search

BishopFox / sliver

Adversary Emulation Framework
GNU General Public License v3.0
8.6k stars 1.14k forks source link

COFFLoader x86 release 1.0.14 uses libgcc_s_dw2-1.dll #1716

Open ljgs-git opened 5 months ago

ljgs-git commented 5 months ago

Describe the bug Trying to use Coffloader (or any BOF-Extension) on x86 Windows will fail as sliver tries to load an unknown module (libgcc_s_dw2-1.dll) and errors.

To Reproduce Steps to reproduce the behavior:

  1. run coffloader on a session on x86 windows

Expected behavior Coffloader runs normally.

Objdump Working x64

└─$ objdump -x COFFLoader.x64.dll | grep dll
COFFLoader.x64.dll:     file format pei-x86-64
COFFLoader.x64.dll
        DLL Name: ADVAPI32.dll
        DLL Name: KERNEL32.dll
        DLL Name: msvcrt.dll
Name                            000000000000f032 COFFLoader.x64.dll
[  0](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x000000000000003a crtdll.c
[ 22](sec  3)(fl 0x00)(ty    0)(scl   3) (nx 1) 0x0000000000000830 .rdata$.refptr.__native_dllmain_reason
[ 75](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x000000000000005b dll.c
[499](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x000000000000020f dllentry.c
[1520](sec -1)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000000000000160 __dll_characteristics__
[1523](sec  2)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000000000000000 __mingw_module_is_dll
[1574](sec -1)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000000000000000 __dll__
[1582](sec  2)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000000000000234 __native_dllmain_reason
[1689](sec  3)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000000000000830 .refptr.__native_dllmain_reason

Broken x86

└─$ objdump -x COFFLoader.x86.dll | grep dll
COFFLoader.x86.dll:     file format pei-i386
COFFLoader.x86.dll
        DLL Name: ADVAPI32.dll
        DLL Name: KERNEL32.dll
        DLL Name: msvcrt.dll
        DLL Name: libgcc_s_dw2-1.dll
Name                            0000d032 COFFLoader.x86.dll
[  0](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x00000024 crtdll.c
[ 56](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x00000046 dll.c
[439](sec -2)(fl 0x00)(ty    0)(scl 103) (nx 1) 0x000001cf dllentry.c
[1505](sec -1)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x00000140 __dll_characteristics__
[1540](sec  7)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x00000688 _libgcc_s_dw2_1_dll_iname
[1553](sec -1)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x00000000 __dll__
[1614](sec  7)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x0000003c __head_libgcc_s_dw2_1_dll
[1649](sec  2)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x00000000 ___mingw_module_is_dll
[1651](sec  2)(fl 0x00)(ty    0)(scl   2) (nx 0) 0x00000148 ___native_dllmain_reason
ljgs-git commented 2 months ago

Seems to be a build pipeline issue. I built the 1.0.14 on my machine and the library is not linked. Maybe try rebuilduing it?