - DEBUG_PRINT("\tReadin longOffsetValue : 0x%llX\n", longoffsetvalue); - longoffsetvalue = (uint64_t)(sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] + (uint64_t)longoffsetvalue); - DEBUG_PRINT("\tModified longOffsetValue : 0x%llX Base Address: %p\n", longoffsetvalue, sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1]); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &longoffsetvalue, sizeof(uint64_t)); - } - /* This is Type == 3 relocation code */ - else if (coff_reloc_ptr->Type == IMAGE_REL_AMD64_ADDR32NB) - { - memcpy(&offsetvalue, sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, sizeof(int32_t)); - DEBUG_PRINT("\tReadin OffsetValue : 0x%0X\n", offsetvalue); - DEBUG_PRINT("\t\tReferenced Section: 0x%X\n", sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] + offsetvalue); - DEBUG_PRINT("\t\tEnd of Relocation Bytes: 0x%X\n", sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4); - if (((char *)(sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] + offsetvalue) - (char *)(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)) > 0xffffffff) - { - DEBUG_PRINT("Relocations > 4 gigs away, exiting\n"); - retcode = 1; - goto cleanup; - } - offsetvalue = ((char *)(sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] + offsetvalue) - (char *)(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)); - DEBUG_PRINT("\tOffsetValue : 0x%0X\n", offsetvalue); - DEBUG_PRINT("\t\tSetting 0x%X to %X\n", sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); - } - /* This is Type == 4 relocation code, needed to make global variables to work correctly */ - else if (coff_reloc_ptr->Type == IMAGE_REL_AMD64_REL32) - { - memcpy(&offsetvalue, sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, sizeof(int32_t)); - DEBUG_PRINT("\t\tReadin offset value: 0x%X\n", offsetvalue); - if ((sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)) > 0xffffffff) - { - DEBUG_PRINT("Relocations > 4 gigs away, exiting\n"); - retcode = 1; - goto cleanup; - } - offsetvalue += (sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)); - DEBUG_PRINT("\t\tRelative address: 0x%X\n", offsetvalue); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); - #pragma warning(pop) - } - else - { - DEBUG_PRINT("No code for relocation type: %d\n", coff_reloc_ptr->Type); - } -#else - /* This is Type == IMAGE_REL_I386_DIR32 relocation code */ - memcpy(&offsetvalue, sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, sizeof(int32_t)); - DEBUG_PRINT("\tReadin OffsetValue : 0x%0X\n", offsetvalue); - offsetvalue = (uint32_t)(sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1]) + offsetvalue; - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); -#endif // WIN64 statement close -#endif // WIN32 statement close - } - else - { - symptr = coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].first.value[1]; - DEBUG_PRINT("\tSymPtr: 0x%X\n", symptr); - DEBUG_PRINT("\tSymVal: %s\n", ((char *)(coff_sym_ptr + coff_header_ptr->NumberOfSymbols)) + symptr); - DEBUG_PRINT("\tSectionNumber: 0x%X\n", coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber); - - /* This is the code to handle functions themselves, so using a makeshift Global Offset Table for it */ -#ifdef _WIN32 - funcptrlocation = process_symbol(((char *)(coff_sym_ptr + coff_header_ptr->NumberOfSymbols)) + symptr); - if (funcptrlocation == NULL) - { - DEBUG_PRINT("Failed to resolve symbol\n"); - retcode = 1; - goto cleanup; - } -#ifdef _WIN64 - if (coff_reloc_ptr->Type == IMAGE_REL_AMD64_REL32 && funcptrlocation != NULL) - { - /* This is Type == 4 relocation code */ - DEBUG_PRINT("Doing function relocation\n"); - if (((functionMapping + (functionMappingCount * 8)) - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)) > 0xffffffff) - { - DEBUG_PRINT("Relocations > 4 gigs away, exiting\n"); - retcode = 1; - goto cleanup; - } - memcpy(functionMapping + (functionMappingCount * 8), &funcptrlocation, sizeof(uint64_t)); - offsetvalue = (int32_t)((functionMapping + (functionMappingCount * 8)) - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)); - DEBUG_PRINT("\t\tRelative address : 0x%x\n", offsetvalue); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); - functionMappingCount++; - } - else if (coff_reloc_ptr->Type == IMAGE_REL_AMD64_REL32) - { - /* This shouldn't be needed here, but incase there's a defined symbol - * that somehow doesn't have a function, try to resolve it here.*/ - memcpy(&offsetvalue, sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, sizeof(int32_t)); - if ((sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)) > 0xffffffff) - { - DEBUG_PRINT("Relocations > 4 gigs away, exiting\n"); - retcode = 1; - goto cleanup; - } - DEBUG_PRINT("\t\tReadin offset value: 0x%X\n", offsetvalue); - #pragma warning(push) - #pragma warning(disable:4244) - offsetvalue += (sectionMapping[coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber - 1] - (sectionMapping[counter] + coff_reloc_ptr->VirtualAddress + 4)); - #pragma warning(pop) - DEBUG_PRINT("\t\tRelative address: 0x%X\n", offsetvalue); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); - } - else - { - DEBUG_PRINT("No code for relocation type: %d\n", coff_reloc_ptr->Type); - } -#else - /* This is Type == IMAGE_REL_I386_DIR32 relocation code */ - memcpy(functionMapping + (functionMappingCount * 4), &funcptrlocation, sizeof(uint32_t)); - offsetvalue = (int32_t)(functionMapping + (functionMappingCount * 4)); - memcpy(sectionMapping[counter] + coff_reloc_ptr->VirtualAddress, &offsetvalue, sizeof(uint32_t)); - functionMappingCount++; -#endif -#endif - } - DEBUG_PRINT("\tValueNumber: 0x%X\n", coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].Value); - DEBUG_PRINT("\tSectionNumber: 0x%X\n", coff_sym_ptr[coff_reloc_ptr->SymbolTableIndex].SectionNumber); - coff_reloc_ptr = (coff_reloc_t *)(((char *)coff_reloc_ptr) + sizeof(coff_reloc_t)); - DEBUG_PRINT("\n"); - } - DEBUG_PRINT("\n"); - } - - /* Some debugging code to see what the sections look like in memory */ -#if DEBUG -#ifdef _WIN32 - for (tempcounter = 0; tempcounter < 10; tempcounter++) - { - DEBUG_PRINT("Section: %d\n", tempcounter); - if (sectionMapping[tempcounter] != NULL) - { - DEBUG_PRINT("\t"); - for (counter = 0; counter < sectionSize[tempcounter]; counter++) - { - DEBUG_PRINT("%02X ", (uint8_t)(sectionMapping[tempcounter][counter])); - } - DEBUG_PRINT("\n"); - } - } -#endif -#endif - // Apply proper page permissions - for (counter = 0; counter < coff_header_ptr->NumberOfSections; counter++) - { - coff_sect_ptr = (coff_sect_t *)(coff_data + sizeof(coff_file_header_t) + (sizeof(coff_sect_t) * counter)); - if (coff_sect_ptr->SizeOfRawData > 0) - { - protect_index = coff_sect_ptr->Characteristics >> 29; - protect = ProtectionFlags[protect_index]; - DEBUG_PRINT("New page prot flag: 0x%08x\n", protect); - if ((coff_sect_ptr->Characteristics & IMAGE_SCN_MEM_NOT_CACHED) != 0) - { - protect |= PAGE_NOCACHE; - } - if (VirtualProtect(sectionMapping[counter], coff_sect_ptr->SizeOfRawData, protect, &old_prot) == 0) - { -#if DEBUG - DWORD error = GetLastError(); - DEBUG_PRINT("Could not change page protection: %08x\n", error); -#endif - return 1; - } - } - } - - if (VirtualProtect(functionMapping, 2048, PAGE_EXECUTE_READ, &old_prot) == 0) - { -#if DEBUG - DWORD error = GetLastError(); - DEBUG_PRINT("Could not change page protection on functionMapping: %08x\n", error); -#endif - return 1; - } - #pragma warning(disable:4018) - - DEBUG_PRINT("Symbols:\n"); - for (tempcounter = 0; tempcounter < coff_header_ptr->NumberOfSymbols; tempcounter++) - { - DEBUG_PRINT("\t%s: Section: %d, Value: 0x%X\n", coff_sym_ptr[tempcounter].first.Name, coff_sym_ptr[tempcounter].SectionNumber, coff_sym_ptr[tempcounter].Value); - if (strcmp(coff_sym_ptr[tempcounter].first.Name, entryfuncname) == 0) - { - DEBUG_PRINT("\t\tFound entry!\n"); -#ifdef _WIN32 - /* So for some reason VS 2017 doesn't like this, but char* casting works, so just going to do that */ -#ifdef _MSC_VER - #pragma warning(disable:4047) - foo = (char *)(sectionMapping[coff_sym_ptr[tempcounter].SectionNumber - 1] + coff_sym_ptr[tempcounter].Value); -#else - foo = (void (*)(char *, unsigned long))(sectionMapping[coff_sym_ptr[tempcounter].SectionNumber - 1] + coff_sym_ptr[tempcounter].Value); -#endif - // sectionMapping[coff_sym_ptr[tempcounter].SectionNumber-1][coff_sym_ptr[tempcounter].Value+7] = '\xcc'; - DEBUG_PRINT("Trying to run: %p\n", foo); - foo((char *)argumentdata, argumentSize); -#endif - } - } - DEBUG_PRINT("Back\n"); - - /* Cleanup the allocated memory */ -#ifdef _WIN32 - if (callback != NULL) - { - outdata = BeaconGetOutputData(&outdataSize); - if (outdata != NULL) - { - DEBUG_PRINT("[COFFLoader] Calling Go callback at %p\n", callback); - (*callback)(outdata, outdataSize); - } - } -cleanup: - for (tempcounter = 0; tempcounter < 25; tempcounter++) - { - if (sectionMapping[tempcounter]) - { - VirtualFree(sectionMapping[tempcounter], 0, MEM_RELEASE); - } - } - VirtualFree(functionMapping, 0, MEM_RELEASE); -#endif - DEBUG_PRINT("Returning\n"); - return retcode; -} - -#ifdef COFF_STANDALONE -int main(int argc, char *argv[]) -{ - char *coff_data = NULL; - unsigned char *arguments = NULL; - int argumentSize = 0; -#ifdef _WIN32 - char *outdata = NULL; - int outdataSize = 0; -#endif - uint32_t filesize = 0; - int checkcode = 0; - if (argc < 3) - { - printf("ERROR: %s go /path/to/object/file.o (arguments)\n", argv[0]); - return 1; - } - - coff_data = (char *)getContents(argv[2], &filesize); - if (coff_data == NULL) - { - printf("ERROR: empty bof file\n"); - return 1; - } - printf("Got contents of COFF file\n"); - arguments = unhexlify((unsigned char *)argv[3], &argumentSize); - printf("Running/Parsing the COFF file\n"); - checkcode = RunCOFF(argv[1], (unsigned char *)coff_data, filesize, arguments, argumentSize, NULL); - if (checkcode == 0) - { -#ifdef _WIN32 - printf("Ran/parsed the coff\n"); - outdata = BeaconGetOutputData(&outdataSize); - if (outdata != NULL) - { - - printf("Outdata Below:\n\n%s\n", outdata); - } -#endif - } - else - { - printf("Failed to run/parse the COFF file\n"); - } - if (coff_data) - { - free(coff_data); - } - return 0; -} - -#endif diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.h b/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.h deleted file mode 100644 index 3deb8240..