Closed cam-stalk closed 1 year ago
first of all, this only work with position-independent code, meaning the DLL file won't run already. the second issue I noticed, is that the loader isn't detecting the payload;
[+] Payload Is At 0x00007FFEEE1CA090 Of Size 47
I suppose the DLL file is not 47 bytes only, so are you making sure to replace the generated PayloadConfig
file with this one?
if not do as the usage suggest, and let me know the results
Oh shit... You are right. I forgot to replace PayloadConfig before compiling. Thank you
Hi. I've got an error [!] AES256_CBC_decrypt Failed (main.c:219) Generating PayloadConfig.pc: `PayloadBuilder.exe demon.dll
[i] Reading "demon.dll" ... [+] DONE
Debug output of rundll32.exe .\AtomLdr.dll Atom: `[#] AtomLdr.dll Is Called Via Command Line Tool, Running "ActualMain" From The Exported Function "Atom" [+] Payload Is At 0x00007FFEEE1CA090 Of Size 47
[i] Replacing .txt of ntdll.dll ...
[i] Replacing .txt of KERNEL32.DLL ...
[i] Replacing .txt of KERNELBASE.dll ...
[i] Replacing .txt of msvcrt.dll ...
[i] Replacing .txt of combase.dll ...
[i] Replacing .txt of ucrtbase.dll ...
[i] Replacing .txt of RPCRT4.dll ...
[i] Replacing .txt of shcore.dll ...
[i] Replacing .txt of imagehlp.dll ...
[i] Replacing .txt of USER32.dll ...
[i] Replacing .txt of GDI32.dll ...
[i] Replacing .txt of gdi32full.dll ...
[i] Replacing .txt of msvcp_win.dll ...
[i] Replacing .txt of SHELL32.dll ...
[i] Replacing .txt of IMM32.DLL ...
[i] Replacing .txt of MSCTF.dll ...
[i] Replacing .txt of OLEAUT32.dll ...
[i] Replacing .txt of sechost.dll ...
[i] Replacing .txt of advapi32.dll ...
[i] Replacing .txt of shlwapi.dll ...
Could you please help? Thanks