Loading meterpreter extensions in ms 3.0 beta (shedding new light...)

[mmiller at hick.org (mmiller at hick.org)]

On Thu, Mar 01, 2007 at 03:55:27PM +0000, Luke J wrote:
> It was failing with the same ruby stack trace that Vedran had (as
> below). I didn't attach a debugger but the server side didn't crash. I
> could still carry on using the meterpreter perfectly.
>
> The error code 1168 is windows system error ERROR_NOT_FOUND which seemed
>  to be returned from the server side code based on my brief code analysis.
>
> If this is definitely just due to the file size then I guess it is not
> so big an issue unless people want to write some huge extensions.
> However, I just figured it might be worth a little bit of investigation.
>
> If there is anything specific you'd like me to do/test or if you'd like
> me to send you an example compiled DLL that fails on win2k3 then let me
> know.

As it relates to size, my only guess would be that somehow an incomplete
version of the DLL is being sent to the server.  Here's something to
try.

In lib/rex/post/meterpreter/client_core.rb inside load_library, there's
this block of code:

::File.open(library_path, 'rb') { |f|
   image = f.read
}

Try adding a $stdout.puts("#{image.length}") after that block.  Compare
the output to the size of the file.  If they mismatch, then we know this
is the problem.