Add logging to file capabilities

c/meterpreter/source/common/common.h

@@ -70,7 +70,10 @@ typedef struct ___u128 {
 #undef X509_NAME
 
 #ifdef DEBUGTRACE
+#include "common_logging.h"
 #define dprintf(...) real_dprintf(__VA_ARGS__)
+#define INIT_LOGGING(metConfig) init_logging(metConfig->session.log_path);
+#define SET_LOGGING_CONTEXT(api) set_logging_context(api->logging.get_logging_context(), api->logging.get_lock());
 #if DEBUGTRACE == 1
 #define vdprintf dprintf
 #else
@@ -79,6 +82,8 @@ typedef struct ___u128 {
 #else
 #define dprintf(...) do{}while(0);
 #define vdprintf(...) do{}while(0);
+#define SET_LOGGING_CONTEXT(...)
+#define INIT_LOGGING(...)
 #endif
 
 /*! @brief Sets `dwResult` to the return value of `GetLastError()`, prints debug output, then does `break;` */
@@ -111,6 +116,9 @@ static _inline void real_dprintf(char *format, ...)
 	vsnprintf_s(buffer + len, sizeof(buffer)-len, sizeof(buffer)-len - 3, format, args);
 	strcat_s(buffer, sizeof(buffer), "\r\n");
 	OutputDebugStringA(buffer);
+#ifdef DEBUGTRACE
+	log_to_file(buffer);
+#endif
 	va_end(args);
 }
 

c/meterpreter/source/common/common_config.h

@@ -13,6 +13,7 @@
 #define PROXY_HOST_SIZE 128
 #define PROXY_USER_SIZE 64
 #define PROXY_PASS_SIZE 64
+#define LOG_PATH_SIZE 260 // https://docs.microsoft.com/en-us/windows/win32/fileio/maximum-file-path-limitation?tabs=cmd
 
 typedef wchar_t CHARTYPE;
 
@@ -33,6 +34,9 @@ typedef struct _MetsrvSession
 	int expiry;                           ///! The total number of seconds to wait before killing off the session.
 	BYTE uuid[UUID_SIZE];                 ///! UUID
 	BYTE session_guid[sizeof(GUID)];      ///! Current session GUID
+#ifdef DEBUGTRACE
+    CHARTYPE log_path[LOG_PATH_SIZE];      ///! Location to place the log file. Only set when msfconsole specifies MeterpreterDebugLogging
+#endif
 } MetsrvSession;
 
 typedef struct _MetsrvTransportCommon

c/meterpreter/source/common/common_logging.h

@@ -0,0 +1,10 @@
+#ifndef _METERPRETER_COMMON_LOGGING_H
+#define _METERPRETER_COMMON_LOGGING_H
+
+HANDLE init_logging(wchar_t* filePath);
+HANDLE get_logging_context();
+HANDLE get_lock();
+void set_logging_context(HANDLE ctx, HANDLE lock1);
+void log_to_file(char* buffer);
+
+#endif

c/meterpreter/source/common/common_metapi.h

@@ -159,6 +159,13 @@ typedef struct _ListApi
 	VOID(*destroy)(PLIST pList);
 } ListApi;
 
+#ifdef DEBUGTRACE
+typedef struct _LoggingApi
+{
+	HANDLE(*get_logging_context)();
+	HANDLE(*get_lock)();
+} LoggingApi;
+#endif
 typedef struct _MetApi
 {
     PacketApi packet;
@@ -172,6 +179,9 @@ typedef struct _MetApi
 	InjectApi inject;
 	DesktopApi desktop;
 	ListApi list;
+#ifdef DEBUGTRACE
+	LoggingApi logging;
+#endif
 } MetApi;
 
 extern MetApi* met_api;

c/meterpreter/source/extensions/espia/espia.c

@@ -28,6 +28,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote *remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all( customCommands );
 

c/meterpreter/source/extensions/extapi/extapi.c

@@ -51,6 +51,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all(customCommands);
 

c/meterpreter/source/extensions/incognito/incognito.c

@@ -222,6 +222,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all( customCommands );
 

c/meterpreter/source/extensions/kiwi/main.c

@@ -79,6 +79,7 @@ DWORD request_exec_cmd(Remote *remote, Packet *packet)
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	dprintf("[KIWI] Init server extension - initorclean");
 	mimikatz_initOrClean(TRUE);

c/meterpreter/source/extensions/lanattacks/lanattacks.c

@@ -182,6 +182,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all(customCommands);
 

c/meterpreter/source/extensions/peinjector/peinjector.c

@@ -28,6 +28,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote *remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all( customCommands );
 

c/meterpreter/source/extensions/powershell/powershell.c

@@ -35,6 +35,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	gRemote = remote;
 

c/meterpreter/source/extensions/priv/priv.c

@@ -34,6 +34,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all(customCommands);
 

c/meterpreter/source/extensions/python/python_main.c

@@ -62,6 +62,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all(customCommands);
 	gRemote = remote;
@@ -114,4 +115,5 @@ DWORD StagelessInit(UINT extensionId, const LPBYTE buffer, DWORD bufferSize)
 VOID CommandAdded(UINT commandId)
 {
 	binding_add_command(commandId);
-}
+}
+

