Comments (17)
but what is the content read into the the buffer?
from pe_to_shellcode.
Sorry !
After compiling to 64-bit, I used pe2sch.exe to generate shellcode, and finally read it in my buffer
this is my test code
Duplicate of #
#include <Windows.h>
int main(int argc, char** argv) {
HANDLE hProcess;
hProcess = GetCurrentProcess();
MessageBoxA(NULL, "Hello World", "Test", MB_OK);
ExitThread(0);
}
from pe_to_shellcode.
can you zip your payload, along with the loader, and attach it here? I will check...
I mean the compiled executables.
from pe_to_shellcode.
BTW - did you try to run the converted program with runshc64.exe
from the package?
https://github.com/hasherezade/pe_to_shellcode/releases/tag/v0.9
Are you sure that your loader is also compiled as 64 bit? If the loader has different bitness than the payload, for sure it will crash.
from pe_to_shellcode.
顺便说一句 - 您是否尝试
runshc64.exe
从包中运行转换后的程序? https://github.com/hasherezade/pe_to_shellcode/releases/tag/v0.9 您确定您的加载器也编译为 64 位吗?如果加载器的位数与有效载荷不同,它肯定会崩溃。
It can run normally without offset
from pe_to_shellcode.
from pe_to_shellcode.
well, of course it will not run with the offset, because adding the offset destroys the code alignment. it needs to run from the beginning. why do you need the offset?
from pe_to_shellcode.
I want to pass parameters through the first address
from pe_to_shellcode.
well, of course it will not run with the offset, because adding the offset destroys the code alignment. it needs to run from the beginning. why do you need the offset?
It won't crash under 32-bit program, why
from pe_to_shellcode.
well, of course it will not run with the offset, because adding the offset destroys the code alignment. it needs to run from the beginning. why do you need the offset?
Is there any way to solve the alignment problem
from pe_to_shellcode.
I want to pass parameters through the first address
you can't do it this way. and anyways those bytes that you changed at the beginning will not be passed to your main function.
from pe_to_shellcode.
I want to pass parameters through the first address
you can't do it this way. and anyways those bytes that you changed at the beginning will not be passed to your main function.
After I got the first address through VirtualQuery, I got my parameters
from pe_to_shellcode.
I want to pass parameters through the first address
you can't do it this way. and anyways those bytes that you changed at the beginning will not be passed to your main function.
After I got the first address through VirtualQuery, I got my parameters
The 32-bit program is the same as I thought, but I encountered this problem in the 64-bit program
from pe_to_shellcode.
I want to pass parameters through the first address
you can't do it this way. and anyways those bytes that you changed at the beginning will not be passed to your main function.
After I got the first address through VirtualQuery, I got my parameters
This is not a good way of passing parameters. Neither in 32 nor in 64 bit.
Also, by this way you are destroying the PE header of your payload, which may cause undefined behavior in some programs.
from pe_to_shellcode.
I want to pass parameters through the first address
you can't do it this way. and anyways those bytes that you changed at the beginning will not be passed to your main function.
After I got the first address through VirtualQuery, I got my parameters
This is not a good way of passing parameters. Neither in 32 nor in 64 bit. Also, by this way you are destroying the PE header of your payload, which may cause undefined behavior in some programs.
Do you have a good way?
from pe_to_shellcode.
There are various, ways, but for example:
https://docs.microsoft.com/en-us/windows/win32/memory/creating-named-shared-memory
from pe_to_shellcode.
There are various, ways, but for example: https://docs.microsoft.com/en-us/windows/win32/memory/creating-named-shared-memory
okay, thank you.
from pe_to_shellcode.
Related Issues (20)
- MSF support? HOT 1
- Your project can't inject to "OneDrive"! HOT 4
- access violation adding std HOT 6
- add a compress feature HOT 1
- Crash in golang HOT 2
- "Cannot open PyInstaller archive from executable" error HOT 6
- File packed with UPX crash and does not start HOT 9
- Access Violation with Avast AntiVirus HOT 4
- Support remote thread execution? HOT 8
- Request help, thanks HOT 2
- The PE must have relocations! HOT 2
- Generated shellcode is executable but not runnable with runshc64 HOT 4
- support exception handling
- Better readme? HOT 2
- rust x64 binary to shellcode ,and run the shellcode error HOT 2
- Hi HOT 1
- bug in code about the relocation
- How to pass the args to my executeable (shellcode) HOT 1
- Donut works but pe2shc does not HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pe_to_shellcode.