Loading meterpreter extensions in ms 3.0 beta (shedding new light...)

[0xlukej at gmail.com (Luke J)]

Hello Vedran and Skape,

I am currently writing a new extension to the meterpreter and came
across this exact same error whilst writing it.

The new DLL i have written worked fine when testing against a Windows
2000 box but I got this error when I tried it against a Windows 2003 box.

To cut a long story short, I eventually noticed that my DLL was much
bigger in size than the other DLLs even though it only has a couple of
functions so far (like 460k as opposed to like 70k for priv extension).
To test whether this was the issue alone, I took my recompiled
ext_server_priv.dll and replaced the copy of it in data/meterpreter
(recompiled in visual studio using the workspace files provided in the
framework, which was also much bigger than the "original"). This
produced the same error when trying to load the priv extension even
though I hadn't touched any code.

I eventually realised that I was compiling in Debug mode in Visual
Studio and not Release mode. I changed the mode to Release such that the
DLLs produced were much smaller and then everything worked fine.

Skape: Does this make sense to you? Are you aware of something in win2k3
that would make your library loading technique fail over a certain DLL
size? Also, I am using Visual Studio 2005. Not sure if the default
compile options in that would be causing any issues?

Vedran: Did you recompile the DLLs yourself rather than use the ones
already there and were you exploiting a win2k3 box?


Regards,

Luke

Vedran V. wrote:
> Hello,
>
> I'm using the following version of ms:
>
> Framework: 3.0-beta-dev.3997
> Console  : 3.0-beta-dev.4235
>
> and trying to load some meterpreter's extensions.
>
> First I got the following error:
>
> Loading extension process...[-]
> failure: No such file or directory - /home/me/framework3/data/meterpreter/ext_server_process.dll
> /lib/rex/post/meterpreter/client_core.rb:86:in `initialize'
>
> Then I just copied the dll to that location. But now I get this error:
>
> Loading extension process...[-]
> failure: The core_loadlib request failed with result: 1168.
> /lib/rex/post/meterpreter/client_core.rb:156:in `use'
> ./lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:249:in `cmd_use'
> ./lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb:237:in `cmd_use'
> ./lib/rex/ui/text/dispatcher_shell.rb:229:in `run_command'
> ./lib/rex/post/meterpreter/ui/console.rb:95:in `run_command'
> ./lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
> ./lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
> ./lib/rex/post/meterpreter/ui/console.rb:60:in `interact'
> ./lib/rex/ui/text/shell.rb:115:in `run'
> ./lib/rex/post/meterpreter/ui/console.rb:58:in `interact'
> ./lib/msf/base/sessions/meterpreter.rb:170:in `_interact'
> ./lib/rex/ui/interactive.rb:39:in `interact'
> ./lib/msf/ui/console/command_dispatcher/core.rb:614:in `cmd_sessions'
> ./lib/rex/ui/text/dispatcher_shell.rb:229:in `run_command'
> ./lib/rex/ui/text/dispatcher_shell.rb:196:in `run_single'
> ./lib/rex/ui/text/dispatcher_shell.rb:191:in `run_single'
> ./lib/rex/ui/text/shell.rb:119:in `run'
> ./msfconsole:63
>
> And I realy don't understand this error :(
>
> Can someone help me getting meterpreter working on ms 3.0?
>
> Thank you very much :)
>
> Vedran