c/meterpreter/source/extensions/sniffer/sniffer.c

@@ -744,6 +744,7 @@ DWORD request_sniffer_capture_dump(Remote *remote, Packet *packet)
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	dprintf("[SERVER] Registering command handlers...");
 	met_api->command.register_all(customCommands);

c/meterpreter/source/extensions/stdapi/server/stdapi.c

@@ -177,7 +177,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote *remote)
 {
 	met_api = api;
-
+	SET_LOGGING_CONTEXT(api);
 	met_api->command.register_all( customCommands );
 
 	return ERROR_SUCCESS;

c/meterpreter/source/extensions/unhook/unhook.c

@@ -43,6 +43,7 @@ Command customCommands[] =
 DWORD InitServerExtension(MetApi* api, Remote* remote)
 {
 	met_api = api;
+	SET_LOGGING_CONTEXT(api)
 
 	met_api->command.register_all(customCommands);
 

c/meterpreter/source/extensions/winpmem/winpmem.h

@@ -1,5 +1,6 @@
-#include "common.h"
-
+extern "C" {
+    #include "common.h"
+}
 #include <stdint.h>
 
 #include "tchar.h"

c/meterpreter/source/extensions/winpmem/winpmem_meterpreter.cpp

@@ -33,7 +33,8 @@ extern "C" {
 	DWORD InitServerExtension(MetApi* api, Remote* remote)
 	{
 		met_api = api;
-
+		SET_LOGGING_CONTEXT(api)
+
 		met_api->command.register_all(customCommands);
 
 		return ERROR_SUCCESS;

c/meterpreter/source/logging/logging.c

@@ -0,0 +1,43 @@
+#include "../common/common.h"
+
+HANDLE lock = NULL;
+HANDLE hFile = NULL;
+
+HANDLE init_logging(wchar_t* filePath) {
+	hFile = CreateFileW(filePath,                // name of the write
+		GENERIC_WRITE,          // open for writing
+		FILE_SHARE_DELETE | FILE_SHARE_READ | FILE_SHARE_WRITE,    // do share (7)
+		NULL,                   // default security
+		CREATE_ALWAYS,             // create new file always
+		FILE_ATTRIBUTE_NORMAL,  // normal file
+		NULL);                  // no attr. template
+	lock = CreateMutex(NULL, FALSE, NULL);
+
+	if (hFile == NULL) {
+		dprintf("[LOGGING] Logging to file failed to initialize");
+	}
+	return hFile;
+}
+
+void log_to_file(char* buffer) {
+	if (hFile) {
+		WaitForSingleObject(lock, INFINITE);
+
+		LPDWORD bytesWritten = 0;
+		WriteFile(hFile, buffer, (DWORD)strlen(buffer), bytesWritten, NULL);
+		ReleaseMutex(lock);
+	}
+}
+
+HANDLE get_logging_context() {
+	return hFile;
+}
+
+HANDLE get_lock() {
+	return lock;
+}
+
+void set_logging_context(HANDLE ctx, HANDLE lock1) {
+	hFile = ctx;
+	lock = lock1;
+}

c/meterpreter/source/metsrv/metapi.c

@@ -147,6 +147,13 @@ MetApi api_instance = {
 		list_shift,
 		list_destroy,
 	},
+#ifdef DEBUGTRACE
+		// LoggingApi
+	{
+		get_logging_context,
+		get_lock,
+	},
+#endif
 };
 
 MetApi* met_api = &api_instance;

c/meterpreter/source/metsrv/metsrv.c

@@ -16,6 +16,8 @@
 
 DWORD Init(MetsrvConfig* metConfig)
 {
+	INIT_LOGGING(metConfig)
+
 	// if hAppInstance is still == NULL it means that we havent been
 	// reflectivly loaded so we must patch in the hAppInstance value
 	// for use with loading server extensions later.

c/meterpreter/source/metsrv/server_setup.c

@@ -231,6 +231,10 @@ static void config_create(Remote* remote, LPBYTE uuid, MetsrvConfig** config, LP
 	memcpy(sess->uuid, uuid == NULL ? remote->orig_config->session.uuid : uuid, UUID_SIZE);
 	// session GUID should persist across migration
 	memcpy(sess->session_guid, remote->orig_config->session.session_guid, sizeof(GUID));
+#ifdef DEBUGTRACE
+	memcpy(sess->log_path, remote->orig_config->session.log_path, LOG_PATH_SIZE);
+
+#endif
 	if (remote->sess_expiry_end)
 	{
 		sess->expiry = remote->sess_expiry_end - current_unix_timestamp();

