librex 0.0.42 → 0.0.43

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb

@@ -45,22 +45,38 @@ class DLL
 	attr_accessor :functions
 	attr_reader   :dll_path
 
-	def initialize(dll_path, client, win_consts) #
+	def initialize(dll_path, win_consts)
 		@dll_path = dll_path
-		@client = client
+
+		# needed by DLLHelper
 		@win_consts = win_consts
-		if( @client.platform =~ /x64/i )
-			@native = 'Q'
-		else
-			@native = 'V'
-		end
+
 		self.functions = {}
 	end
 
-	# adds a function to the DLL
+	def known_function_names 
+		return functions.keys
+	end
+	
+	def get_function(name)
+		return functions[name]
+	end
+
+	def call_function(func_symbol, args, client)
+		func_name = func_symbol.to_s
+
+		unless known_function_names.include? func_name 
+			raise "DLL-function #{func_name} not found. Known functions: #{PP.pp(known_function_names, '')}"
+		end
+
+		function = get_function(func_name)
+
+		return process_function_call(function, args, client)
+	end
+
 	# syntax for params:
-	# add_function("MessageBoxW",				 # name
-	#	"DWORD",			# return value
+	# add_function("MessageBoxW",   # name
+	#	"DWORD",                # return value
 	#	[["DWORD","hWnd","in"], # params
 	#	["PWCHAR","lpText","in"],
 	#	["PWCHAR","lpCaption","in"],
@@ -84,9 +100,16 @@ class DLL
 	private
 
 	# called when a function like "MessageBoxW" is called
-	def process_function_call(function, args)
+	def process_function_call(function, args, client)
 		raise "#{function.params.length} arguments expected. #{args.length} arguments provided." unless args.length == function.params.length
-		#puts "process_function_call(function.windows_name,#{PP.pp(args, "")})"
+
+		if( client.platform =~ /x64/i )
+			native = 'Q'
+		else
+			native = 'V'
+		end
+
+#puts "process_function_call(function.windows_name,#{PP.pp(args, "")})"
 
 		# We transmit the immediate stack and three heap-buffers:
 		# in, inout and out. The reason behind the separation is bandwidth.
@@ -114,14 +137,14 @@ class DLL
 				buffer_size = args[param_idx]
 				if param_desc[0] == "PDWORD"
 					# bump up the size for an x64 pointer
-					if( @native == 'Q' and buffer_size == 4 )
+					if( native == 'Q' and buffer_size == 4 )
 						args[param_idx] = 8
 						buffer_size = args[param_idx]
 					end
 
