Add meterpreter server side support for cleaning up loaded extensions upon server termination by calling the loaded extensions DeinisServerExtension() functions.
git-svn-id: file:///home/svn/framework3/trunk@10053 4d416f70-5f16-0410-b530-b9f4589650daunstable
parent
fd0b96ee9d
commit
73f7b20935
|
@ -27,5 +27,11 @@
|
||||||
|
|
||||||
DWORD server_setup(SOCKET fd);
|
DWORD server_setup(SOCKET fd);
|
||||||
|
|
||||||
|
typedef struct _EXTENSION
|
||||||
|
{
|
||||||
|
HMODULE library;
|
||||||
|
DWORD (*init)(Remote *remote);
|
||||||
|
DWORD (*deinit)(Remote *remote);
|
||||||
|
} EXTENSION;
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -23,6 +23,6 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet);
|
||||||
|
|
||||||
|
|
||||||
VOID register_dispatch_routines();
|
VOID register_dispatch_routines();
|
||||||
VOID deregister_dispatch_routines();
|
VOID deregister_dispatch_routines( Remote * remote );
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -9,6 +9,8 @@ extern HINSTANCE hAppInstance;
|
||||||
* Core dispatch routines *
|
* Core dispatch routines *
|
||||||
**************************/
|
**************************/
|
||||||
|
|
||||||
|
LIST * extension_list = NULL;
|
||||||
|
|
||||||
// Dispatch table
|
// Dispatch table
|
||||||
Command custom_commands[] =
|
Command custom_commands[] =
|
||||||
{
|
{
|
||||||
|
@ -32,21 +34,32 @@ VOID register_dispatch_routines()
|
||||||
{
|
{
|
||||||
DWORD index;
|
DWORD index;
|
||||||
|
|
||||||
for (index = 0;
|
extension_list = list_create();
|
||||||
custom_commands[index].method;
|
|
||||||
index++)
|
for( index=0 ; custom_commands[index].method ; index++ )
|
||||||
command_register(&custom_commands[index]);
|
command_register( &custom_commands[index] );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Deregisters previously registered custom commands
|
* Deregisters previously registered custom commands and loaded extensions.
|
||||||
*/
|
*/
|
||||||
VOID deregister_dispatch_routines()
|
VOID deregister_dispatch_routines( Remote * remote )
|
||||||
{
|
{
|
||||||
DWORD index;
|
DWORD index;
|
||||||
|
|
||||||
for (index = 0;
|
while( TRUE )
|
||||||
custom_commands[index].method;
|
{
|
||||||
index++)
|
EXTENSION * extension = list_pop( extension_list );
|
||||||
command_deregister(&custom_commands[index]);
|
if( !extension )
|
||||||
|
break;
|
||||||
|
|
||||||
|
extension->deinit( remote );
|
||||||
|
|
||||||
|
free( extension );
|
||||||
|
}
|
||||||
|
|
||||||
|
for( index=0 ; custom_commands[index].method ; index++ )
|
||||||
|
command_deregister( &custom_commands[index] );
|
||||||
|
|
||||||
|
list_destroy( extension_list );
|
||||||
}
|
}
|
||||||
|
|
|
@ -470,7 +470,7 @@ DWORD server_setup( SOCKET fd )
|
||||||
server_dispatch( remote );
|
server_dispatch( remote );
|
||||||
|
|
||||||
dprintf("[SERVER] Deregistering dispatch routines...");
|
dprintf("[SERVER] Deregistering dispatch routines...");
|
||||||
deregister_dispatch_routines();
|
deregister_dispatch_routines( remote );
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,9 @@
|
||||||
// see ReflectiveLoader.c...
|
// see ReflectiveLoader.c...
|
||||||
extern HINSTANCE hAppInstance;
|
extern HINSTANCE hAppInstance;
|
||||||
|
|
||||||
|
// see remote_dispatch_common.c
|
||||||
|
extern LIST * extension_list;
|
||||||
|
|
||||||
DWORD request_core_loadlib(Remote *remote, Packet *packet)
|
DWORD request_core_loadlib(Remote *remote, Packet *packet)
|
||||||
{
|
{
|
||||||
Packet *response = packet_create_response(packet);
|
Packet *response = packet_create_response(packet);
|
||||||
|
@ -86,24 +89,42 @@ DWORD request_core_loadlib(Remote *remote, Packet *packet)
|
||||||
// call its Init routine
|
// call its Init routine
|
||||||
if ((flags & LOAD_LIBRARY_FLAG_EXTENSION) && (library))
|
if ((flags & LOAD_LIBRARY_FLAG_EXTENSION) && (library))
|
||||||
{
|
{
|
||||||
DWORD (*init)(Remote *remote);
|
EXTENSION * exension = (EXTENSION *)malloc( sizeof(EXTENSION) );
|
||||||
|
if( exension )
|
||||||
|
{
|
||||||
|
exension->library = library;
|
||||||
|
|
||||||
// if the library was loaded via its reflective loader we must use GetProcAddressR()
|
// if the library was loaded via its reflective loader we must use GetProcAddressR()
|
||||||
if( bLibLoadedReflectivly )
|
if( bLibLoadedReflectivly )
|
||||||
(LPVOID)init = (LPVOID)GetProcAddressR( library, "InitServerExtension" );
|
{
|
||||||
else
|
exension->init = (LPVOID)GetProcAddressR( exension->library, "InitServerExtension" );
|
||||||
(LPVOID)init = (LPVOID)GetProcAddress( library, "InitServerExtension" );
|
exension->deinit = (LPVOID)GetProcAddressR( exension->library, "DeinitServerExtension" );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
exension->init = (LPVOID)GetProcAddress( exension->library, "InitServerExtension" );
|
||||||
|
exension->deinit = (LPVOID)GetProcAddress( exension->library, "DeinitServerExtension" );
|
||||||
|
}
|
||||||
|
|
||||||
// patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading
|
// patch in the metsrv.dll's HMODULE handle, used by the server extensions for delay loading
|
||||||
// functions from the metsrv.dll library. We need to do it this way as LoadLibrary/GetProcAddress
|
// functions from the metsrv.dll library. We need to do it this way as LoadLibrary/GetProcAddress
|
||||||
// wont work if we have used Reflective DLL Injection as metsrv.dll will be 'invisible' to these functions.
|
// wont work if we have used Reflective DLL Injection as metsrv.dll will be 'invisible' to these functions.
|
||||||
remote->hMetSrv = hAppInstance;
|
remote->hMetSrv = hAppInstance;
|
||||||
|
|
||||||
dprintf("[SERVER] Calling init()...");
|
// Call the init routine in the library
|
||||||
// Call the init routine in the library
|
if( exension->init )
|
||||||
if( init )
|
{
|
||||||
res = init(remote);
|
dprintf("[SERVER] Calling init()...");
|
||||||
dprintf("[SERVER] Called init()...");
|
|
||||||
|
res = exension->init( remote );
|
||||||
|
|
||||||
|
if( res == ERROR_SUCCESS )
|
||||||
|
list_push( extension_list, exension );
|
||||||
|
else
|
||||||
|
free( exension );
|
||||||
|
}
|
||||||
|
dprintf("[SERVER] Called init()...");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
} while (0);
|
} while (0);
|
||||||
|
|
Loading…
Reference in New Issue