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/COFFLoader.h +++ /dev/null @@ -1,135 +0,0 @@ -#ifndef COFFLOADER_H_ -#define COFFLOADER_H_ -#include -#include -#include - -/* These seem to be the same sizes across architectures, relocations are different though. Defined both sets of types. */ - -/* sizeof 20 */ -typedef struct coff_file_header -{ - uint16_t Machine; - uint16_t NumberOfSections; - uint32_t TimeDateStamp; - uint32_t PointerToSymbolTable; - uint32_t NumberOfSymbols; - uint16_t SizeOfOptionalHeader; - uint16_t Characteristics; -} coff_file_header_t; - -/* AMD64 should always be here */ -#define MACHINETYPE_AMD64 0x8664 - -#pragma pack(push, 1) - -/* Size of 40 */ -typedef struct coff_sect -{ - char Name[8]; - uint32_t VirtualSize; - uint32_t VirtualAddress; - uint32_t SizeOfRawData; - uint32_t PointerToRawData; - uint32_t PointerToRelocations; - uint32_t PointerToLineNumbers; - uint16_t NumberOfRelocations; - uint16_t NumberOfLinenumbers; - uint32_t Characteristics; -} coff_sect_t; - -typedef struct coff_reloc -{ - uint32_t VirtualAddress; - uint32_t SymbolTableIndex; - uint16_t Type; -} coff_reloc_t; - -typedef struct coff_sym -{ - union - { - char Name[8]; - uint32_t value[2]; - } first; - uint32_t Value; - uint16_t SectionNumber; - uint16_t Type; - uint8_t StorageClass; - uint8_t NumberOfAuxSymbols; - -} coff_sym_t; - -uint32_t ProtectionFlags[8] = { - PAGE_NOACCESS, // not writeable, not readable, not executable - PAGE_EXECUTE, // not writeable, not readable, executable - PAGE_READONLY, // not writeable, readable, not executable - PAGE_EXECUTE_READ, // not writeable, readable, executable - PAGE_WRITECOPY, // writeable, not readable, not executable - PAGE_EXECUTE_WRITECOPY, // writeable, not readable, executable - PAGE_READWRITE, // writeable, readable, not executable - PAGE_EXECUTE_READWRITE, // writeable, readable, executable -}; - -#pragma pack(pop) -/* AMD64 Specific types */ -#define IMAGE_REL_AMD64_ABSOLUTE 0x0000 -#define IMAGE_REL_AMD64_ADDR64 0x0001 -#define IMAGE_REL_AMD64_ADDR32 0x0002 -#define IMAGE_REL_AMD64_ADDR32NB 0x0003 -/* Most common from the looks of it, just 32-bit relative address from the byte following the relocation */ -#define IMAGE_REL_AMD64_REL32 0x0004 -/* Second most common, 32-bit address without an image base. Not sure what that means... */ -#define IMAGE_REL_AMD64_REL32_1 0x0005 -#define IMAGE_REL_AMD64_REL32_2 0x0006 -#define IMAGE_REL_AMD64_REL32_3 0x0007 -#define IMAGE_REL_AMD64_REL32_4 0x0008 -#define IMAGE_REL_AMD64_REL32_5 0x0009 -#define IMAGE_REL_AMD64_SECTION 0x000A -#define IMAGE_REL_AMD64_SECREL 0x000B -#define IMAGE_REL_AMD64_SECREL7 0x000C -#define IMAGE_REL_AMD64_TOKEN 0x000D -#define IMAGE_REL_AMD64_SREL32 0x000E -#define IMAGE_REL_AMD64_PAIR 0x000F -#define IMAGE_REL_AMD64_SSPAN32 0x0010 - -/*i386 Relocation types */ - -#define IMAGE_REL_I386_ABSOLUTE 0x0000 -#define IMAGE_REL_I386_DIR16 0x0001 -#define IMAGE_REL_I386_REL16 0x0002 -#define IMAGE_REL_I386_DIR32 0x0006 -#define IMAGE_REL_I386_DIR32NB 0x0007 -#define IMAGE_REL_I386_SEG12 0x0009 -#define IMAGE_REL_I386_SECTION 0x000A -#define IMAGE_REL_I386_SECREL 0x000B -#define IMAGE_REL_I386_TOKEN 0x000C -#define IMAGE_REL_I386_SECREL7 0x000D -#define IMAGE_REL_I386_REL32 0x0014 - -/* Section Characteristic Flags */ - -#define IMAGE_SCN_MEM_WRITE 0x80000000 -#define IMAGE_SCN_MEM_READ 0x40000000 -#define IMAGE_SCN_MEM_EXECUTE 0x20000000 -#define IMAGE_SCN_ALIGN_16BYTES 0x00500000 -#define IMAGE_SCN_MEM_NOT_CACHED 0x04000000 -#define IMAGE_SCN_MEM_NOT_PAGED 0x08000000 -#define IMAGE_SCN_MEM_SHARED 0x10000000 -#define IMAGE_SCN_CNT_CODE 0x00000020 -#define IMAGE_SCN_CNT_UNINITIALIZED_DATA 0x00000080 -#define IMAGE_SCN_MEM_DISCARDABLE 0x02000000 - -unsigned char *unhexlify(unsigned char *value, int *outlen); -typedef int (*goCallback)(char *, int); -#ifdef BUILD_DLL -/* DLL export */ -#define EXPORT __declspec(dllexport) -EXPORT int __cdecl LoadAndRun(char *argsBuffer, uint32_t bufferSize, goCallback callback); -#else -/* EXE import */ -#define EXPORT __declspec(dllimport) -#endif - -int RunCOFF(char *functionname, unsigned char *coff_data, uint32_t filesize, unsigned char *argumentdata, int argumentSize, goCallback data); -#endif diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/LICENSE.txt b/c/meterpreter/source/extensions/bofloader/COFFLoader/LICENSE.txt deleted file mode 100644 index be683b36..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/LICENSE.txt +++ /dev/null @@ -1,25 +0,0 @@ -Copyright 2020, COFFLoader by TrustedSec, LLC -All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: - - * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the distribution. - * Neither the name of TrustedSec, LLC nor the names of its contributors may be used to endorse or promote products derived from - this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -The above licensing was taken from the BSD licensing and is applied to COFFLoader as well. - -Note that the COFFLoader is provided as is, and is a royalty free open-source application. - -Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit -is due (which means giving the authors the credit they deserve for writing it). - diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/Makefile b/c/meterpreter/source/extensions/bofloader/COFFLoader/Makefile deleted file mode 100644 index 0f78d06e..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/Makefile +++ /dev/null @@ -1,36 +0,0 @@ - -all: bof bof32 -all-dll: dll dll32 -debug: debug32 debug64 - -dll: - x86_64-w64-mingw32-gcc -shared -Wall -DBUILD_DLL dll.c beacon_compatibility.c COFFLoader.c -o COFFLoader.x64.dll - x86_64-w64-mingw32-gcc -c test.c -o test64.out - -dll32: - i686-w64-mingw32-gcc -shared -Wall -DBUILD_DLL dll.c beacon_compatibility.c COFFLoader.c -o COFFLoader.x86.dll - i686-w64-mingw32-gcc -c test.c -o test32.out - -bof: - x86_64-w64-mingw32-gcc -Wall -DCOFF_STANDALONE beacon_compatibility.c COFFLoader.c -o COFFLoader64.exe - x86_64-w64-mingw32-gcc -c test.c -o test64.out - -bof32: - i686-w64-mingw32-gcc -Wall -DCOFF_STANDALONE beacon_compatibility.c COFFLoader.c -o COFFLoader32.exe - i686-w64-mingw32-gcc -c test.c -o test32.out - -debug64: - x86_64-w64-mingw32-gcc -DCOFF_STANDALONE -DDEBUG beacon_compatibility.c COFFLoader.c -o COFFLoader64.exe - x86_64-w64-mingw32-gcc -c test.c -o test64.out - -debug32: - i686-w64-mingw32-gcc -DCOFF_STANDALONE -DDEBUG beacon_compatibility.c COFFLoader.c -o COFFLoader32.exe - i686-w64-mingw32-gcc -c test.c -o test32.out - -nix: - gcc -DCOFF_STANDALONE -Wall -DDEBUG beacon_compatibility.c COFFLoader.c -o COFFLoader.out - -clean: - rm -f COFFLoader64.exe COFFLoader32.exe COFFLoader.out - rm -f test32.out test64.out - rm -f *.dll diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/README.md b/c/meterpreter/source/extensions/bofloader/COFFLoader/README.md deleted file mode 100644 index 49c34eaa..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/README.md +++ /dev/null @@ -1,47 +0,0 @@ -# COFF Loader - -This is a quick and dirty COFF loader (AKA Beacon Object Files). Currently can run un-modified BOF's so it can be used for testing without a CS agent running it. The only exception is that the injection related beacon compatibility functions are just empty. - -The main goal is to provide a working example and maybe be useful to someone. - - -## Parts -There are a few parts to it they are listed below. - -- beacon_compatibility: This is the beacon internal functions so that you can load BOF files and run them. -- COFFLoader: This is the actual coff loader, and when built for nix just loads the 64 bit object file and parses it. -- test: This is the example "COFF" file, will build to the COFF file for you when make is called. -- beacon_generate: This is a helper script to build strings/arguments compatible with the beacon_compatibility functions. - - -## Beacon Generate -This is used to generate arguments for the COFFLoader code, if the BOF takes arguments simply add the arguments with the type expected with this and generate the hex string for use. - -Example usage here: -``` -COFFLoader % python3 beacon_generate.py -Beacon Argument Generator -Beacon>help - -Documented commands (type help ): -======================================== -addString addWString addint addshort exit generate help reset - -Beacon>addWString test -Beacon>addint 4 -Beacon>generate -b'120000000a0000007400650073007400000004000000' -Beacon>reset -Beacon>addint 5 -Beacon>generate -b'0400000005000000' -Beacon>exit -``` - -## Running -An example of how to run a BOF is below. - -``` -COFFLoader64.exe go test64.out -COFFLoader64.exe go ..