Add error message support to railgun

This code was lost in the transition when the meterpreter source was removed from the metasploit-framework source. I'm pulling this in by request of @dmaloney-r7 who originally requested this code be inculded as part of https://github.com/rapid7/metasploit-framework/pull/740 I added an extra bit of code to free up memory that is allocated by the call to FormatMessage and forced the ASCII-version (FormatMessageA) of the call. This PR is the MSF side of https://github.com/rapid7/meterpreter/pull/26
2013-10-01 17:23:08 +10:00 · 2013-10-01 17:23:08 +10:00 · 82162ef486
parent 9abf727fa6
commit 82162ef486
2 changed files with 26 additions and 17 deletions
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb
@ -269,13 +269,21 @@ class DLL
    rec_out_only_buffers = response.get_tlv_value(TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT)
    rec_return_value = response.get_tlv_value(TLV_TYPE_RAILGUN_BACK_RET)
    rec_last_error = response.get_tlv_value(TLV_TYPE_RAILGUN_BACK_ERR)
+    rec_err_msg = response.get_tlv_value(TLV_TYPE_RAILGUN_BACK_MSG)
+
+    # Error messages come back with trailing CRLF, so strip it out
+    # if we do get a message.
+    rec_err_msg.strip! if not rec_err_msg.nil?

    #puts "received stuff"
    #puts "out_only_layout:"
    #puts out_only_layout

    # The hash the function returns
-    return_hash={"GetLastError" => rec_last_error}
+    return_hash = {
+      "GetLastError" => rec_last_error,
+      "ErrorMessage" => rec_err_msg
+    }

    #process return value
    case function.return_type
--- a/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb
+++ b/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb
@ -32,24 +32,25 @@ module Extensions
 module Stdapi
 module Railgun

-TLV_TYPE_EXTENSION_RAILGUN = 0
-TLV_TYPE_RAILGUN_SIZE_OUT = 			TLV_META_TYPE_UINT | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 1)
-TLV_TYPE_RAILGUN_STACKBLOB = 			TLV_META_TYPE_RAW | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 2)
-TLV_TYPE_RAILGUN_BUFFERBLOB_IN = 		TLV_META_TYPE_RAW | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 3)
-TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT = 	TLV_META_TYPE_RAW | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 4)
+TLV_TYPE_EXTENSION_RAILGUN             = 0
+TLV_TYPE_RAILGUN_SIZE_OUT              =  TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 1)
+TLV_TYPE_RAILGUN_STACKBLOB             =  TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 2)
+TLV_TYPE_RAILGUN_BUFFERBLOB_IN         =  TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 3)
+TLV_TYPE_RAILGUN_BUFFERBLOB_INOUT      =  TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 4)

-TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT = 		TLV_META_TYPE_RAW | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 5)
-TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT = 	TLV_META_TYPE_RAW | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 6)
-TLV_TYPE_RAILGUN_BACK_RET = 			    TLV_META_TYPE_QWORD | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 7)
-TLV_TYPE_RAILGUN_BACK_ERR = 			    TLV_META_TYPE_UINT | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 8)
+TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_OUT   =  TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 5)
+TLV_TYPE_RAILGUN_BACK_BUFFERBLOB_INOUT =   TLV_META_TYPE_RAW   | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 6)
+TLV_TYPE_RAILGUN_BACK_RET              =  TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 7)
+TLV_TYPE_RAILGUN_BACK_ERR              =  TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 8)

-TLV_TYPE_RAILGUN_DLLNAME = 			    TLV_META_TYPE_STRING | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 9)
-TLV_TYPE_RAILGUN_FUNCNAME = 			TLV_META_TYPE_STRING | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 10)
-TLV_TYPE_RAILGUN_MULTI_GROUP = 			TLV_META_TYPE_GROUP | 		(TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 11)
+TLV_TYPE_RAILGUN_DLLNAME               =  TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 9)
+TLV_TYPE_RAILGUN_FUNCNAME              =  TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 10)
+TLV_TYPE_RAILGUN_MULTI_GROUP           =  TLV_META_TYPE_GROUP  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 11)

-TLV_TYPE_RAILGUN_MEM_ADDRESS =          TLV_META_TYPE_QWORD | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 12 )
-TLV_TYPE_RAILGUN_MEM_DATA    =          TLV_META_TYPE_RAW   | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 13 )
-TLV_TYPE_RAILGUN_MEM_LENGTH  =          TLV_META_TYPE_UINT  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 14 )
+TLV_TYPE_RAILGUN_MEM_ADDRESS           =  TLV_META_TYPE_QWORD  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 12)
+TLV_TYPE_RAILGUN_MEM_DATA              =  TLV_META_TYPE_RAW    | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 13)
+TLV_TYPE_RAILGUN_MEM_LENGTH            =  TLV_META_TYPE_UINT   | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 14)

-TLV_TYPE_RAILGUN_CALLCONV =		TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 15)
+TLV_TYPE_RAILGUN_CALLCONV              = TLV_META_TYPE_STRING  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 15)
+TLV_TYPE_RAILGUN_BACK_MSG              = TLV_META_TYPE_STRING  | (TLV_TYPE_EXTENSION_RAILGUN + TLV_EXTENSIONS + 16)
 end; end; end; end; end; end