This commit contains a bunch of code tidying (formatting, spaces, naming, etc) as well as new exports for each of the modules so that the extension can be identified. The plan is for the loader to know which modules are loaded so that when stageless meterpreter fires up MSF can query the existing extensions and load the appropriate functionality on the client side.
If a user attempts to start the clipboard monitor when it is already started then the code path that is taken results in the current clipboard monitor state pointers being lost. The net effect of this is that the existing monitor thread will never be shut down. Not a good thing!
This code fixes that case so that the monitor doesn't create a new monitor thread and doesn't reset important pointers to NULL.
This change also results in a "success" status being returned to the caller. This means it looks like the clipboard monitor has been started even if it was already running. I think this is acceptable and is better than an obscure error.
Now includes group nesting which will require work on the MSF side to
fully support it. But this option is way better as we don't lose info
thanks to serialising to strings.
Despite rigorous testing, the x64 version seemed to be dropping a column
from the result set. This would appear to be due to the differences in
the way the x86 version of the API handles the ubound parameter of the
enumeration.
x86 ubounds are inclusive, where as x64 are exclusive. Hence in the case
of x86 we need to subtract one from the field set, but not in x64.
This commit adds service status to the query functionality for a single
service so that it doesn't have to be found in the full list of services.
It also adds the ability for the caller to control services using the
typical start/stop/pause/resume/restart style functions. To use these
functions the caller has to have appropriate rights.
Gathering of function pointers is now done during initialisation. This
means that it doesn't have to be done each time a function is called
and allows for reuse across other functions.
A group packet is a special packet that is to be used as a group of TLVs that
will live under another packet. Using this functionality means that we can
easily nest groupings of data to arbitrary depths, which wasn't something we
were able to do before easily.
The MSF side is easily capable of handling this scenario, but this side had
always been lacking.
The clipboard dump code has been updated to show how this can be used.
The existing implementation wasn't really solid and I never liked it
anyway. Egypt rightfully pointed out flaws in the code, so it has
been changed so that it allocates the required memory up front
and returns that string to the caller, who then has to free it up.
Added a function to render SIDS.
Made the build set warnings as errors. Still no idea why this wasn't
the case already.
Thanks to sinner being on the ball, x64 was broken and causing some
crazy things to happen. The CPU would peg at 100% despite x86 being
quite happy. It turns out, I suck at C, so I had to fix that up.
This commit includes the following changes:
* Fix up the WNDPROC callback so that the parameters are in the right
order.
* Specify the correct array size for wait handles in the monitor thread.
* Add extra debugging.
* Handle WM_* messages correctly and add WM_NCCREATE.
* Correctly use the CREATESTRUCT to pass in the state.
"How on earth did this ever work?"
Fixed now, thanks again sinner!
When non-supported types were returned in queries, ADSI just pooped
itself and tore down the Meterpreter session. This a happy tester
Meterpreter does not make!
This code includes more support for ADSI types with attempts to be
semi-sane in stringifying them.
Plus, Meterpreter no longer crashes.
Sometimes results can be success values but not S_OK, so this change
contains code which will force the result to S_OK in those cases so that
the caller doesn't get an indication which makes it believe that there is
an error.
The ADSI API is supposed to support the notion of only returning
a fixed number of results from AD when we specify the
ADS_SEARCHPREF_SIZE_LIMIT value in the search parameters, but it
doesn't appear to do that (at least not my Win2k setup).
This change includes a bit more debugging output and keeps track of
the number of rows processed so that the maximum site is actually
honoured.