\CS-Situational-Awareness-BOF\SA\whoami\whoami.x64.o -``` diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon.h b/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon.h deleted file mode 100644 index 36131597..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon.h +++ /dev/null @@ -1,61 +0,0 @@ -/* - * Beacon Object Files (BOF) - * ------------------------- - * A Beacon Object File is a light-weight post exploitation tool that runs - * with Beacon's inline-execute command. - * - * Cobalt Strike 4.1. - */ - -/* data API */ -typedef struct { - char * original; /* the original buffer [so we can free it] */ - char * buffer; /* current pointer into our buffer */ - int length; /* remaining length of data */ - int size; /* total size of this buffer */ -} datap; - -DECLSPEC_IMPORT void BeaconDataParse(datap * parser, char * buffer, int size); -DECLSPEC_IMPORT int BeaconDataInt(datap * parser); -DECLSPEC_IMPORT short BeaconDataShort(datap * parser); -DECLSPEC_IMPORT int BeaconDataLength(datap * parser); -DECLSPEC_IMPORT char * BeaconDataExtract(datap * parser, int * size); - -/* format API */ -typedef struct { - char * original; /* the original buffer [so we can free it] */ - char * buffer; /* current pointer into our buffer */ - int length; /* remaining length of data */ - int size; /* total size of this buffer */ -} formatp; - -DECLSPEC_IMPORT void BeaconFormatAlloc(formatp * format, int maxsz); -DECLSPEC_IMPORT void BeaconFormatReset(formatp * format); -DECLSPEC_IMPORT void BeaconFormatFree(formatp * format); -DECLSPEC_IMPORT void BeaconFormatAppend(formatp * format, char * text, int len); -DECLSPEC_IMPORT void BeaconFormatPrintf(formatp * format, char * fmt, ...); -DECLSPEC_IMPORT char * BeaconFormatToString(formatp * format, int * size); -DECLSPEC_IMPORT void BeaconFormatInt(formatp * format, int value); - -/* Output Functions */ -#define CALLBACK_OUTPUT 0x0 -#define CALLBACK_OUTPUT_OEM 0x1e -#define CALLBACK_ERROR 0x0d -#define CALLBACK_OUTPUT_UTF8 0x20 - -DECLSPEC_IMPORT void BeaconPrintf(int type, char * fmt, ...); -DECLSPEC_IMPORT void BeaconOutput(int type, char * data, int len); - -/* Token Functions */ -DECLSPEC_IMPORT BOOL BeaconUseToken(HANDLE token); -DECLSPEC_IMPORT void BeaconRevertToken(); -DECLSPEC_IMPORT BOOL BeaconIsAdmin(); - -/* Spawn+Inject Functions */ -DECLSPEC_IMPORT void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); -DECLSPEC_IMPORT void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); -DECLSPEC_IMPORT void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); -DECLSPEC_IMPORT void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); - -/* Utility Functions */ -DECLSPEC_IMPORT BOOL toWideChar(char * src, wchar_t * dst, int max); diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.c b/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.c deleted file mode 100644 index 728d8044..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.c +++ /dev/null @@ -1,355 +0,0 @@ -/* - * Cobalt Strike 4.X BOF compatibility layer - * ----------------------------------------- - * The whole point of these files are to allow beacon object files built for CS - * to run fine inside of other tools without recompiling. - * - * Built off of the beacon.h file provided to build for CS. - */ -#include -#include -#include -#include -#ifdef _WIN32 -#include - -#include "beacon_compatibility.h" - -#define DEFAULTPROCESSNAME "rundll32.exe" -#ifdef _WIN64 -#define X86PATH "SysWOW64" -#define X64PATH "System32" -#else -#define X86PATH "System32" -#define X64PATH "sysnative" -#endif - - - /* Data Parsing */ -unsigned char* InternalFunctions[29][2] = { - {(unsigned char*)"BeaconDataParse", (unsigned char*)BeaconDataParse}, - {(unsigned char*)"BeaconDataInt", (unsigned char*)BeaconDataInt}, - {(unsigned char*)"BeaconDataShort", (unsigned char*)BeaconDataShort}, - {(unsigned char*)"BeaconDataLength", (unsigned char*)BeaconDataLength}, - {(unsigned char*)"BeaconDataExtract", (unsigned char*)BeaconDataExtract}, - {(unsigned char*)"BeaconFormatAlloc", (unsigned char*)BeaconFormatAlloc}, - {(unsigned char*)"BeaconFormatReset", (unsigned char*)BeaconFormatReset}, - {(unsigned char*)"BeaconFormatFree", (unsigned char*)BeaconFormatFree}, - {(unsigned char*)"BeaconFormatAppend", (unsigned char*)BeaconFormatAppend}, - {(unsigned char*)"BeaconFormatPrintf", (unsigned char*)BeaconFormatPrintf}, - {(unsigned char*)"BeaconFormatToString", (unsigned char*)BeaconFormatToString}, - {(unsigned char*)"BeaconFormatInt", (unsigned char*)BeaconFormatInt}, - {(unsigned char*)"BeaconPrintf", (unsigned char*)BeaconPrintf}, - {(unsigned char*)"BeaconOutput", (unsigned char*)BeaconOutput}, - {(unsigned char*)"BeaconUseToken", (unsigned char*)BeaconUseToken}, - {(unsigned char*)"BeaconRevertToken", (unsigned char*)BeaconRevertToken}, - {(unsigned char*)"BeaconIsAdmin", (unsigned char*)BeaconIsAdmin}, - {(unsigned char*)"BeaconGetSpawnTo", (unsigned char*)BeaconGetSpawnTo}, - {(unsigned char*)"BeaconSpawnTemporaryProcess", (unsigned char*)BeaconSpawnTemporaryProcess}, - {(unsigned char*)"BeaconInjectProcess", (unsigned char*)BeaconInjectProcess}, - {(unsigned char*)"BeaconInjectTemporaryProcess", (unsigned char*)BeaconInjectTemporaryProcess}, - {(unsigned char*)"BeaconCleanupProcess", (unsigned char*)BeaconCleanupProcess}, - {(unsigned char*)"toWideChar", (unsigned char*)toWideChar}, - {(unsigned char*)"LoadLibraryA", (unsigned char*)LoadLibraryA}, - {(unsigned char*)"GetProcAddress", (unsigned char*)GetProcAddress}, - {(unsigned char*)"GetModuleHandleA", (unsigned char*)GetModuleHandleA}, - {(unsigned char*)"FreeLibrary", (unsigned char*)FreeLibrary} -}; - -uint32_t swap_endianess(uint32_t indata) { - uint32_t testint = 0xaabbccdd; - uint32_t outint = indata; - if (((unsigned char*)&testint)[0] == 0xdd) { - ((unsigned char*)&outint)[0] = ((unsigned char*)&indata)[3]; - ((unsigned char*)&outint)[1] = ((unsigned char*)&indata)[2]; - ((unsigned char*)&outint)[2] = ((unsigned char*)&indata)[1]; - ((unsigned char*)&outint)[3] = ((unsigned char*)&indata)[0]; - } - return outint; -} - -char* beacon_compatibility_output = NULL; -int beacon_compatibility_size = 0; -int beacon_compatibility_offset = 0; - -void BeaconDataParse(datap* parser, char* buffer, int size) { - if (parser == NULL) { - return; - } - parser->original = buffer; - parser->buffer = buffer; - parser->length = size - 4; - parser->size = size - 4; - parser->buffer += 4; - return; -} - -int BeaconDataInt(datap* parser) { - int32_t fourbyteint = 0; - if (parser->length < 4) { - return 0; - } - memcpy(&fourbyteint, parser->buffer, 4); - parser->buffer += 4; - parser->length -= 4; - return (int)fourbyteint; -} - -short BeaconDataShort(datap* parser) { - int16_t retvalue = 0; - if (parser->length < 2) { - return 0; - } - memcpy(&retvalue, parser->buffer, 2); - parser->buffer += 2; - parser->length -= 2; - return (short)retvalue; -} - -int BeaconDataLength(datap* parser) { - return parser->length; -} - -char* BeaconDataExtract(datap* parser, int* size) { - uint32_t length = 0; - char* outdata = NULL; - /*Length prefixed binary blob, going to assume uint32_t for this.