-					if( @native == 'Q' )
+					if( native == 'Q' )
 						raise "Please pass 8 for 'out' PDWORDS, since they require a buffer of size 8" unless buffer_size == 8
-					elsif( @native == 'V' )
+					elsif( native == 'V' )
 						raise "Please pass 4 for 'out' PDWORDS, since they require a buffer of size 4" unless buffer_size == 4
 					end
 				end
@@ -157,43 +180,43 @@ class DLL
 			if ["PDWORD", "PWCHAR", "PCHAR", "PBLOB"].include? param_desc[0]
 				#puts "   pointer"
 				if args[param_idx] == nil # null pointer?
-					buffer  = [0].pack(@native) # type: DWORD  (so the dll does not rebase it)
-					buffer += [0].pack(@native) # value: 0
+					buffer  = [0].pack(native) # type: DWORD  (so the dll does not rebase it)
+					buffer += [0].pack(native) # value: 0
 				elsif param_desc[2] == "in"
-					buffer  = [1].pack(@native)
-					buffer += [in_only_layout[param_desc[1]].addr].pack(@native)
+					buffer  = [1].pack(native)
+					buffer += [in_only_layout[param_desc[1]].addr].pack(native)
 				elsif param_desc[2] == "out"
-					buffer  = [2].pack(@native)
-					buffer += [out_only_layout[param_desc[1]].addr].pack(@native)
+					buffer  = [2].pack(native)
+					buffer += [out_only_layout[param_desc[1]].addr].pack(native)
 				elsif param_desc[2] == "inout"
-					buffer  = [3].pack(@native)
-					buffer += [inout_layout[param_desc[1]].addr].pack(@native)
+					buffer  = [3].pack(native)
+					buffer += [inout_layout[param_desc[1]].addr].pack(native)
 				else
 					raise "unexpected direction"
 				end
 			else
 				#puts "   not a pointer"
 				# it's not a pointer (LPVOID is a pointer but is not backed by railgun memory, ala PBLOB)
-				buffer = [0].pack(@native)
+				buffer = [0].pack(native)
 				case param_desc[0]
 					when "LPVOID", "HANDLE"
 						num     = param_to_number(args[param_idx])
-						buffer += [num].pack(@native)
+						buffer += [num].pack(native)
 					when "DWORD"
 						num     = param_to_number(args[param_idx])
-						buffer += [num % 4294967296].pack(@native)
+						buffer += [num % 4294967296].pack(native)
 					when "WORD"
 						num     = param_to_number(args[param_idx])
-						buffer += [num % 65536].pack(@native)
+						buffer += [num % 65536].pack(native)
 					when "BYTE"
 						num     = param_to_number(args[param_idx])
-						buffer += [num % 256].pack(@native)
+						buffer += [num % 256].pack(native)
 					when "BOOL"
 						case args[param_idx]
 							when true
-								buffer += [1].pack(@native)
+								buffer += [1].pack(native)
 							when false
-								buffer += [0].pack(@native)
+								buffer += [0].pack(native)
 							else
 								raise "param #{param_desc[1]}: true or false expected"
 						end
@@ -219,7 +242,7 @@ class DLL
 		request.add_tlv(TLV_TYPE_RAILGUN_DLLNAME, @dll_path )
 		request.add_tlv(TLV_TYPE_RAILGUN_FUNCNAME, function.windows_name)
 
-		response = @client.send_request(request)
+		response = client.send_request(request)
 
 		#puts "receiving Stuff from meterpreter"
 		#puts "out_only_layout:"
@@ -240,7 +263,7 @@ class DLL
 		#process return value
 		case function.return_type
 			when "LPVOID", "HANDLE"
-				if( @native == 'Q' )
+				if( native == 'Q' )
 					return_hash["return"] = rec_return_value
 				else
 					return_hash["return"] = rec_return_value % 4294967296
@@ -307,7 +330,7 @@ class DLL
 #		puts("
 #=== START of proccess_function_call snapshot ===
 #		{
-#			:platform => '#{@native == 'Q' ? 'x64/win64' : 'x86/win32'}',
+#			:platform => '#{native == 'Q' ? 'x64/win64' : 'x86/win32'}',
 #			:name => '#{function.windows_name}',
 #			:params => #{function.params},
 #			:return_type => '#{function.return_type}',
@@ -335,15 +358,6 @@ class DLL
 		return return_hash
 	end
 
-	# process_function_call
-
-	# we fake having methods like "MessageBoxW" by intercepting "method-not-found"-exceptions
-	def method_missing(func_symbol, *args)
-		func_name = func_symbol.to_s
-		raise "DLL-function #{func_name} not found. Known functions: #{PP.pp(@functions.keys, "")}" unless @functions.has_key? func_name
-		function = @functions[func_name]
-		return process_function_call(function, args)
-	end
 end
 
 end; end; end; end; end; end;

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb

@@ -18,7 +18,7 @@ class DLL::UnitTest < Test::Unit::TestCase
 
 	def test_add_function
 		mock_function_descriptions.each do |func|
-			dll = DLL.new(func[:dll_name], make_mock_client(func[:platform]), nil)
+			dll = DLL.new(func[:dll_name], nil)
 			dll.add_function(func[:name], func[:return_type], func[:params])
 
 			assert(dll.functions.has_key?(func[:name]),
@@ -26,14 +26,14 @@ class DLL::UnitTest < Test::Unit::TestCase
 		end
 	end
 
-	def test_method_missing
+	def test_call_function
 		mock_function_descriptions.each do |func|
 			client = make_mock_client(func[:platform], func[:request_to_client], func[:response_from_client])
-			dll = DLL.new(func[:dll_name], client, nil)
+			dll = DLL.new(func[:dll_name], nil)
 
 			dll.add_function(func[:name], func[:return_type], func[:params])
 
