Loading meterpreter extensions in ms 3.0 beta (shedding new light...)

[mmiller at hick.org (mmiller at hick.org)]

On Thu, Mar 01, 2007 at 11:52:08PM +0000, Luke J wrote:
> I added that debug line and it is reporting the correct size which is
> strange. So the problem must be in the transport to the server, the handling
> at the server or just plainly a win2k3 problem.
>
> I tried adding some debugging statements to files that make up metsrv.dll to
> get it to write logs to keep track of stuff but couldn't even seem to get it
> to write to files for some reason. My general C knowledge is OK but my
> windows programming isn't really upto scratch so maybe I'm missing
> something.
>
> I might attach a debugger at some point but other than that I guess maybe
> this will be an unsolved mystery. The VNC DLL is fine at 300k+ in size so I
> imagine maybe this isn't going to be much of an issue practically unless
> someone wants to write a huge extension.

Also, since you're compiling with VS 2005, it's most likely the case
that you're linking to the runtime CRT (msvcrt).  When you compile in
debug mode, it'll link against the debug CRT DLLs.  It's possible that
the target system doesn't have these DLLs.  That may be why the
extension DLL is failing to load on the server side, and may also
explain why it works when you compile in release mode (since the release
CRT DLLs are more likely to be present).  You can test this by copying
the extension DLL manually to the target machine and using a tool like
depends.exe to see if any of the dependent DLLs/imports are missing.