*/ - if (parser->length < 4) { - return NULL; - } - memcpy(&length, parser->buffer, 4); - parser->buffer += 4; - - outdata = parser->buffer; - if (outdata == NULL) { - return NULL; - } - parser->length -= 4; - parser->length -= length; - parser->buffer += length; - if (size != NULL && outdata != NULL) { - *size = length; - } - return outdata; -} - -/* format API */ - -void BeaconFormatAlloc(formatp* format, int maxsz) { - if (format == NULL) { - return; - } - format->original = calloc(maxsz, 1); - format->buffer = format->original; - format->length = 0; - format->size = maxsz; - return; -} - -void BeaconFormatReset(formatp* format) { - memset(format->original, 0, format->size); - format->buffer = format->original; - format->length = format->size; - return; -} - -void BeaconFormatFree(formatp* format) { - if (format == NULL) { - return; - } - if (format->original) { - free(format->original); - format->original = NULL; - } - format->buffer = NULL; - format->length = 0; - format->size = 0; - return; -} - -void BeaconFormatAppend(formatp* format, char* text, int len) { - memcpy(format->buffer, text, len); - format->buffer += len; - format->length += len; - return; -} - -void BeaconFormatPrintf(formatp* format, char* fmt, ...) { - /*Take format string, and sprintf it into here*/ - va_list args; - int length = 0; - - va_start(args, fmt); - length = vsnprintf(NULL, 0, fmt, args); - va_end(args); - if (format->length + length > format->size) { - return; - } - - va_start(args, fmt); - (void)vsnprintf(format->buffer, length, fmt, args); - va_end(args); - format->length += length; - format->buffer += length; - return; -} - - -char* BeaconFormatToString(formatp* format, int* size) { - *size = format->length; - return format->original; -} - -void BeaconFormatInt(formatp* format, int value) { - uint32_t indata = value; - uint32_t outdata = 0; - if (format->length + 4 > format->size) { - return; - } - outdata = swap_endianess(indata); - memcpy(format->buffer, &outdata, 4); - format->length += 4; - format->buffer += 4; - return; -} - -/* Main output functions */ - -void BeaconPrintf(int type, char* fmt, ...) { - /* Change to maintain internal buffer, and return after done running. */ - int length = 0; - char* tempptr = NULL; - va_list args; - va_start(args, fmt); - vprintf(fmt, args); - va_end(args); - - va_start(args, fmt); - length = vsnprintf(NULL, 0, fmt, args); - va_end(args); - tempptr = realloc(beacon_compatibility_output, beacon_compatibility_size + length + 1); - if (tempptr == NULL) { - return; - } - beacon_compatibility_output = tempptr; - memset(beacon_compatibility_output + beacon_compatibility_offset, 0, length + 1); - va_start(args, fmt); - length = vsnprintf(beacon_compatibility_output + beacon_compatibility_offset, length +1, fmt, args); - beacon_compatibility_size += length; - beacon_compatibility_offset += length; - va_end(args); - return; -} - -void BeaconOutput(int type, char* data, int len) { - char* tempptr = NULL; - tempptr = realloc(beacon_compatibility_output, beacon_compatibility_size + len + 1); - beacon_compatibility_output = tempptr; - if (tempptr == NULL) { - return; - } - memset(beacon_compatibility_output + beacon_compatibility_offset, 0, len + 1); - memcpy(beacon_compatibility_output + beacon_compatibility_offset, data, len); - beacon_compatibility_size += len; - beacon_compatibility_offset += len; - return; -} - -/* Token Functions */ - -BOOL BeaconUseToken(HANDLE token) { - /* Probably needs to handle DuplicateTokenEx too */ - SetThreadToken(NULL, token); - return TRUE; -} - -void BeaconRevertToken(void) { - if (!RevertToSelf()) { -#ifdef DEBUG - printf("RevertToSelf Failed!\n"); -#endif - } - return; -} - -BOOL BeaconIsAdmin(void) { - /* Leaving this to be implemented by people needing it */ -#ifdef DEBUG - printf("BeaconIsAdmin Called\n"); -#endif - return FALSE; -} - -/* Injection/spawning related stuffs - * - * These functions are basic place holders, and if implemented into something - * real should be just calling internal functions for your tools. */ -void BeaconGetSpawnTo(BOOL x86, char* buffer, int length) { - char* tempBufferPath = NULL; - if (buffer == NULL) { - return; - } - if (x86) { - tempBufferPath = "C:\\Windows\\"X86PATH"\\"DEFAULTPROCESSNAME; - #pragma warning(push) - #pragma warning(disable:4018) - if (strlen(tempBufferPath) > length) { - return; - } - memcpy(buffer, tempBufferPath, strlen(tempBufferPath)); - } - else { - tempBufferPath = "C:\\Windows\\"X64PATH"\\"DEFAULTPROCESSNAME; - if (strlen(tempBufferPath) > length) { - return; - } - memcpy(buffer, tempBufferPath, strlen(tempBufferPath)); - - } - #pragma warning(pop) - - return; -} - -BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * sInfo, PROCESS_INFORMATION * pInfo) { - BOOL bSuccess = FALSE; - if (x86) { - bSuccess = CreateProcessA(NULL, (char*)"C:\\Windows\\"X86PATH"\\"DEFAULTPROCESSNAME, NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, sInfo, pInfo); - } - else { - bSuccess = CreateProcessA(NULL, (char*)"C:\\Windows\\"X64PATH"\\"DEFAULTPROCESSNAME, NULL, NULL, TRUE, CREATE_NO_WINDOW, NULL, NULL, sInfo, pInfo); - } - return bSuccess; -} - -void BeaconInjectProcess(HANDLE hProc, int pid, char* payload, int p_len, int p_offset, char * arg, int a_len) { - /* Leaving this to be implemented by people needing/wanting it */ - return; -} - -void BeaconInjectTemporaryProcess(PROCESS_INFORMATION* pInfo, char* payload, int p_len, int p_offset, char* arg, int a_len) { - /* Leaving this to be implemented by people needing/wanting it */ - return; -} - -void BeaconCleanupProcess(PROCESS_INFORMATION* pInfo) { - (void)CloseHandle(pInfo->hThread); - (void)CloseHandle(pInfo->hProcess); - return; -} - -BOOL toWideChar(char* src, wchar_t* dst, int max) { - /* Leaving this to be implemented by people needing/wanting it */ - return FALSE; -} - -char* BeaconGetOutputData(int *outsize) { - char* outdata = beacon_compatibility_output; - *outsize = beacon_compatibility_size; - beacon_compatibility_output = NULL; - beacon_compatibility_size = 0; - beacon_compatibility_offset = 0; - return outdata; -} - -#endif diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.h b/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.h deleted file mode 100644 index e1681273..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_compatibility.h +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Cobalt Strike 4.X BOF compatibility layer - * ----------------------------------------- - * The whole point of these files are to allow beacon object files built for CS - * to run fine inside of other tools without recompiling. - * - * Built off of the beacon.h file provided to build for CS. - */ -#ifndef BEACON_COMPATIBILITY_H_ - /* Structures as is in beacon.h */ -extern unsigned char* InternalFunctions[29][2]; -typedef struct { - char * original; /* the original buffer [so we can free it] */ - char * buffer; /* current pointer into our buffer */ - int length; /* remaining length of data */ - int size; /* total size of this buffer */ -} datap; - -typedef struct { - char * original; /* the original buffer [so we can free it] */ - char * buffer; /* current pointer into our buffer */ - int length; /* remaining length of data */ - int size; /* total size of this buffer */ -} formatp; - -void BeaconDataParse(datap * parser, char * buffer, int size); -int BeaconDataInt(datap * parser); -short BeaconDataShort(datap * parser); -int BeaconDataLength(datap * parser); -char * BeaconDataExtract(datap * parser, int * size); - -void BeaconFormatAlloc(formatp * format, int maxsz); -void BeaconFormatReset(formatp * format); -void BeaconFormatFree(formatp * format); -void BeaconFormatAppend(formatp * format, char * text, int len); -void BeaconFormatPrintf(formatp * format, char * fmt, ...); -char * BeaconFormatToString(formatp * format, int * size); -void BeaconFormatInt(formatp * format, int value); - -#define CALLBACK_OUTPUT 0x0 -#define CALLBACK_OUTPUT_OEM 0x1e -#define CALLBACK_ERROR 0x0d -#define CALLBACK_OUTPUT_UTF8 0x20 - - -void BeaconPrintf(int type, char * fmt, ...); -void BeaconOutput(int type, char * data, int len); - -/* Token Functions */ -BOOL BeaconUseToken(HANDLE token); -void BeaconRevertToken(); -BOOL BeaconIsAdmin(); - -/* Spawn+Inject Functions */ -void BeaconGetSpawnTo(BOOL x86, char * buffer, int length); -BOOL BeaconSpawnTemporaryProcess(BOOL x86, BOOL ignoreToken, STARTUPINFO * sInfo, PROCESS_INFORMATION * pInfo); -void BeaconInjectProcess(HANDLE hProc, int pid, char * payload, int p_len, int p_offset, char * arg, int a_len); -void BeaconInjectTemporaryProcess(PROCESS_INFORMATION * pInfo, char * payload, int p_len, int p_offset, char * arg, int a_len); -void BeaconCleanupProcess(PROCESS_INFORMATION * pInfo); - -/* Utility Functions */ -BOOL toWideChar(char * src, wchar_t * dst, int max); -uint32_t swap_endianess(uint32_t indata); - -char* BeaconGetOutputData(int *outsize); -#endif diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_generate.py b/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_generate.py deleted file mode 100644 index cb658935..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/beacon_generate.py +++ /dev/null @@ -1,96 +0,0 @@ -from struct import pack, calcsize -import binascii -import cmd - -class BeaconPack: - def __init__(self): - self.buffer = b'' - self.size = 0 - - def getbuffer(self): - return pack(" -#include - -//extern "C" BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD Reason, LPVOID LPV) { -//This one was only necessary if you were using a C++ compiler - -BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) -{ - - switch (fdwReason) - { - case DLL_PROCESS_ATTACH: - // Code to run when the DLL is loaded - break; - - case DLL_PROCESS_DETACH: - // Code to run when the DLL is freed - break; - - case DLL_THREAD_ATTACH: - // Code to run when a thread is created during the DLL's lifetime - break; - - case DLL_THREAD_DETACH: - // Code to run when a thread ends normally. - break; - } - - return TRUE; -} \ No newline at end of file diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/extension.json b/c/meterpreter/source/extensions/bofloader/COFFLoader/extension.json deleted file mode 100644 index 78c9f8fd..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/extension.