[framework] Loading meterpreter extensions in ms 3.0 beta (shedding new light...)

Luke J 0xlukej at gmail.com
Thu Mar 1 20:58:48 CST 2007 

I used the Dependency Walker (http://www.dependencywalker.com presuming that
is what you meant by depends.exe?) and that seemed to report that all
dependencies were found. The only difference I noted was that the debug
version links against USER32.DLL which the release version doesn't. Strange.
Oh well, at least people should know how to get around this problem now.

Thanks for your input, skape.

On 3/2/07, mmiller at hick.org <mmiller at hick.org> wrote:
>
> On Thu, Mar 01, 2007 at 11:52:08PM +0000, Luke J wrote:
> > I added that debug line and it is reporting the correct size which is
> > strange. So the problem must be in the transport to the server, the
> handling
> > at the server or just plainly a win2k3 problem.
> >
> > I tried adding some debugging statements to files that make up
> metsrv.dll to
> > get it to write logs to keep track of stuff but couldn't even seem to
> get it
> > to write to files for some reason. My general C knowledge is OK but my
> > windows programming isn't really upto scratch so maybe I'm missing
> > something.
> >
> > I might attach a debugger at some point but other than that I guess
> maybe
> > this will be an unsolved mystery. The VNC DLL is fine at 300k+ in size
> so I
> > imagine maybe this isn't going to be much of an issue practically unless
> > someone wants to write a huge extension.
>
> Also, since you're compiling with VS 2005, it's most likely the case
> that you're linking to the runtime CRT (msvcrt).  When you compile in
> debug mode, it'll link against the debug CRT DLLs.  It's possible that
> the target system doesn't have these DLLs.  That may be why the
> extension DLL is failing to load on the server side, and may also
> explain why it works when you compile in release mode (since the release
> CRT DLLs are more likely to be present).  You can test this by copying
> the extension DLL manually to the target machine and using a tool like
> depends.exe to see if any of the dependent DLLs/imports are missing.
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20070302/65b08956/attachment.htm

More information about the framework mailing list