From f7b50df020abafad6cebf0ca0efeb36d71a0b4b0 Mon Sep 17 00:00:00 2001
From: OJ <oj@buffered.io>
Date: Fri, 17 Apr 2020 18:26:08 +1000
Subject: [PATCH] Update peinjectory to avoid delay loading

Also added the GetExtensionName function.
---
 .../source/extensions/peinjector/libpefile.c  |  7 ++--
 .../extensions/peinjector/libpeinfect.c       |  5 ++-
 .../source/extensions/peinjector/peinjector.c | 39 +++++++++++++------
 .../extensions/peinjector/peinjector_bridge.c | 19 ++++-----
 .../ext_server_peinjector.vcxproj             |  8 ++--
 5 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/c/meterpreter/source/extensions/peinjector/libpefile.c b/c/meterpreter/source/extensions/peinjector/libpefile.c
index 45e92d1e..9690fb0f 100755
--- a/c/meterpreter/source/extensions/peinjector/libpefile.c
+++ b/c/meterpreter/source/extensions/peinjector/libpefile.c
@@ -7,7 +7,8 @@
 #include <string.h>
 #include <stddef.h>
 #include "libpefile.h"
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
 
 /* Min/Max Macros */
 #define MIN(_a, _b) ((_a) < (_b) ? (_a) : (_b))
@@ -358,7 +359,7 @@ bool pefile_read_file(char *file, PEFILE_READ_OPTIONS *options, PEFILE *out) {
   FILE *fh;
 
   /* Open file */
-  wchar_t *file_w = utf8_to_wchar(file);
+  wchar_t *file_w = met_api->string.utf8_to_wchar(file);
   if (_wfopen_s(&fh, file_w, L"rb") == 0) {
 
     /* Get file size and allocate buffer */
@@ -539,7 +540,7 @@ bool pefile_write_file(PEFILE *in, PEFILE_WRITE_OPTIONS *options, char* file) {
 
   /* Open file */
   FILE *fh;
-  wchar_t *file_w = utf8_to_wchar(file);
+  wchar_t *file_w = met_api->string.utf8_to_wchar(file);
   if (_wfopen_s(&fh, file_w, L"wb") == 0) {
 
     /* Generate PE File memory */
diff --git a/c/meterpreter/source/extensions/peinjector/libpeinfect.c b/c/meterpreter/source/extensions/peinjector/libpeinfect.c
index 792e67a9..032e3062 100755
--- a/c/meterpreter/source/extensions/peinjector/libpeinfect.c
+++ b/c/meterpreter/source/extensions/peinjector/libpeinfect.c
@@ -7,7 +7,8 @@
 #include <stdlib.h>
 #include "libpeinfect.h"
 #include "libpeinfect_obfuscator.h"
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
 
  /* Min/Max Macros */
 #define MIN(_a, _b) ((_a) < (_b) ? (_a) : (_b))
@@ -757,7 +758,7 @@ bool peinfect_infect_full_file(char *infile, PEINFECT *in, char *outfile) {
 
 	/* Open file */
 	FILE *fh;
-	wchar_t *file_w = utf8_to_wchar(infile);
+	wchar_t *file_w = met_api->string.utf8_to_wchar(infile);
 	if (_wfopen_s(&fh, file_w, L"rb") == 0) {
 
 		/* Get file size and allocate buffer */
diff --git a/c/meterpreter/source/extensions/peinjector/peinjector.c b/c/meterpreter/source/extensions/peinjector/peinjector.c
index b2df4498..157f2031 100755
--- a/c/meterpreter/source/extensions/peinjector/peinjector.c
+++ b/c/meterpreter/source/extensions/peinjector/peinjector.c
@@ -2,17 +2,16 @@
  * @file peinjector.c
  * @brief Entry point and intialisation definitions for the Peinjector extension
  */
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
 
-#include "../../DelayLoadMetSrv/DelayLoadMetSrv.h"
+// Required so that use of the API works.
+MetApi* met_api = NULL;
 
 #include "../../ReflectiveDLLInjection/dll/src/ReflectiveLoader.c"
 
 #include "peinjector_bridge.h"
 
-// this sets the delay load hook function, see DelayLoadMetSrv.h
-EnableDelayLoadMetSrv();
-
 Command customCommands[] =
 {
 	COMMAND_REQ("peinjector_inject_shellcode", request_peinjector_inject_shellcode),
@@ -20,25 +19,41 @@ Command customCommands[] =
 };
 
 /*!
- * @brief Initialize the server extension
+ * @brief Initialize the server extension.
+ * @param api Pointer to the Meterpreter API structure.
+ * @param remote Pointer to the remote instance.
+ * @return Indication of success or failure.
  */
-DWORD __declspec(dllexport) InitServerExtension(Remote *remote)
+DWORD __declspec(dllexport) InitServerExtension(MetApi* api, Remote *remote)
 {
-	hMetSrv = remote->met_srv;
-	dprintf("[PEINJECTOR] Initializing peinjector...");
+    met_api = api;
 