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "name": "COFF Loader", - "command_name": "coff-loader", - "version": "0.0.0", - "extension_author": "lesnuages", - "original_author": "TrustedSec", - "repo_url": "https://github.com/sliverarmory/COFFLoader", - "help": "Load and execute Beacon Object Files (BOFs) in memory.", - "entrypoint": "LoadAndRun", - "files": [ - { - "os": "windows", - "arch": "386", - "path": "COFFLoader.x86.dll" - }, - { - "os": "windows", - "arch": "amd64", - "path": "COFFLoader.x64.dll" - } - ] -} \ No newline at end of file diff --git a/c/meterpreter/source/extensions/bofloader/COFFLoader/test.c b/c/meterpreter/source/extensions/bofloader/COFFLoader/test.c deleted file mode 100644 index 8547d315..00000000 --- a/c/meterpreter/source/extensions/bofloader/COFFLoader/test.c +++ /dev/null @@ -1,44 +0,0 @@ -#include -#include -#include -#include -#include "beacon.h" - -DECLSPEC_IMPORT DWORD WINAPI NETAPI32$DsGetDcNameA(LPVOID, LPVOID, LPVOID, LPVOID, ULONG, LPVOID); -DECLSPEC_IMPORT DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID); -WINBASEAPI int __cdecl MSVCRT$printf(const char * __restrict__ _Format,...); - -char* TestGlobalString = "This is a global string"; -/* Can't do stuff like "int testvalue;" in a coff file, because it assumes that - * the symbol is like any function, so you would need to allocate a section of bss - * (without knowing the size of it), and then resolve the symbol to that. So safer - * to just not support that */ -int testvalue = 0; - -int test(void){ - MSVCRT$printf("Test String from test\n"); - testvalue = 1; - return 0; -} - -int test2(void){ - MSVCRT$printf("Test String from test2\n"); - return 0; -} - - -void go(char * args, unsigned long alen) { - DWORD dwRet; - PDOMAIN_CONTROLLER_INFO pdcInfo; - BeaconPrintf(1, "This GlobalString \"%s\"\n", TestGlobalString); - MSVCRT$printf("Test Value: %d\n", testvalue); - (void)test(); - MSVCRT$printf("Test ValueBack: %d\n", testvalue); - (void)test2(); - dwRet = NETAPI32$DsGetDcNameA(NULL, NULL, NULL, NULL, 0, &pdcInfo); - if (ERROR_SUCCESS == dwRet) { - MSVCRT$printf("%s", pdcInfo->DomainName); - } - - NETAPI32$NetApiBufferFree(pdcInfo); -} diff --git a/c/meterpreter/source/extensions/bofloader/main.c b/c/meterpreter/source/extensions/bofloader/main.c index 410a4210..55bc23bf 100644 --- a/c/meterpreter/source/extensions/bofloader/main.c +++ b/c/meterpreter/source/extensions/bofloader/main.c @@ -7,6 +7,8 @@ #include "common_metapi.h" #include #include "main.h" +#include "beacon_compatibility.h" +#include "COFFLoader.h" // Required so that use of the API works. MetApi* met_api = NULL; @@ -14,8 +16,7 @@ MetApi* met_api = NULL; #include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c" -typedef int (*goCallback)(char *, int); -extern int LoadAndRun(char *argsBuffer, uint32_t bufferSize, goCallback callback); +extern int LoadAndRun(char *argsBuffer, uint32_t bufferSize); extern char * BeaconGetOutputData(int *outsize); DWORD request_exec_cmd(Remote *remote, Packet *packet); @@ -27,13 +28,46 @@ Command customCommands[] = COMMAND_TERMINATOR }; +static int LoadAndRun(char* argsBuffer, uint32_t bufferSize) +{ +#if defined(_WIN32) + // argsBuffer: functionname |coff_data | args_data + datap parser; + char* functionName; + unsigned char* coff_data = NULL; + unsigned char* arguments_data = NULL; + int filesize = 0; + int arguments_size = 0; + + BeaconDataParse(&parser, argsBuffer, bufferSize); + functionName = BeaconDataExtract(&parser, NULL); + if (functionName == NULL) + { + return 1; + } + coff_data = (unsigned char*)BeaconDataExtract(&parser, &filesize); + if (coff_data == NULL) + { + return 1; + } + arguments_data = (unsigned char*)BeaconDataExtract(&parser, &arguments_size); + if (arguments_data == NULL) + { + return 1; + } + + return RunCOFF(functionName, coff_data, filesize, arguments_data, arguments_size); +#else + return 0; +#endif +} + /*! * @brief Handler for the generic command execution function. * @param remote Pointer to the \c Remote instance. * @param packet Pointer to the incoming packet. * @returns \c ERROR_SUCCESS */ - DWORD request_exec_cmd(Remote *remote, Packet *packet) { DWORD result = ERROR_SUCCESS; @@ -43,7 +77,7 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet) char * output_data = NULL; char * args_buffer = NULL; - dprintf("[BOFLOADER] Inside request cmd\n"); + dprintf("[BOFLOADER] Inside request cmd"); if (NULL == response) { // Don't delete the response! @@ -52,19 +86,19 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet) buffer_size = packet->payloadLength; args_buffer = (char *) met_api->packet.get_tlv_value_raw(packet, TLV_TYPE_BOFLOADER_CMD_EXEC, &buffer_size); - dprintf("[BOFLOADER] got pkt contents\n"); + dprintf("[BOFLOADER] got pkt contents"); if (args_buffer != NULL) { - dprintf("[BOFLOADER] calling load and run\n"); - if (LoadAndRun(args_buffer, (uint32_t)buffer_size, NULL)) + dprintf("[BOFLOADER] calling LoadAndRun(%p, %u)", args_buffer, buffer_size); + if (LoadAndRun(args_buffer, (uint32_t)buffer_size)) { - dprintf("[BOFLOADER] load and run failed\n"); + dprintf("[BOFLOADER] load and run failed"); result = ERROR_BAD_COMMAND; } else { - dprintf("[BOFLOADER] getting out data\n"); + dprintf("[BOFLOADER] getting out data"); output_data = BeaconGetOutputData(&outdata_size); } @@ -95,9 +129,11 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet) DWORD InitServerExtension(MetApi* api, Remote* remote) { + dprintf("[BOFLOADER] Loading..."); met_api = api; SET_LOGGING_CONTEXT(api) met_api->command.register_all(customCommands); + dprintf("[BOFLOADER] Loaded."); return ERROR_SUCCESS; diff --git a/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj b/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj index 0427f0b1..7f8f6a82 100644 --- a/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj +++ b/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj @@ -1,476 +1,483 @@ - - - - - Debug - Win32 - - - Debug - x64 - - - r7_release - Win32 - - - r7_release - x64 - - - Release - Win32 - - - Release - x64 - - - - - - - - - - - - - - - {486B160F-C571-486D-AAC3-CB60CEA7CBDD} - ext_server_incognito - Win32Proj - ext_server_bofloader - - - - DynamicLibrary - MultiByte - false - v141_xp - - - DynamicLibrary - MultiByte - false - v141_xp - - - DynamicLibrary - MultiByte - false - v141_xp - - - DynamicLibrary - MultiByte - false - v141_xp - - - DynamicLibrary - MultiByte - false - v141_xp - - - DynamicLibrary - MultiByte - false - v141_xp - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - <_ProjectFileVersion>10.0.30319.1 - $(Configuration)\$(Platform)\ - $(Configuration)\$(Platform)\ - false - false - false - false - AllRules.ruleset - - - $(ProjectName).$(PlatformShortName) - - - - MaxSpeed - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - %(AdditionalLibraryDirectories) - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX86 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - + + + + + Debug + Win32 + + + Debug + x64 + + + r7_release + Win32 + + + r7_release + x64 + + + Release + Win32 + + + Release + x64 + + + + + + + + + + + 4018;4047;4244;4267;%(DisableSpecificWarnings) + 4018;4047;4244;4267;%(DisableSpecificWarnings) + 4018;4047;4244;4267;%(DisableSpecificWarnings) + 4018;4047;4244;4267;%(DisableSpecificWarnings) + 4018;4047;4244;4267;%(DisableSpecificWarnings) + 4018;4047;4244;4267;%(DisableSpecificWarnings) + + + + + + {486B160F-C571-486D-AAC3-CB60CEA7CBDD} + ext_server_incognito + Win32Proj + ext_server_bofloader + + + + DynamicLibrary + MultiByte + false + v141_xp + + + DynamicLibrary + MultiByte + false + v141_xp + + + DynamicLibrary + MultiByte + false + v141_xp + + + DynamicLibrary + MultiByte + false + v141_xp + + + DynamicLibrary + MultiByte + false + v141_xp + + + DynamicLibrary + MultiByte + false + v141_xp + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>10.0.30319.1 + $(Configuration)\$(Platform)\ + $(Configuration)\$(Platform)\ + false + false + false + false + AllRules.ruleset + + + $(ProjectName).