Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
1554bc2
Add extension encryption manager
xHector1337 Feb 2, 2026
72214ad
feat: extension encryption manager, wiring to library loading and com…
dledda-r7 Feb 2, 2026
b796d8b
fix: minor fixes in extension_encryption.c
dledda-r7 Feb 3, 2026
f7a0384
feat: integrate Extension Encryption Manager into server setup
dledda-r7 Feb 3, 2026
e772f2e
fix: streamline Extension Encryption Manager initialization in server…
dledda-r7 Feb 3, 2026
a2b09b1
fix: correct indentation for extension encryption includes in project…
dledda-r7 Feb 3, 2026
24288ca
fix: update extension count handling in extension encryption manager
dledda-r7 Feb 3, 2026
094c1fe
feat: enhance command processing with extension decryption support
dledda-r7 Feb 3, 2026
f787835
feat: add get method to Extension Encryption Manager and improve erro…
dledda-r7 Feb 4, 2026
df37b63
Add extension encryption manager
xHector1337 Feb 2, 2026
e37cf9c
Merge branch 'add-extension-encryption-manager' into collab/feat/add-…
xHector1337 Feb 4, 2026
7e2b157
Merge pull request #2 from dledda-r7/collab/feat/add-extension-encryp…
xHector1337 Feb 4, 2026
14db760
bug fix
xHector1337 Feb 8, 2026
53441ce
revert the usage of GetTickCount in extension_encryption_encrypt
xHector1337 Feb 8, 2026
628ca94
add extensionFindDecrypt function
xHector1337 Feb 9, 2026
7559689
add additional checks into extensionFindDecrypt and use it in command…
xHector1337 Feb 10, 2026
3511b2f
modify the scheduler to make it work with extension encryption
xHector1337 Feb 10, 2026
985727e
bug fix in extension_encryption_add
xHector1337 Feb 11, 2026
f82a4e7
store CryptographicManagerType in ExtensionEncryptionManager
xHector1337 Feb 12, 2026
6141c1d
use extension_encrypt_unused in the command handler
xHector1337 Feb 16, 2026
524575c
define a new error type for extensionFindDecrypt and implement it on …
xHector1337 Feb 19, 2026
699fee0
update extension_encryption.c
xHector1337 Mar 2, 2026
41918bd
fix: using correct base address for extension encryption manager, ref…
dledda-r7 Mar 5, 2026
b900afd
Merge pull request #3 from dledda-r7/collab/feat/add-extension-encryp…
xHector1337 Mar 8, 2026
ca3b916
fix: ensure proper handling of encryption status and error conditions…
dledda-r7 Apr 16, 2026
9ab8ab1
fix: add null check for ExtensionEncryptionManager in unused encrypt …
dledda-r7 Apr 16, 2026
2e03b92
fix: enhance cryptographic manager initialization and error handling …
dledda-r7 Apr 16, 2026
5187695
fix: improve decryption error handling in command processing and sche…
dledda-r7 Apr 16, 2026
845714c
Merge pull request #4 from dledda-r7/collab/feat/add-extension-encryp…
xHector1337 Apr 27, 2026
8d71c52
bug fixes
xHector1337 Apr 27, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 42 additions & 1 deletion c/meterpreter/source/metsrv/base.c
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
* @brief Definitions that apply to almost any Meterpreter component.
*/
#include "metsrv.h"
#include "extension_encryption.h"

// TODO: move these to a header?
// Local remote request implementors
Expand Down Expand Up @@ -286,6 +287,8 @@ BOOL command_process_inline(Command *command, Remote *remote, Packet *packet)
PacketTlvType packetTlvType;
UINT commandId = 0;

DWORD extensionFindDecryptVal = ERROR_SUCCESS;

__try
{
do
Expand Down Expand Up @@ -318,12 +321,30 @@ BOOL command_process_inline(Command *command, Remote *remote, Packet *packet)
case PACKET_TLV_TYPE_PLAIN_REQUEST:
if (command->request.inline_handler) {
dprintf("[DISPATCH] executing inline request handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->request.inline_handler);
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
break;
}
serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
}
else
{
dprintf("[DISPATCH] executing request handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->request.handler);
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
break;
}
result = command->request.handler(remote, packet);
Comment on lines +326 to 348

Copilot AI Apr 16, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If extensionFindDecrypt() reports a decryption failure, the handler is still invoked. For handlers located inside an encrypted extension, this risks executing encrypted bytes (crash/undefined behavior). Consider short-circuiting the dispatch when decryption fails (except for "not encryptable" / "not found" cases), and avoid logging "Decryption successful" unless the return code indicates success.

