Add support for loading RDI-related stuff using ordinals instead of
function names. Remove exports from the extensions/etc. This is another
step in the direction to make the DLLs less obvious.
Extensions no longer have their own name in the library metadata.
They're all "extension.dll". Metsrv is now "server.dll" and the two
non-extensions are "plugin.dll". I was going for something a little less
obvious.
This required changes to the RDI functionality.
Enumeration of commands was a bit of a hack, and still resultsed in
strings (like "stdapi") to appear in binaries, and also meant that
extensions needed to identify themselves.
This code changes the way this works. Extensions no longer have a name.
Instead they have an internal ID tha maps to the command sets they
support. To enumerate extension commands, MSF will ask for a range of
commands, and if any command IDs fit within that range, they'll be
returned.
This moves us towards a nicer way of handling things across all the
meterpreters.
We now use ints, and hopefully this means we don't have as much obvious
stuff in the binaries!
```
$ # Before:
$ strings metsrv.x86.dll | grep core_ | wc -l
46
$ # After:
$ strings metsrv.x86.dll | grep core_ | wc -l
0
```
Big win, and it's even bigger for the likes of stdapi.
Had to fix a bunch of other stuff along the way, including a subtle
issue with the Powershell Meterp bindings.
This commit contains a bunch of code tidying (formatting, spaces, naming, etc) as well as new exports for each of the modules so that the extension can be identified. The plan is for the loader to know which modules are loaded so that when stageless meterpreter fires up MSF can query the existing extensions and load the appropriate functionality on the client side.
If a user attempts to start the clipboard monitor when it is already started then the code path that is taken results in the current clipboard monitor state pointers being lost. The net effect of this is that the existing monitor thread will never be shut down. Not a good thing!
This code fixes that case so that the monitor doesn't create a new monitor thread and doesn't reset important pointers to NULL.
This change also results in a "success" status being returned to the caller. This means it looks like the clipboard monitor has been started even if it was already running. I think this is acceptable and is better than an obscure error.
Now includes group nesting which will require work on the MSF side to
fully support it. But this option is way better as we don't lose info
thanks to serialising to strings.
Despite rigorous testing, the x64 version seemed to be dropping a column
from the result set. This would appear to be due to the differences in
the way the x86 version of the API handles the ubound parameter of the
enumeration.
x86 ubounds are inclusive, where as x64 are exclusive. Hence in the case
of x86 we need to subtract one from the field set, but not in x64.
This commit adds service status to the query functionality for a single
service so that it doesn't have to be found in the full list of services.
It also adds the ability for the caller to control services using the
typical start/stop/pause/resume/restart style functions. To use these
functions the caller has to have appropriate rights.
Gathering of function pointers is now done during initialisation. This
means that it doesn't have to be done each time a function is called
and allows for reuse across other functions.
A group packet is a special packet that is to be used as a group of TLVs that
will live under another packet. Using this functionality means that we can
easily nest groupings of data to arbitrary depths, which wasn't something we
were able to do before easily.
The MSF side is easily capable of handling this scenario, but this side had
always been lacking.
The clipboard dump code has been updated to show how this can be used.
The existing implementation wasn't really solid and I never liked it
anyway. Egypt rightfully pointed out flaws in the code, so it has
been changed so that it allocates the required memory up front
and returns that string to the caller, who then has to free it up.
Added a function to render SIDS.
Made the build set warnings as errors. Still no idea why this wasn't
the case already.
Thanks to sinner being on the ball, x64 was broken and causing some
crazy things to happen. The CPU would peg at 100% despite x86 being
quite happy. It turns out, I suck at C, so I had to fix that up.
This commit includes the following changes:
* Fix up the WNDPROC callback so that the parameters are in the right
order.
* Specify the correct array size for wait handles in the monitor thread.
* Add extra debugging.
* Handle WM_* messages correctly and add WM_NCCREATE.
* Correctly use the CREATESTRUCT to pass in the state.
"How on earth did this ever work?"
Fixed now, thanks again sinner!