$(PlatformShortName) + + + + MaxSpeed + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + %(AdditionalLibraryDirectories) + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX86 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" - - - - - MaxSpeed - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;DEBUGTRACE;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - %(AdditionalLibraryDirectories) - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX86 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" + + + + + MaxSpeed + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;DEBUGTRACE;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + %(AdditionalLibraryDirectories) + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX86 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)" - - - - - MaxSpeed - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - %(AdditionalLibraryDirectories) - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX86 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)" + + + + + MaxSpeed + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + %(AdditionalLibraryDirectories) + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX86 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" - - - - - X64 - - - MinSpace - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - - - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX64 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" + + + + + X64 + + + MinSpace + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + + + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX64 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" - - - - - X64 - - - MinSpace - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;DEBUGTRACE;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - - - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX64 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" + + + + + X64 + + + MinSpace + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;DEBUGTRACE;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + + + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX64 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)" - - - - - X64 - - - MinSpace - OnlyExplicitInline - false - Size - ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;%(AdditionalIncludeDirectories) - _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) - true - MultiThreaded - false - NotUsing - $(OutDir)\ - $(OutDir)\ - $(OutDir)\ - Level3 - ProgramDatabase - false - true - true - true - Async - - - %(AdditionalDependencies) - - - - - false - false - - - Windows - - - - - false - - - $(OutDir)\ext_server_incognito.lib - MachineX64 - false - - - $(ProjectDir)..\..\source\def\extension.def - /ignore:4070 %(AdditionalOptions) - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)" + + + + + X64 + + + MinSpace + OnlyExplicitInline + false + Size + ..\..\source\ReflectiveDLLInjection\common;..\..\source\common;..\..\source\extensions\bofloader\COFFLoader;%(AdditionalIncludeDirectories) + _CRT_SECURE_NO_WARNINGS;WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_INCOGNITO_EXPORTS;%(PreprocessorDefinitions) + true + MultiThreaded + false + NotUsing + $(OutDir)\ + $(OutDir)\ + $(OutDir)\ + Level3 + ProgramDatabase + false + true + true + true + Async + + + %(AdditionalDependencies) + + + + + false + false + + + Windows + + + + + false + + + $(OutDir)\ext_server_incognito.lib + MachineX64 + false + + + $(ProjectDir)..\..\source\def\extension.def + /ignore:4070 %(AdditionalOptions) + + + editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" -copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" - - - - - - - - - +copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\" + + + + + + + + + \ No newline at end of file diff --git a/c/meterpreter/workspace/meterpreter.sln b/c/meterpreter/workspace/meterpreter.sln index c7d76e87..453025ea 100644 --- a/c/meterpreter/workspace/meterpreter.sln +++ b/c/meterpreter/workspace/meterpreter.sln @@ -1,7 +1,7 @@  Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 16 -VisualStudioVersion = 16.0.30002.166 +# Visual Studio Version 17 +VisualStudioVersion = 17.0.32112.339 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_priv", "ext_server_priv\ext_server_priv.vcxproj", "{87C64204-C82F-415D-AF45-D0B33BDFE39A}" EndProject @@ -78,24 +78,16 @@ Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Win32 = Debug|Win32 Debug|x64 = Debug|x64 - MinSizeRel|Win32 = MinSizeRel|Win32 - MinSizeRel|x64 = MinSizeRel|x64 r7_release|Win32 = r7_release|Win32 r7_release|x64 = r7_release|x64 Release|Win32 = Release|Win32 Release|x64 = Release|x64 - RelWithDebInfo|Win32 = RelWithDebInfo|Win32 - RelWithDebInfo|x64 = RelWithDebInfo|x64 EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Debug|Win32.ActiveCfg = Debug|Win32 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Debug|Win32.Build.0 = Debug|Win32 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Debug|x64.ActiveCfg = Debug|x64 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Debug|x64.Build.0 = Debug|x64 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.MinSizeRel|Win32.Build.0 = Release|Win32 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.MinSizeRel|x64.ActiveCfg = Release|x64 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.MinSizeRel|x64.Build.0 = Release|x64 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.r7_release|Win32.ActiveCfg = r7_release|Win32 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.r7_release|Win32.Build.0 = r7_release|Win32 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -104,18 +96,10 @@ Global {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Release|Win32.Build.0 = Release|Win32 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Release|x64.ActiveCfg = Release|x64 {87C64204-C82F-415D-AF45-D0B33BDFE39A}.Release|x64.Build.0 = Release|x64 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {87C64204-C82F-415D-AF45-D0B33BDFE39A}.RelWithDebInfo|x64.Build.0 = Release|x64 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Debug|Win32.ActiveCfg = Debug|Win32 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Debug|Win32.Build.0 = Debug|Win32 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Debug|x64.ActiveCfg = Debug|x64 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Debug|x64.Build.0 = Debug|x64 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.MinSizeRel|Win32.Build.0 = Release|Win32 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.MinSizeRel|x64.ActiveCfg = Release|x64 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.MinSizeRel|x64.Build.0 = Release|x64 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.r7_release|Win32.ActiveCfg = r7_release|Win32 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.r7_release|Win32.Build.0 = r7_release|Win32 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -124,18 +108,10 @@ Global {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Release|Win32.Build.0 = Release|Win32 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Release|x64.ActiveCfg = Release|x64 {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.Release|x64.Build.0 = Release|x64 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {405245AB-0071-4CB9-BFBE-ED4E2A987EFF}.RelWithDebInfo|x64.Build.0 = Release|x64 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Debug|Win32.ActiveCfg = Debug|Win32 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Debug|Win32.Build.0 = Debug|Win32 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Debug|x64.ActiveCfg = Debug|x64 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Debug|x64.Build.0 = Debug|x64 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.MinSizeRel|Win32.Build.0 = Release|Win32 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.MinSizeRel|x64.ActiveCfg = Release|x64 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.MinSizeRel|x64.Build.0 = Release|x64 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.r7_release|Win32.ActiveCfg = r7_release|Win32 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.r7_release|Win32.Build.0 = r7_release|Win32 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -144,18 +120,10 @@ Global {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Release|Win32.Build.0 = Release|Win32 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Release|x64.ActiveCfg = Release|x64 {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.Release|x64.Build.0 = Release|x64 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {37E24F8F-1BD9-490B-8CD2-4768B89E5EAB}.RelWithDebInfo|x64.Build.0 = Release|x64 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Debug|Win32.ActiveCfg = Debug|Win32 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Debug|Win32.Build.0 = Debug|Win32 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Debug|x64.ActiveCfg = Debug|x64 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Debug|x64.Build.0 = Debug|x64 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.MinSizeRel|Win32.Build.0 = Release|Win32 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.MinSizeRel|x64.ActiveCfg = Release|x64 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.MinSizeRel|x64.Build.0 = Release|x64 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.r7_release|Win32.ActiveCfg = r7_release|Win32 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.r7_release|Win32.Build.0 = r7_release|Win32 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -164,18 +132,10 @@ Global {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Release|Win32.Build.0 = Release|Win32 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Release|x64.ActiveCfg = Release|x64 {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.Release|x64.Build.0 = Release|x64 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {C427F6B9-C287-4BDA-A5BB-401FC19E207C}.RelWithDebInfo|x64.Build.0 = Release|x64 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Debug|Win32.ActiveCfg = Debug|Win32 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Debug|Win32.Build.0 = Debug|Win32 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Debug|x64.ActiveCfg = Debug|x64 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Debug|x64.Build.0 = Debug|x64 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.MinSizeRel|Win32.Build.0 = Release|Win32 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.MinSizeRel|x64.ActiveCfg = Release|x64 