-			actual_returned_hash = dll.send(:method_missing, func[:name].to_sym, *func[:ruby_args])
+			actual_returned_hash = dll.call_function(func[:name].to_sym, func[:ruby_args], client)
 
 			assert(func[:returned_hash].has_key?('GetLastError'),
 				"process_function_call should add the result of GetLastError to the key GetLastError")

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb

@@ -28,10 +28,10 @@ class DLLHelper::UnitTest < Test::Unit::TestCase
 		# converts ruby string to zero-terminated ASCII string
 		zero_terminated_ascii_attempt = TEST_DLL_HELPER.str_to_ascii_z(original_string)
 
-		assert(zero_terminated_ascii_attempt.end_with?("\x00"), 
+		assert(zero_terminated_ascii_attempt  =~ /\x00$/, 
 			"str_to_ascii_z should result in a 0 terminated string")
 
-		assert(zero_terminated_ascii_attempt.start_with?(original_string), 
+		assert(zero_terminated_ascii_attempt =~ /^#{original_string}/, 
 			"str_to_ascii_z should still start with original string")
 
 		assert_equal(original_string.length + 1, zero_terminated_ascii_attempt.length, 
@@ -45,10 +45,10 @@ class DLLHelper::UnitTest < Test::Unit::TestCase
 
 		actual_string =  TEST_DLL_HELPER.asciiz_to_str(zero_terminated_string)
 
-		assert(actual_string.start_with?(target_string),
+		assert(actual_string =~ /^#{target_string}/,
 			"asciiz_to_str should preserve string before zero")
 
-		assert(!actual_string.end_with?(post_zero_noise),
+		assert(actual_string !~ /#{post_zero_noise}$/,
 			"asciiz_to_str should ignore characters after zero")
 
 		assert_equal(target_string, actual_string,
@@ -65,7 +65,7 @@ class DLLHelper::UnitTest < Test::Unit::TestCase
 		target_zero_terminated_unicode = Rex::Text.to_unicode(ruby_string) + "\x00\x00"
 		actual_zero_terminated_unicode = TEST_DLL_HELPER.str_to_uni_z(ruby_string)
 
-		assert(actual_zero_terminated_unicode.end_with?("\x00\x00"),
+		assert(actual_zero_terminated_unicode =~ /\x00\x00$/,
 			"str_to_uni_z should result in a double-zero terminated string")
 
 		assert_equal(target_zero_terminated_unicode, actual_zero_terminated_unicode,

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb

@@ -0,0 +1,26 @@
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+class DLLWrapper
+	attr_reader :_client, :_dll
+	
+	def initialize(dll, client)
+		@_dll    = dll
+		@_client = client
+	end
+
+	# For backwards compatability. People check if functions are added this way
+	# XXX: Depricate this
+	def functions
+		# warn 'Depricated.' 
+		_dll.functions
+	end
+
+	def method_missing(sym, *args)
+		_dll.call_function(sym, args, _client)
+	end
+end
+end; end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..','..','..','..','..', 'lib')) 
+
+require 'rex/post/meterpreter/extensions/stdapi/railgun/dll'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/mock_magic'
+require 'test/unit'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+class DLLWrapper::UnitTest < Test::Unit::TestCase
+
+	include MockMagic
+
+	def test_functions
+		mock_function_descriptions.each do |func|
+			client = make_mock_client(func[:platform], func[:request_to_client], func[:response_from_client])
+			dll = DLL.new(func[:dll_name], client)
+
+			dll_wrapper = DLLWrapper.new(dll, client)
+
+			# This represents how people check if a function doesn't exist
+			assert(!dll_wrapper.functions[func[:name]], 'Function non-existence can be chucked via .functions')
+
+			dll.add_function(func[:name], func[:return_type], func[:params])
+
+			# This represents how people check if a function exist
+			assert(dll_wrapper.functions[func[:name]], 'Function existence can be chucked via .functions')
+
+			actual_returned_hash = dll_wrapper.send(:method_missing, func[:name].to_sym, *func[:ruby_args])
+
+			assert_equal(func[:returned_hash], actual_returned_hash,
+				"method_missing should result in a successful call to specified function")
+		end
+	end
+
+	def test_method_missing
+		mock_function_descriptions.each do |func|
+			client = make_mock_client(func[:platform], func[:request_to_client], func[:response_from_client])
+			dll = DLL.new(func[:dll_name], client)
+
+			dll.add_function(func[:name], func[:return_type], func[:params])
+
+			dll_wrapper = DLLWrapper.new(dll, client)
+
+			actual_returned_hash = dll_wrapper.send(:method_missing, func[:name].to_sym, *func[:ruby_args])
+
+			assert_equal(func[:returned_hash], actual_returned_hash,
+				"method_missing should result in a successful call to specified function")
+		end
+	end
+end
+end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb

@@ -41,10 +41,10 @@ class MultiCaller
 
 		include DLLHelper
 		
-		def initialize( client, parent, win_consts )
-			@parent     = parent
-			@client     = client
-			@win_consts = win_consts
+		def initialize( client, parent )
+			@parent = parent
+			@client = client
+
 			if( @client.platform =~ /x64/i )
 				@native = 'Q'
 			else

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb

@@ -26,6 +26,10 @@
 # sf - Sept 2010 - Modified for x64 support and merged into the stdapi extension.
 #
 
+#
+# chao - June 2011 - major overhaul of dll lazy loading, caching, and bit of everything
+#
+
 require 'pp'
 require 'enumerator'
 
@@ -35,6 +39,7 @@ require 'rex/post/meterpreter/extensions/stdapi/railgun/util'
 require 'rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager'
 require 'rex/post/meterpreter/extensions/stdapi/railgun/multicall'
 require 'rex/post/meterpreter/extensions/stdapi/railgun/dll'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper'
 
 module Rex
 module Post
@@ -43,128 +48,180 @@ module Extensions
 module Stdapi
 module Railgun
 
+
 #
 # The Railgun class to dynamically expose the Windows API.
 #
 class Railgun
-	def initialize( client )
+	# If you want to add additional DLL definitions to be preloaded
+	# create a definition class 'rex/post/meterpreter/extensions/stdapi/railgun/def/'
+	# Naming is important and should follow convention.
+	# For example, if your dll's name was "my_dll"
+	#   file name   -  def_my_dll.rb
+	#   class name  -  Def_my_dll
+	#   entry below - 'my_dll'
+	BUILTIN_DLLS = [
+		'kernel32',
+		'ntdll',
+		'user32',
+		'ws2_32',
+		'iphlpapi',
+		'advapi32',
+		'shell32',
+		'netapi32',
+	].freeze
 
-		@client = client
-		@dll    = ::Hash.new
-		
-		@win_consts = WinConstManager.new()
-		
-		@constants_loaded = false
+	##
+	# dlls
+	#
+	# Returns a hash containing DLLs added to this instance with self.add_dll
+	# as well as references to any frozen cached dlls added directly in self.get_dll
+	# and copies of any frozen dlls (added directly with self.add_function) 
+	# that the user attempted to modify with self.add_function
+	#
+	# Keys are friendly DLL names and values are the corresponding DLL instance
+	attr_accessor :dlls
 
-		# Load the multi-caller
-		@multicaller = MultiCaller.new( @client, self, @win_consts )
+	##
+	# client
+	#
+	# Contains a reference to the client that corresponds to this instance of railgun
+	attr_accessor :client
 
-		# Load utility class
-		@util = Util.new( self, @client.platform )
-	end
+	##
+	# @@cached_dlls
+	#
+	# These DLLs are loaded lazily and then shared amongst all railgun instances.
+	# For safety reasons this variable should only be read/written within get_dll.
+	@@cached_dlls = {}
+
+	# if you are going to touch @@cached_dlls, wear protection
+	@@cache_semaphore = Mutex.new
 	
+	def initialize(client)
+		self.client = client
+		self.dlls = {}
+	end
+
+	def util
+		if @util.nil?
+			Util.new(self, client.platform)
+		end
+
+		return @util
+	end
+
+	def constant_manager
+		# Loads lazily
+		return ApiConstants.manager
+	end
+
 	# read data from a memory address on the host (useful for working with LPVOID parameters)
-	def memread( address, length )
+	def memread(address, length)
 	
-		raise "Invalid parameters." if( not address or not length )
+		raise "Invalid parameters." if(not address or not length)
 		
-		request = Packet.create_request( 'stdapi_railgun_memread' )
+		request = Packet.create_request('stdapi_railgun_memread')
 		
-		request.add_tlv( TLV_TYPE_RAILGUN_MEM_ADDRESS, address )
-		request.add_tlv( TLV_TYPE_RAILGUN_MEM_LENGTH, length )
+		request.add_tlv(TLV_TYPE_RAILGUN_MEM_ADDRESS, address)
+		request.add_tlv(TLV_TYPE_RAILGUN_MEM_LENGTH, length)
 
-		response = client.send_request( request )
-		if( response.result == 0 )
-			return response.get_tlv_value( TLV_TYPE_RAILGUN_MEM_DATA )
+		response = client.send_request(request)
+		if(response.result == 0)
+			return response.get_tlv_value(TLV_TYPE_RAILGUN_MEM_DATA)
 		end
 		
 		return nil
 	end
 	
 	# write data to a memory address on the host (useful for working with LPVOID parameters)
-	def memwrite( address, data, length )
+	def memwrite(address, data, length)
 	
-		raise "Invalid parameters." if( not address or not data or not length )
+		raise "Invalid parameters." if(not address or not data or not length)
 		
-		request = Packet.create_request( 'stdapi_railgun_memwrite' )
+		request = Packet.create_request('stdapi_railgun_memwrite')
 		
-		request.add_tlv( TLV_TYPE_RAILGUN_MEM_ADDRESS, address )
-		request.add_tlv( TLV_TYPE_RAILGUN_MEM_DATA, data )
-		request.add_tlv( TLV_TYPE_RAILGUN_MEM_LENGTH, length )
+		request.add_tlv(TLV_TYPE_RAILGUN_MEM_ADDRESS, address)
+		request.add_tlv(TLV_TYPE_RAILGUN_MEM_DATA, data)
+		request.add_tlv(TLV_TYPE_RAILGUN_MEM_LENGTH, length)
 
-		response = client.send_request( request )
-		if( response.result == 0 )
+		response = client.send_request(request)
+		if(response.result == 0)
 			return true
 		end
 		
 		return false
 	end
 	
-	# adds a function to an existing DLL-definition
+	# adds a function to an existing DLL-definition.
+	# if the DLL-definition is frozen (idealy this should be true for all cached dlls)
+	# an unfrozen copy is created and used henceforth for this instance. 
 	def add_function(dll_name, function_name, return_type, params, windows_name=nil)
-		raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(@dll.keys, "")}" unless @dll.has_key? dll_name
-		@dll[dll_name].add_function(function_name, return_type, params, windows_name)
+
+		unless known_dll_names.include?(dll_name)
+			raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(known_dll_names, "")}"
+		end
+
+		dll = get_dll(dll_name)
+
+		# For backwards compatibility, we ensure the dll is thawed 
+		if dll.frozen?
+			# dup will copy values, but not the frozen status
+			dll = dll.dup
+
+			# Update local dlls with the modifiable duplicate
+			dlls[dll_name] = dll
+		end
+
+		dll.add_function(function_name, return_type, params, windows_name)
 	end
 
 	# adds a function to an existing DLL-definition
 	# you can override the dll name if you want to include a path or the DLL name contains
 	# non-ruby-approved characters
-	def add_dll(dll_name, windows_name=nil)
-		raise "DLL #{dll_name} already exists. Existing DLLs: #{PP.pp(@dll.keys, "")}" unless not @dll.has_key? dll_name
-		if( windows_name == nil )
-			windows_name = dll_name
+	def add_dll(dll_name, windows_name=dll_name)
+
+		if dlls.has_key? dll_name
+			raise "A DLL of name #{dll_name} has already been loaded."
 		end
-		@dll[dll_name] = DLL.new(windows_name, @client, @win_consts)
+
+		dlls[dll_name] = DLL.new(windows_name, constant_manager)
 	end
 
