Comments (8)
Hi @VoldeSec !
First of all I need to know more details to investigate what could possibly have cause it.
- Did your converted shellcode worked when you try to run it with the
runshc32/64
application? - What did you use for making the injection, did you try
injector32/64
from the package? BTW, it usesCreateRemoteThread
:pe_to_shellcode/injector/main.cpp
Line 47 in 0f60692
- What flags were set on the process into which you tried the injection?
- Are you 100% sure that the process and the payload had the same bitness?
from pe_to_shellcode.
Thanks @hasherezade ,
- Yes tried with runshc and it works perfectly fine.
- I am trying the module stomping, referenced to your another project "module_overloading". (already get rid of CFG). I will take a look on the injector and compare the difference.
- I am using the same flag with you above and input the implant entrypoint to the LPTHREAD_START_ROUTINE . But the process still failed to execute and crashed. Do i
- I already checked the memory and the payload had the exact same bitness in the target process e.g. calc.exe
Thank you again for your prompt response!
from pe_to_shellcode.
@VoldeSec - does it work if you try to inject the same shellcode to the same process, but using injector32/64
(from the pe2shc release package)?
from pe_to_shellcode.
@hasherezade Yes, it works by using the injector to inject (e.g. calc.exe and other PE to output file for PoC) remote process (i.e. cmd.exe)
from pe_to_shellcode.
I see, so if the shellcode works, and it can be injected with the original injector, then it seems to be a problem with your replacement injector. BTW, using module_overloading method for shellcode injection sounds odd, but I will need to analyze your code to really know what happens there.
from pe_to_shellcode.
I have invited you in wire for further discussion. I am glad if you have time to give recommendation on the code.
Thanks!
from pe_to_shellcode.
ok, I accepted your invite. Let's talk on Wire.
from pe_to_shellcode.
Related Issues (20)
- Compilation error HOT 2
- 64-bit programs will crash in this situation, why is this? HOT 17
- MSF support? HOT 1
- Your project can't inject to "OneDrive"! HOT 4
- access violation adding std HOT 6
- add a compress feature HOT 1
- Crash in golang HOT 2
- "Cannot open PyInstaller archive from executable" error HOT 6
- File packed with UPX crash and does not start HOT 9
- Access Violation with Avast AntiVirus HOT 4
- Request help, thanks HOT 2
- The PE must have relocations! HOT 2
- Generated shellcode is executable but not runnable with runshc64 HOT 4
- support exception handling
- Better readme? HOT 2
- rust x64 binary to shellcode οΌand run the shellcode error
- Hi HOT 1
- bug in code about the relocation
- How to pass the args to my executeable (shellcode) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pe_to_shellcode.