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.MinSizeRel|x64.Build.0 = Release|x64 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.r7_release|Win32.ActiveCfg = r7_release|Win32 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.r7_release|Win32.Build.0 = r7_release|Win32 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -184,18 +144,10 @@ Global {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Release|Win32.Build.0 = Release|Win32 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Release|x64.ActiveCfg = Release|x64 {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.Release|x64.Build.0 = Release|x64 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {CF56DDCC-505F-4D5C-AC2E-9787C7EF1504}.RelWithDebInfo|x64.Build.0 = Release|x64 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Debug|Win32.ActiveCfg = Debug|Win32 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Debug|Win32.Build.0 = Debug|Win32 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Debug|x64.ActiveCfg = Debug|x64 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Debug|x64.Build.0 = Debug|x64 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.MinSizeRel|Win32.Build.0 = Release|Win32 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.MinSizeRel|x64.ActiveCfg = Release|x64 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.MinSizeRel|x64.Build.0 = Release|x64 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.r7_release|Win32.ActiveCfg = r7_release|Win32 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.r7_release|Win32.Build.0 = r7_release|Win32 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -204,18 +156,10 @@ Global {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Release|Win32.Build.0 = Release|Win32 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Release|x64.ActiveCfg = Release|x64 {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.Release|x64.Build.0 = Release|x64 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {662AFBB3-F64A-4AD1-8956-B9F1B846231C}.RelWithDebInfo|x64.Build.0 = Release|x64 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Debug|Win32.ActiveCfg = Debug|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Debug|Win32.Build.0 = Debug|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Debug|x64.ActiveCfg = Debug|x64 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Debug|x64.Build.0 = Debug|x64 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.MinSizeRel|Win32.Build.0 = Release|Win32 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.MinSizeRel|x64.ActiveCfg = Release|x64 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.MinSizeRel|x64.Build.0 = Release|x64 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.r7_release|Win32.ActiveCfg = r7_release|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.r7_release|Win32.Build.0 = r7_release|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -224,18 +168,10 @@ Global {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|Win32.Build.0 = Release|Win32 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|x64.ActiveCfg = Release|x64 {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.Release|x64.Build.0 = Release|x64 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {09DF8FBC-EDFB-44E6-ACE6-9C0F5A60AB1C}.RelWithDebInfo|x64.Build.0 = Release|x64 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Debug|Win32.ActiveCfg = Debug|Win32 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Debug|Win32.Build.0 = Debug|Win32 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Debug|x64.ActiveCfg = Debug|x64 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Debug|x64.Build.0 = Debug|x64 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.MinSizeRel|Win32.Build.0 = Release|Win32 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.MinSizeRel|x64.ActiveCfg = Release|x64 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.MinSizeRel|x64.Build.0 = Release|x64 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.r7_release|Win32.ActiveCfg = r7_release|Win32 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.r7_release|Win32.Build.0 = r7_release|Win32 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -244,34 +180,18 @@ Global {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Release|Win32.Build.0 = Release|Win32 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Release|x64.ActiveCfg = Release|x64 {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.Release|x64.Build.0 = Release|x64 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {2FCCCE33-77E9-43F3-928E-DBF6B9340A62}.RelWithDebInfo|x64.Build.0 = Release|x64 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.Debug|Win32.ActiveCfg = Debug|Win32 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.Debug|x64.ActiveCfg = Debug|x64 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.MinSizeRel|Win32.ActiveCfg = r7_release|Win32 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.MinSizeRel|Win32.Build.0 = r7_release|Win32 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.MinSizeRel|x64.ActiveCfg = r7_release|x64 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.MinSizeRel|x64.Build.0 = r7_release|x64 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.r7_release|Win32.ActiveCfg = r7_release|Win32 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.r7_release|Win32.Build.0 = r7_release|Win32 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.r7_release|x64.ActiveCfg = r7_release|x64 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.r7_release|x64.Build.0 = r7_release|x64 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.Release|Win32.ActiveCfg = r7_release|Win32 {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.Release|x64.ActiveCfg = r7_release|x64 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.RelWithDebInfo|Win32.ActiveCfg = r7_release|Win32 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.RelWithDebInfo|Win32.Build.0 = r7_release|Win32 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.RelWithDebInfo|x64.ActiveCfg = r7_release|x64 - {BF0C0D6E-9119-4518-A3BC-2CF99C0E27D9}.RelWithDebInfo|x64.Build.0 = r7_release|x64 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Debug|Win32.ActiveCfg = Debug|Win32 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Debug|Win32.Build.0 = Debug|Win32 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Debug|x64.ActiveCfg = Debug|x64 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Debug|x64.Build.0 = Debug|x64 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.MinSizeRel|Win32.Build.0 = Release|Win32 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.MinSizeRel|x64.ActiveCfg = Release|x64 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.MinSizeRel|x64.Build.0 = Release|x64 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.r7_release|Win32.ActiveCfg = r7_release|Win32 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.r7_release|Win32.Build.0 = r7_release|Win32 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -280,18 +200,10 @@ Global {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Release|Win32.Build.0 = Release|Win32 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Release|x64.ActiveCfg = Release|x64 {42E143CB-6086-4FF1-A4AE-D8545782DD31}.Release|x64.Build.0 = Release|x64 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {42E143CB-6086-4FF1-A4AE-D8545782DD31}.RelWithDebInfo|x64.Build.0 = Release|x64 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|Win32.ActiveCfg = Debug|Win32 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|Win32.Build.0 = Debug|Win32 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|x64.ActiveCfg = Debug|x64 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Debug|x64.Build.0 = Debug|x64 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.MinSizeRel|Win32.Build.0 = Release|Win32 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.MinSizeRel|x64.ActiveCfg = Release|x64 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.MinSizeRel|x64.Build.0 = Release|x64 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|Win32.ActiveCfg = r7_release|Win32 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|Win32.Build.0 = r7_release|Win32 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -300,18 +212,10 @@ Global {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|Win32.Build.0 = Release|Win32 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|x64.ActiveCfg = Release|x64 {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.Release|x64.Build.0 = Release|x64 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {FB776F5E-BF58-478F-94EE-5B69D84DB9ED}.RelWithDebInfo|x64.Build.0 = Release|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Debug|Win32.ActiveCfg = Debug|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Debug|Win32.Build.0 = Debug|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Debug|x64.ActiveCfg = Debug|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Debug|x64.Build.0 = Debug|x64 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.MinSizeRel|Win32.Build.0 = Release|Win32 