-	command_register_all(customCommands);
+	met_api->command.register_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
 
 /*!
- * @brief Deinitialize the server extension
+ * @brief Deinitialize the server extension.
+ * @param remote Pointer to the remote instance.
+ * @return Indication of success or failure.
  */
 DWORD __declspec(dllexport) DeinitServerExtension(Remote *remote)
 {
-	command_deregister_all(customCommands);
+	met_api->command.deregister_all( customCommands );
 
 	return ERROR_SUCCESS;
 }
 
+
+/*!
+ * @brief Get the name of the extension.
+ * @param buffer Pointer to the buffer to write the name to.
+ * @param bufferSize Size of the \c buffer parameter.
+ * @return Indication of success or failure.
+ */
+DWORD __declspec(dllexport) GetExtensionName(char* buffer, int bufferSize)
+{
+	strncpy_s(buffer, bufferSize, "peinjector", bufferSize - 1);
+	return ERROR_SUCCESS;
+}
diff --git a/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c b/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c
index 4209d83a..2e2d1014 100755
--- a/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c
+++ b/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c
@@ -3,7 +3,8 @@
 * @brief Wrapper functions for bridging native meterp calls to peinjector
 */
 
-#include "../../common/common.h"
+#include "common.h"
+#include "common_metapi.h"
 #include "peinjector.h"
 #include "peinjector_bridge.h"
 #include "libpeinfect.h"
@@ -46,15 +47,15 @@ void __load_config(PEINFECT *infect, BYTE* shellcode, UINT shellcode_size, bool
 DWORD request_peinjector_inject_shellcode(Remote *remote, Packet *packet)
 {
 	DWORD dwResult = ERROR_SUCCESS;
-	Packet* response = packet_create_response(packet);
+	Packet* response = met_api->packet.create_response(packet);
 
 	if (response)
 	{
-		BYTE* shellcode = packet_get_tlv_value_raw(packet, TLV_TYPE_PEINJECTOR_SHELLCODE);
-		UINT size = packet_get_tlv_value_uint(packet, TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE);
-		BOOL is_x64 = packet_get_tlv_value_bool(packet, TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64);
+		BYTE* shellcode = met_api->packet.get_tlv_value_raw(packet, TLV_TYPE_PEINJECTOR_SHELLCODE);
+		UINT size = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_PEINJECTOR_SHELLCODE_SIZE);
+		BOOL is_x64 = met_api->packet.get_tlv_value_bool(packet, TLV_TYPE_PEINJECTOR_SHELLCODE_ISX64);
 
-		char* target_executable_path = packet_get_tlv_value_string(packet, TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE);
+		char* target_executable_path = met_api->packet.get_tlv_value_string(packet, TLV_TYPE_PEINJECTOR_TARGET_EXECUTABLE);
 		if (shellcode != NULL)
 		{
 			dprintf("[PEINJECTOR] recived path: %s", target_executable_path);
@@ -77,15 +78,15 @@ DWORD request_peinjector_inject_shellcode(Remote *remote, Packet *packet)
 				}
 				else {
 					dprintf("There was an error, shellcode not injected\n");
-					packet_add_tlv_string(response, TLV_TYPE_PEINJECTOR_RESULT, "There was an error, shellcode not injected");
+					met_api->packet.add_tlv_string(response, TLV_TYPE_PEINJECTOR_RESULT, "There was an error, shellcode not injected");
 				}
 			}
 			else {
 				dprintf("The architecture of the file is incompatible with the selected payload\n");
-				packet_add_tlv_string(response, TLV_TYPE_PEINJECTOR_RESULT, "The architecture of the file is incompatible with the selected payload");
+				met_api->packet.add_tlv_string(response, TLV_TYPE_PEINJECTOR_RESULT, "The architecture of the file is incompatible with the selected payload");
 			}
 
-			packet_transmit_response(dwResult, remote, response);
+			met_api->packet.transmit_response(dwResult, remote, response);
 		}
 		else
 		{
diff --git a/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj b/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj
index 17100419..6b3c32bd 100755
--- a/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj
+++ b/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj
@@ -84,7 +84,7 @@
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PEINJECTOR_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -134,7 +134,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MinSpace</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PEINJECTOR_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -187,7 +187,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MaxSpeed</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PEINJECTOR_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
@@ -237,7 +237,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <Optimization>MaxSpeed</Optimization>
       <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
       <IntrinsicFunctions>false</IntrinsicFunctions>
-      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\extensions\peinjector;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;EXT_SERVER_PEINJECTOR_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <StringPooling>true</StringPooling>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>