c/meterpreter/workspace/elevator/elevator.vcxproj

@@ -156,7 +156,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>DEBUGTRACE;WIN32;NDEBUG;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <BufferSecurityCheck>false</BufferSecurityCheck>
       <FunctionLevelLinking>false</FunctionLevelLinking>
@@ -281,7 +281,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile>
       <Optimization>MaxSpeed</Optimization>
       <IntrinsicFunctions>true</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <PreprocessorDefinitions>DEBUGTRACE;WIN32;NDEBUG;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
       <BufferSecurityCheck>false</BufferSecurityCheck>
       <FunctionLevelLinking>false</FunctionLevelLinking>
@@ -358,6 +358,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\elevator\elevator.c" />
     <ClCompile Include="..\..\source\elevator\namedpipeservice.c" />
     <ClCompile Include="..\..\source\elevator\tokendup.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\elevator\elevator.h" />

c/meterpreter/workspace/ext_server_espia/ext_server_espia.vcxproj

@@ -451,6 +451,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
   <ItemGroup>
     <ClCompile Include="..\..\source\extensions\espia\espia.c" />
     <ClCompile Include="..\..\source\extensions\espia\screen.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\espia\espia.h" />

c/meterpreter/workspace/ext_server_extapi/ext_server_extapi.vcxproj

@@ -450,6 +450,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\extapi\wmi.c" />
     <ClCompile Include="..\..\source\extensions\extapi\wmi_interface.cpp" />
     <ClCompile Include="..\..\source\extensions\extapi\wshelpers.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\extapi\adsi.h" />

c/meterpreter/workspace/ext_server_incognito/ext_server_incognito.vcxproj

@@ -454,6 +454,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\incognito\list_tokens.c" />
     <ClCompile Include="..\..\source\extensions\incognito\token_info.c" />
     <ClCompile Include="..\..\source\extensions\incognito\user_management.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <Choose>
     <When Condition="'$(Platform)'=='Win32'" />

c/meterpreter/workspace/ext_server_kiwi/ext_server_kiwi.vcxproj

@@ -613,6 +613,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
       <DisableSpecificWarnings Condition="'$(Configuration)|$(Platform)'=='r7_release|x64'">4756;%(DisableSpecificWarnings)</DisableSpecificWarnings>
       <DisableSpecificWarnings Condition="'$(Configuration)|$(Platform)'=='Release|x64'">4756;%(DisableSpecificWarnings)</DisableSpecificWarnings>
     </ClCompile>
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\kiwi\main.h" />

c/meterpreter/workspace/ext_server_lanattacks/ext_server_lanattacks.vcxproj

@@ -413,6 +413,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\lanattacks\dhcpserv.cpp" />
     <ClCompile Include="..\..\source\extensions\lanattacks\TFTPserv.cpp" />
     <ClCompile Include="..\..\source\extensions\lanattacks\lanattacks.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\lanattacks\dhcpserv.h" />

c/meterpreter/workspace/ext_server_peinjector/ext_server_peinjector.vcxproj

@@ -441,6 +441,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\peinjector\libpetool.c" />
     <ClCompile Include="..\..\source\extensions\peinjector\peinjector.c" />
     <ClCompile Include="..\..\source\extensions\peinjector\peinjector_bridge.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\peinjector\headers.h" />

c/meterpreter/workspace/ext_server_powershell/ext_server_powershell.vcxproj

@@ -445,6 +445,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\powershell\powershell_bindings.cpp" />
     <ClCompile Include="..\..\source\extensions\powershell\powershell_bridge.cpp" />
     <ClCompile Include="..\..\source\extensions\powershell\powershell_runner.cpp" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\powershell\powershell.h" />

c/meterpreter/workspace/ext_server_priv/ext_server_priv.vcxproj

@@ -545,6 +545,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\priv\priv.c" />
     <ClCompile Include="..\..\source\extensions\priv\service.c" />
     <ClCompile Include="..\..\source\extensions\priv\tokendup.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
   <ImportGroup Label="ExtensionTargets">

c/meterpreter/workspace/ext_server_python/ext_server_python.vcxproj

@@ -662,6 +662,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\python\python_commands.c" />
     <ClCompile Include="..\..\source\extensions\python\python_main.c" />
     <ClCompile Include="..\..\source\extensions\python\python_meterpreter_binding.c" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\python\Include\abstract.h" />

c/meterpreter/workspace/ext_server_sniffer/ext_server_sniffer.vcxproj

@@ -354,6 +354,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\$(TargetName)
     <ClCompile Include="..\..\source\extensions\sniffer\sniffer.c">
       <PrecompiledHeader>Create</PrecompiledHeader>
     </ClCompile>
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="..\..\source\extensions\sniffer\precomp.h" />

c/meterpreter/workspace/ext_server_stdapi/ext_server_stdapi.vcxproj

@@ -558,6 +558,7 @@ copy /y "$(TargetDir)$(TargetFileName)" "$(ProjectDir)..\..\output\"</Command>
     <ClCompile Include="..\..\source\extensions\stdapi\server\webcam\audio.c" />
     <ClCompile Include="..\..\source\extensions\stdapi\server\webcam\bmp2jpeg.c" />
     <ClCompile Include="..\..\source\extensions\stdapi\server\webcam\webcam.cpp" />
+    <ClCompile Include="..\..\source\logging\logging.c" />
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="..\..\source\extensions\stdapi\server\resource\stdapi.rc" />