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.MinSizeRel|x64.ActiveCfg = Release|x64 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.MinSizeRel|x64.Build.0 = Release|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.r7_release|Win32.ActiveCfg = r7_release|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.r7_release|Win32.Build.0 = r7_release|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -320,18 +224,10 @@ Global {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|Win32.Build.0 = Release|Win32 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.ActiveCfg = Release|x64 {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.Release|x64.Build.0 = Release|x64 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {1C307A8B-A88E-43EE-8E80-01E6EFE38697}.RelWithDebInfo|x64.Build.0 = Release|x64 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Debug|Win32.ActiveCfg = Debug|Win32 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Debug|Win32.Build.0 = Debug|Win32 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Debug|x64.ActiveCfg = Debug|x64 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Debug|x64.Build.0 = Debug|x64 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.MinSizeRel|Win32.Build.0 = Release|Win32 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.MinSizeRel|x64.ActiveCfg = Release|x64 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.MinSizeRel|x64.Build.0 = Release|x64 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.r7_release|Win32.ActiveCfg = r7_release|Win32 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.r7_release|Win32.Build.0 = r7_release|Win32 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -340,18 +236,10 @@ Global {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Release|Win32.Build.0 = Release|Win32 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Release|x64.ActiveCfg = Release|x64 {28D39E90-259B-4DCE-88A7-7D2B568809DC}.Release|x64.Build.0 = Release|x64 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {28D39E90-259B-4DCE-88A7-7D2B568809DC}.RelWithDebInfo|x64.Build.0 = Release|x64 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Debug|Win32.ActiveCfg = Debug|Win32 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Debug|Win32.Build.0 = Debug|Win32 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Debug|x64.ActiveCfg = Debug|x64 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Debug|x64.Build.0 = Debug|x64 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.MinSizeRel|Win32.Build.0 = Release|Win32 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.MinSizeRel|x64.ActiveCfg = Release|x64 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.MinSizeRel|x64.Build.0 = Release|x64 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.r7_release|Win32.ActiveCfg = r7_release|Win32 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.r7_release|Win32.Build.0 = r7_release|Win32 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -360,18 +248,10 @@ Global {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Release|Win32.Build.0 = Release|Win32 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Release|x64.ActiveCfg = Release|x64 {A29BE1E5-5122-4BD4-82CE-25418D29648E}.Release|x64.Build.0 = Release|x64 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {A29BE1E5-5122-4BD4-82CE-25418D29648E}.RelWithDebInfo|x64.Build.0 = Release|x64 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Debug|Win32.ActiveCfg = Debug|Win32 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Debug|Win32.Build.0 = Debug|Win32 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Debug|x64.ActiveCfg = Debug|x64 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Debug|x64.Build.0 = Debug|x64 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.MinSizeRel|Win32.Build.0 = Release|Win32 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.MinSizeRel|x64.ActiveCfg = Release|x64 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.MinSizeRel|x64.Build.0 = Release|x64 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.r7_release|Win32.ActiveCfg = r7_release|Win32 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.r7_release|Win32.Build.0 = r7_release|Win32 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -380,18 +260,10 @@ Global {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Release|Win32.Build.0 = Release|Win32 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Release|x64.ActiveCfg = Release|x64 {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.Release|x64.Build.0 = Release|x64 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {2A4FDCA0-A620-4E98-AF05-2B2F227F5166}.RelWithDebInfo|x64.Build.0 = Release|x64 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Debug|Win32.ActiveCfg = Debug|Win32 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Debug|Win32.Build.0 = Debug|Win32 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Debug|x64.ActiveCfg = Debug|x64 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Debug|x64.Build.0 = Debug|x64 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.MinSizeRel|Win32.Build.0 = Release|Win32 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.MinSizeRel|x64.ActiveCfg = Release|x64 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.MinSizeRel|x64.Build.0 = Release|x64 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.r7_release|Win32.ActiveCfg = r7_release|Win32 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.r7_release|Win32.Build.0 = r7_release|Win32 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -400,18 +272,10 @@ Global {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Release|Win32.Build.0 = Release|Win32 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Release|x64.ActiveCfg = Release|x64 {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.Release|x64.Build.0 = Release|x64 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {561E26D9-7E79-4EF4-8AA2-A770F81568A7}.RelWithDebInfo|x64.Build.0 = Release|x64 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Debug|Win32.ActiveCfg = Debug|Win32 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Debug|Win32.Build.0 = Debug|Win32 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Debug|x64.ActiveCfg = Debug|x64 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Debug|x64.Build.0 = Debug|x64 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.MinSizeRel|Win32.ActiveCfg = Release|Win32 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.MinSizeRel|Win32.Build.0 = Release|Win32 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.MinSizeRel|x64.ActiveCfg = Release|x64 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.MinSizeRel|x64.Build.0 = Release|x64 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.r7_release|Win32.ActiveCfg = Release|Win32 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.r7_release|Win32.Build.0 = Release|Win32 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.r7_release|x64.ActiveCfg = Release|x64 @@ -420,18 +284,10 @@ Global {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Release|Win32.Build.0 = Release|Win32 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Release|x64.ActiveCfg = Release|x64 {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.Release|x64.Build.0 = Release|x64 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {E61592E1-28F4-4AFC-9EE1-9BE833A061C1}.RelWithDebInfo|x64.Build.0 = Release|x64 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Debug|Win32.ActiveCfg = Debug|Win32 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Debug|Win32.Build.0 = Debug|Win32 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Debug|x64.ActiveCfg = Debug|x64 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Debug|x64.Build.0 = Debug|x64 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.MinSizeRel|Win32.ActiveCfg = Debug|Win32 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.MinSizeRel|Win32.Build.0 = Debug|Win32 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.MinSizeRel|x64.ActiveCfg = Debug|x64 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.MinSizeRel|x64.Build.0 = Debug|x64 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.r7_release|Win32.ActiveCfg = r7_release|Win32 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.r7_release|Win32.Build.0 = r7_release|Win32 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.r7_release|x64.ActiveCfg = r7_release|x64 @@ -440,10 +296,6 @@ Global {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Release|Win32.Build.0 = Release|Win32 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Release|x64.ActiveCfg = Release|x64 {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.Release|x64.Build.0 = Release|x64 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.RelWithDebInfo|Win32.ActiveCfg = Release|Win32 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.RelWithDebInfo|Win32.Build.0 = Release|Win32 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.RelWithDebInfo|x64.ActiveCfg = Release|x64 - {486B160F-C571-486D-AAC3-CB60CEA7CBDD}.RelWithDebInfo|x64.Build.0 = Release|x64 EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE