github/metasploit-payloads
1
Fork 0
mirror of https://github.com/rapid7/metasploit-payloads synced 2025-05-26 16:53:20 +02:00
Code Releases Activity
1f62d226a0
metasploit-payloads/c/meterpreter/source/extensions/stdapi/server/audio/output.c
OJ 4ffe127f04
Begin removing the delay-load dependency 
The 'common' library has been removed. The only project that actually
used it was metsrv, so the code that metsrv required from common is now
directly compiled in as part of that project.

The common folder now contains files that are importanta cross all of
the projects, with a primary focus on the new "API" style function. What
this means is that MetSrv has an API that it exposes through a function
pointer that is passed to the extension when it's initialised. This
pointer references a structure with all the API functions wired in. This
means that:

* Extensions don't need to know anything about metsrv at compile time.
* The delay loading code can be removed, which was one of the last
  instances of "metsrv.dll" as a string.
* Metsrv.dll no longer exports any functions.

More to come.
2020-04-22 13:06:40 +10:00

141 lines
2.9 KiB
C
Raw Blame History

#include "precomp.h"
#include "common_metapi.h"
#include <sys/stat.h>
/***************************
* Audio Channel Operations *
***************************/
typedef struct
{
size_t offset;
void* buffer;
} AudioContext;
/*
* Writes the supplied data to the audio buffer
*/
static DWORD audio_channel_write(Channel* channel, Packet* request,
LPVOID context, LPVOID buffer, DWORD bufferSize, LPDWORD bytesWritten)
{
AudioContext* ctx = (AudioContext*)context;
DWORD result = ERROR_SUCCESS;
size_t written = 0;
// Write to the buffer
if (bufferSize)
{
char* newbuffer = 0;
if (ctx->buffer)
{
newbuffer = realloc(ctx->buffer, ctx->offset + bufferSize);
}
else
{
newbuffer = malloc(bufferSize);
}
if (newbuffer)
{
memcpy(newbuffer + ctx->offset, buffer, bufferSize);
ctx->buffer = newbuffer;
ctx->offset += bufferSize;
written = bufferSize;
}
else
{
result = ERROR_NOT_ENOUGH_MEMORY;
}
}
if (bytesWritten)
{
*bytesWritten = (DWORD)written;
}
return result;
}
/*
* Play the audio on channel close
*/
static DWORD audio_channel_close(Channel *channel, Packet *request, LPVOID context)
{
AudioContext *ctx = (AudioContext *)context;
// Play the audio buffer
sndPlaySound(ctx->buffer, SND_MEMORY);
if (ctx->buffer)
{
free(ctx->buffer);
ctx->buffer = 0;
}
free(ctx);
return ERROR_SUCCESS;
}
/*
* Handles the open request for a audio channel and returns a valid channel
*/
DWORD request_audio_output_channel_open(Remote *remote, Packet *packet)
{
Packet *response = NULL;
DWORD res = ERROR_SUCCESS;
DWORD flags = 0;
PoolChannelOps chops = { 0 };
AudioContext *ctx;
Channel *newChannel = NULL;
// Allocate a response
response = met_api->packet.create_response(packet);
// Allocate storage for the audio buffer context
if (!(ctx = calloc(1, sizeof(AudioContext))))
{
res = ERROR_NOT_ENOUGH_MEMORY;
goto out;
}
// Get the channel flags
flags = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_FLAGS);
memset(&chops, 0, sizeof(chops));
// Initialize the pool operation handlers
chops.native.context = ctx;
chops.native.write = audio_channel_write;
chops.native.close = audio_channel_close;
// Check the response allocation & allocate a un-connected
// channel
if ((!response) || (!(newChannel = met_api->channel.create_pool(0, flags, &chops))))
{
res = ERROR_NOT_ENOUGH_MEMORY;
goto out;
}
// Add the channel identifier to the response
met_api->packet.add_tlv_uint(response, TLV_TYPE_CHANNEL_ID, met_api->channel.get_id(newChannel));
out:
// Transmit the packet if it's valid
met_api->packet.transmit_response(res, remote, response);
// Clean up on failure
if (res != ERROR_SUCCESS)
{
if (newChannel)
{
met_api->channel.destroy(newChannel, NULL);
}
}
return res;
}
View Git Blame Copy Permalink