Add meterpreter server side support for cleaning up loaded extensions upon server termination by calling the loaded extensions DeinisServerExtension() functions.

git-svn-id: file:///home/svn/framework3/trunk@10053 4d416f70-5f16-0410-b530-b9f4589650da
unstable
Stephen Fewer 2010-08-19 11:34:23 +00:00
parent fd0b96ee9d
commit 73f7b20935
5 changed files with 67 additions and 27 deletions

View File

@ -27,5 +27,11 @@
DWORD server_setup(SOCKET fd);
typedef struct _EXTENSION
{
HMODULE library;
DWORD (*init)(Remote *remote);
DWORD (*deinit)(Remote *remote);
} EXTENSION;
#endif

View File

@ -23,6 +23,6 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet);
VOID register_dispatch_routines();
VOID deregister_dispatch_routines();
VOID deregister_dispatch_routines( Remote * remote );
#endif

View File

@ -9,6 +9,8 @@ extern HINSTANCE hAppInstance;
* Core dispatch routines *
**************************/
LIST * extension_list = NULL;
// Dispatch table
Command custom_commands[] =
{
@ -32,21 +34,32 @@ VOID register_dispatch_routines()
{
DWORD index;
for (index = 0;
custom_commands[index].method;
index++)
command_register(&custom_commands[index]);
extension_list = list_create();
for( index=0 ; custom_commands[index].method ; index++ )
command_register( &custom_commands[index] );
}
/*
* Deregisters previously registered custom commands
* Deregisters previously registered custom commands and loaded extensions.
*/
VOID deregister_dispatch_routines()
VOID deregister_dispatch_routines( Remote * remote )
{
DWORD index;
for (index = 0;
custom_commands[index].method;
index++)
command_deregister(&custom_commands[index]);
while( TRUE )
{
EXTENSION * extension = list_pop( extension_list );
if( !extension )
break;
extension->deinit( remote );
free( extension );
}
for( index=0 ; custom_commands[index].method ; index++ )
command_deregister( &custom_commands[index] );
list_destroy( extension_list );
}

View File

@ -470,7 +470,7 @@ DWORD server_setup( SOCKET fd )
server_dispatch( remote );
dprintf("[SERVER] Deregistering dispatch routines...");
deregister_dispatch_routines();
deregister_dispatch_routines( remote );
} while (0);

View File

@ -3,6 +3,9 @@
// see ReflectiveLoader.c...
extern HINSTANCE hAppInstance;
// see remote_dispatch_common.c
extern LIST * extension_list;
DWORD request_core_loadlib(Remote *remote, Packet *packet)
{
Packet *response = packet_create_response(packet);
@ -86,24 +89,42 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
// call its Init routine
if ((flags & LOAD_LIBRARY_FLAG_EXTENSION) && (library))
{
DWORD (*init)(Remote *remote);
EXTENSION * exension = (EXTENSION *)malloc( sizeof(EXTENSION) );
if( exension )
{
exension->library = library;
// if the library was loaded via its reflective loader we must use GetProcAddressR()
if( bLibLoadedReflectivly )
(LPVOID)init = (LPVOID)GetProcAddressR( library, "InitServerExtension" );
else
(LPVOID)init = (LPVOID)GetProcAddress( library, "InitServerExtension" );
// if the library was loaded via its reflective loader we must use GetProcAddressR()
if( bLibLoadedReflectivly )
{
exension->init = (LPVOID)GetProcAddressR( exension->library, "InitServerExtension" );
exension->deinit = (LPVOID)GetProcAddressR( exension->library, "DeinitServerExtension" );
}
else
{
exension->init = (LPVOID)GetProcAddress( exension->library, "InitServerExtension" );
exension->deinit = (LPVOID)GetProcAddress( exension->library, "DeinitServerExtension" );
}
// patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading
// functions from the metsrv.dll library. We need to do it this way as LoadLibrary/GetProcAddress
// wont work if we have used Reflective DLL Injection as metsrv.dll will be 'invisible' to these functions.
remote->hMetSrv = hAppInstance;
// patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading
// functions from the metsrv.dll library. We need to do it this way as LoadLibrary/GetProcAddress
// wont work if we have used Reflective DLL Injection as metsrv.dll will be 'invisible' to these functions.
remote->hMetSrv = hAppInstance;
dprintf("[SERVER] Calling init()...");
// Call the init routine in the library
if( init )
res = init(remote);
dprintf("[SERVER] Called init()...");
// Call the init routine in the library
if( exension->init )
{
dprintf("[SERVER] Calling init()...");
res = exension->init( remote );
if( res == ERROR_SUCCESS )
list_push( extension_list, exension );
else
free( exension );
}
dprintf("[SERVER] Called init()...");
}
}
} while (0);