Suggested change
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
//break;
}
serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
}
else
{
dprintf("[DISPATCH] executing request handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->request.handler);
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
//break;
}
result = command->request.handler(remote, packet);
if (!extensionFindDecryptVal) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
}
else if (extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE
|| extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_FOUND) {
dprintf("[COMMAND] Decryption not required for command %u", commandId);
serverContinue = command->request.inline_handler(remote, packet, &result) && serverContinue;
dprintf("[DISPATCH] executed %u, continue %s", commandId, serverContinue ? "yes" : "no");
}
else {
dprintf("[COMMAND] Decryption failed for command %u with error %u", commandId, extensionFindDecryptVal);
result = extensionFindDecryptVal;
}
}
else
{
dprintf("[DISPATCH] executing request handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->request.handler);
if (!extensionFindDecryptVal) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
result = command->request.handler(remote, packet);
}
else if (extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE
|| extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_FOUND) {
dprintf("[COMMAND] Decryption not required for command %u", commandId);
result = command->request.handler(remote, packet);
}
else {
dprintf("[COMMAND] Decryption failed for command %u with error %u", commandId, extensionFindDecryptVal);
result = extensionFindDecryptVal;
}

Copilot uses AI. Check for mistakes.
}
break;
Expand All @@ -332,11 +353,29 @@ BOOL command_process_inline(Command *command, Remote *remote, Packet *packet)
if (command->response.inline_handler)
{
dprintf("[DISPATCH] executing inline response handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->response.inline_handler);
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
break;
}
serverContinue = command->response.inline_handler(remote, packet, &result) && serverContinue;
}
else
{
dprintf("[DISPATCH] executing response handler %u", commandId);
dprintf("[DISPATCH] Calling extensionFindDecrypt for command %u", commandId);
extensionFindDecryptVal = extensionFindDecrypt(command->response.handler);
if (!extensionFindDecryptVal || extensionFindDecryptVal == EXTENSION_ENCRYPTION_EXTENSION_NOT_ENCRYPTABLE) {
dprintf("[COMMAND] Decryption successful for command %u", commandId);
}
else {
dprintf("[COMMAND] Decryption failed for command %u", commandId);
break;
}
result = command->response.handler(remote, packet);
}
break;
Expand Down Expand Up @@ -455,6 +494,7 @@ BOOL command_handle(Remote *remote, Packet *packet)
break;
}


// if either command is registered as inline, run them inline
if ((command && command_is_inline(command, packet))
|| packet->local)
Expand All @@ -474,8 +514,9 @@ BOOL command_handle(Remote *remote, Packet *packet)
thread_run(cpt);
}
}
} while (0);

} while (0);
extension_encryption_encrypt_unused();

Copilot AI Apr 16, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

command_handle calls extension_encryption_encrypt_unused() unconditionally. If InitExtensionEncryptionManager() failed (or was never called), extension_encryption_encrypt_unused() dereferences g_ExtensionEncryptionManager and will crash. Guard this call (or make extension_encryption_encrypt_unused() a no-op when the manager is NULL).

Suggested change
extension_encryption_encrypt_unused();
if (g_ExtensionEncryptionManager != NULL)
{
extension_encryption_encrypt_unused();
}

Copilot uses AI. Check for mistakes.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah good catch, we might not need the below suggestion if we do this. I'm not sure, I will take a look at it on VS.

return result;
}

Expand Down
Loading
Loading