-	def get_dll( dll_name )
-		# sf: we now lazy load the module definitions as needed to avoid the performance hit
-		#     to stdapi if we do it upon initilization (the user may never use railgun or else
-		#     require only a portion of the modules exposed by railgun so no need to pre load them)
-		if( not @dll.has_key?( dll_name ) )
-		
-			# the constants are also lazy loaded the first time we call const() or any API function...
-			if( not @constants_loaded )
-				ApiConstants.add_constants( @win_consts )
-				@constants_loaded = true
-			end
+	
+	def known_dll_names
+		return BUILTIN_DLLS | dlls.keys
+	end
 
-			case dll_name
-				when 'kernel32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32'
-					Def::Def_kernel32.add_imports(self)
-				when 'ntdll'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll'
-					Def::Def_ntdll.add_imports(self)
-				when 'user32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32'
-					Def::Def_user32.add_imports(self)
-				when 'ws2_32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32'
-					Def::Def_ws2_32.add_imports(self)
-				when 'iphlpapi'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi'
-					Def::Def_iphlpapi.add_imports(self)
-				when 'netapi32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32'
-					Def::Def_netapi32.add_imports(self)
-				when 'advapi32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32'
-					Def::Def_advapi32.add_imports(self)
-				when 'shell32'
-					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32'
-					Def::Def_shell32.add_imports(self)
-			end
-			
-			if( @dll.has_key?( dll_name ) )
-				return @dll[dll_name]
+	# Attempts to provide a DLL instance of the given name. Handles lazy loading and caching
+	# Note that if a DLL of the given name does not exist, then nil is returned
+	def get_dll(dll_name)
+
+		# If the DLL is not local, we now either load it from cache or load it lazily.
+		# In either case, a reference to the dll is stored in the collection "dlls"
+		# If the DLL can not be found/created, no actions are taken
+		unless dlls.has_key? dll_name
+			# We read and write to @@cached_dlls and rely on state consistency
+			@@cache_semaphore.synchronize do
+				if @@cached_dlls.has_key? dll_name
+					dlls[dll_name] = @@cached_dlls[dll_name]
+				elsif BUILTIN_DLLS.include? dll_name
+					# I highly doubt this case will ever occur, but I am paranoid
+					if dll_name !~ /^\w+$/
+						raise "DLL name #{dll_name} is bad. Correct Railgun::BUILTIN_DLLS"
+					end
+ 
+					require 'rex/post/meterpreter/extensions/stdapi/railgun/def/def_' << dll_name 
+                                        dll = Def.const_get('Def_' << dll_name).create_dll.freeze
+
+					@@cached_dlls[dll_name] = dll
+					dlls[dll_name] = dll
+				end
 			end
-			
-		else
-			return @dll[dll_name]
+
 		end
-		
-		return nil
+
+		return dlls[dll_name]
 	end
 	
 	# we fake having members like user32 and kernel32.
@@ -175,30 +232,28 @@ class Railgun
 	def method_missing(dll_symbol, *args)
 		dll_name = dll_symbol.to_s
 
-		self.get_dll( dll_name )
-		
-		raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(@dll.keys, "")}" unless @dll.has_key? dll_name
+		unless known_dll_names.include? dll_name
+			raise "DLL #{dll_name} not found. Known DLLs: #{PP.pp(known_dll_names, '')}"
+		end
 		
-		return @dll[dll_name]
+		dll = get_dll(dll_name)
+
+		return DLLWrapper.new(dll, client)
 	end
 
 	# Give the programmer access to constants
 	def const(str)
-		# the constants are also lazy loaded the first time we call const() or any API function...
-		if( not @constants_loaded )
-			ApiConstants.add_constants( @win_consts )
-			@constants_loaded = true
-		end
-		return @win_consts.parse(str)
+		return constant_manager.parse(str)
 	end
 
-	# The multi-call shorthand ( ["kernel32", "ExitProcess", [0]] )
+	# The multi-call shorthand (["kernel32", "ExitProcess", [0]])
 	def multi(functions)
-		@multicaller.call(functions)
-	end
+		if @multicaller.nil?
+			@multicaller = MultiCaller.new(client, self)
+		end
 
-	attr_accessor :client, :dll, :multicaller, :win_consts, :util
-	
+		return @multicaller.call(functions)
+	end
 end
 
 end; end; end; end; end; end