Pizz33
commented
1 year ago 你好师傅,我在尝试运行时发生错误: shellcode:使用cs4.5生成,c和python版本,未选择x64.
环境 win10虚拟机 + go version go1.20.5 windows/amd64 win11 + go version go1.19.5 windows/386 均报错或无法正常执行。
尝试: 1.重启电脑,重启虚拟机 2.清除关掉杀软 3.尝试 Base85+XOR+RC4+hex/decodecs.go 与 参数加载/decode.go 以上尝试均失败
以上的尝试生成了三种错误,错误原因均定位到syscall.Syscall 请问应该如何解决或排查问题,谢谢?
详细错误信息 A.
执行解密后的二进制数据 Exception 0xc000001d 0x0 0x0 0x1d7dacd0006 PC=0x1d7dacd0006 runtime.cgocall(0x83fe20, 0x92f1a0) C:/Program Files/Go/src/runtime/cgocall.go:157 +0x4a fp=0xc00008bc10 sp=0xc00008bbd8 pc=0x7e38ea syscall.SyscallN(0x1d7dacd0000?, {0xc00008bca8?, 0x3?, 0x22?}) C:/Program Files/Go/src/runtime/syscall_windows.go:557 +0x109 fp=0xc00008bc88 sp=0xc00008bc10 pc=0x83b2e9 syscall.Syscall(0x8b09c8?, 0xc00000a018?, 0xc00008bea8?, 0x1?, 0x1?) C:/Program Files/Go/src/runtime/syscall_windows.go:495 +0x3b fp=0xc00008bcd0 sp=0xc00008bc88 pc=0x83b0bb main.main() C:/Users/ali/Desktop/go/GobypassAV-shellcode-main/Base85+XOR+RC4+hex/decodecs.go:82 +0x5af fp=0xc00008bf80 sp=0xc00008bcd0 pc=0x871e4f runtime.main() C:/Program Files/Go/src/runtime/proc.go:250 +0x1f7 fp=0xc00008bfe0 sp=0xc00008bf80 pc=0x815f97 runtime.goexit() C:/Program Files/Go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00008bfe8 sp=0xc00008bfe0 pc=0x83e501 goroutine 2 [force gc (idle)]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) C:/Program Files/Go/src/runtime/proc.go:381 +0xd6 fp=0xc000043fb0 sp=0xc000043f90 pc=0x8163b6 runtime.goparkunlock(...) C:/Program Files/Go/src/runtime/proc.go:387 runtime.forcegchelper() C:/Program Files/Go/src/runtime/proc.go:305 +0xb2 fp=0xc000043fe0 sp=0xc000043fb0 pc=0x8161d2 runtime.goexit() C:/Program Files/Go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000043fe8 sp=0xc000043fe0 pc=0x83e501 created by runtime.init.6 C:/Program Files/Go/src/runtime/proc.go:293 +0x25 goroutine 3 [GC sweep wait]: runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) C:/Program Files/Go/src/runtime/proc.go:381 +0xd6 fp=0xc000045f80 sp=0xc000045f60 pc=0x8163b6 runtime.goparkunlock(...) C:/Program Files/Go/src/runtime/proc.go:387 runtime.bgsweep(0x0?) C:/Program Files/Go/src/runtime/mgcsweep.go:278 +0x8e fp=0xc000045fc8 sp=0xc000045f80 pc=0x8010ee runtime.gcenable.func1() C:/Program Files/Go/src/runtime/mgc.go:178 +0x26 fp=0xc000045fe0 sp=0xc000045fc8 pc=0x7f6506 runtime.goexit() C:/Program Files/Go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000045fe8 sp=0xc000045fe0 pc=0x83e501 created by runtime.gcenable C:/Program Files/Go/src/runtime/mgc.go:178 +0x6b goroutine 4 [GC scavenge wait]: runtime.gopark(0xc000050000?, 0x8af638?, 0x1?, 0x0?, 0x0?) C:/Program Files/Go/src/runtime/proc.go:381 +0xd6 fp=0xc000057f70 sp=0xc000057f50 pc=0x8163b6 runtime.goparkunlock(...) C:/Program Files/Go/src/runtime/proc.go:387 runtime.(*scavengerState).park(0x92eaa0) C:/Program Files/Go/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc000057fa0 sp=0xc000057f70 pc=0x7feff3 runtime.bgscavenge(0x0?) C:/Program Files/Go/src/runtime/mgcscavenge.go:628 +0x45 fp=0xc000057fc8 sp=0xc000057fa0 pc=0x7ff5e5 runtime.gcenable.func2() C:/Program Files/Go/src/runtime/mgc.go:179 +0x26 fp=0xc000057fe0 sp=0xc000057fc8 pc=0x7f64a6 runtime.goexit() C:/Program Files/Go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000057fe8 sp=0xc000057fe0 pc=0x83e501 created by runtime.gcenable C:/Program Files/Go/src/runtime/mgc.go:179 +0xaa goroutine 5 [finalizer wait]: runtime.gopark(0x816732?, 0x1d7dabfbf18?, 0x0?, 0x0?, 0xc000047f70?) C:/Program Files/Go/src/runtime/proc.go:381 +0xd6 fp=0xc000047e28 sp=0xc000047e08 pc=0x8163b6 runtime.runfinq() C:/Program Files/Go/src/runtime/mfinal.go:193 +0x107 fp=0xc000047fe0 sp=0xc000047e28 pc=0x7f5567 runtime.goexit() C:/Program Files/Go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000047fe8 sp=0xc000047fe0 pc=0x83e501 created by runtime.createfing C:/Program Files/Go/src/runtime/mfinal.go:163 +0x45 rax 0x1d7dacd0000 rbx 0x92f1a0 rcx 0x0 rdi 0x1917ac000 rsi 0xc00008bc48 rbp 0x1d7dacd0006 rsp 0x1919ffcd0 r8 0x0 r9 0x0 r10 0xb01 r11 0xc0000b2000 r12 0x0 r13 0x0 r14 0xc000040000 r15 0x92eee0 rip 0x1d7dacd0006 rflags 0x10297 cs 0x33 fs 0x53 gs 0x2b exit status 2B.
mem: 15663104 Syscall执行 shellcode Exception 0xc0000096 0x0 0x0 0xef00db PC=0xef00db runtime.cgocall(0x9ade30, 0xac06d0) C:/Program Files (x86)/Go/src/runtime/cgocall.go:158 +0x58 fp=0x1146dd88 sp=0x1146dd70 pc=0x953518 syscall.SyscallN(0xef0000, {0x1146ddd0, 0x3, 0x3}) C:/Program Files (x86)/Go/src/runtime/syscall_windows.go:557 +0x11d fp=0x1146ddb4 sp=0x1146dd88 pc=0x9ab70d syscall.Syscall(0xef0000, 0x0, 0x0, 0x0, 0x0) C:/Program Files (x86)/Go/src/runtime/syscall_windows.go:495 +0x57 fp=0x1146dde0 sp=0x1146ddb4 pc=0x9ab4a7 main.main() E:/go/GobypassAV-shellcode-main/参数加载/decode.go:81 +0x833 fp=0x1146dfc4 sp=0x1146dde0 pc=0x9f99b3 runtime.main() C:/Program Files (x86)/Go/src/runtime/proc.go:250 +0x231 fp=0x1146dff0 sp=0x1146dfc4 pc=0x987901 runtime.goexit() C:/Program Files (x86)/Go/src/runtime/asm_386.s:1326 +0x1 fp=0x1146dff4 sp=0x1146dff0 pc=0x9ad1d1 goroutine 2 [force gc (idle)]: runtime.gopark(0xa1d4c8, 0xac00e8, 0x11, 0x14, 0x1) C:/Program Files (x86)/Go/src/runtime/proc.go:363 +0xff fp=0x11447fdc sp=0x11447fc8 pc=0x987cbf runtime.goparkunlock(...) C:/Program Files (x86)/Go/src/runtime/proc.go:369 runtime.forcegchelper() C:/Program Files (x86)/Go/src/runtime/proc.go:302 +0xc3 fp=0x11447ff0 sp=0x11447fdc pc=0x987b43 runtime.goexit() C:/Program Files (x86)/Go/src/runtime/asm_386.s:1326 +0x1 fp=0x11447ff4 sp=0x11447ff0 pc=0x9ad1d1 created by runtime.init.5 C:/Program Files (x86)/Go/src/runtime/proc.go:290 +0x23 goroutine 3 [GC sweep wait]: runtime.gopark(0xa1d4c8, 0xac01b0, 0xc, 0x14, 0x1) C:/Program Files (x86)/Go/src/runtime/proc.go:363 +0xff fp=0x11448fd4 sp=0x11448fc0 pc=0x987cbf runtime.goparkunlock(...) C:/Program Files (x86)/Go/src/runtime/proc.go:369 runtime.bgsweep(0x114121c0) C:/Program Files (x86)/Go/src/runtime/mgcsweep.go:278 +0x96 fp=0x11448fe8 sp=0x11448fd4 pc=0x972886 runtime.gcenable.func1() C:/Program Files (x86)/Go/src/runtime/mgc.go:178 +0x27 fp=0x11448ff0 sp=0x11448fe8 pc=0x964737 runtime.goexit() C:/Program Files (x86)/Go/src/runtime/asm_386.s:1326 +0x1 fp=0x11448ff4 sp=0x11448ff0 pc=0x9ad1d1 created by runtime.gcenable C:/Program Files (x86)/Go/src/runtime/mgc.go:178 +0x7c goroutine 4 [GC scavenge wait]: runtime.gopark(0xa1d4c8, 0xac0260, 0xd, 0x14, 0x2) C:/Program Files (x86)/Go/src/runtime/proc.go:363 +0xff fp=0x11449fb8 sp=0x11449fa4 pc=0x987cbf runtime.goparkunlock(...) C:/Program Files (x86)/Go/src/runtime/proc.go:369 runtime.(*scavengerState).park(0xac0260) C:/Program Files (x86)/Go/src/runtime/mgcscavenge.go:389 +0x5f fp=0x11449fcc sp=0x11449fb8 pc=0x97038f runtime.bgscavenge(0x114121c0) C:/Program Files (x86)/Go/src/runtime/mgcscavenge.go:617 +0x4b fp=0x11449fe8 sp=0x11449fcc pc=0x970a1b runtime.gcenable.func2() C:/Program Files (x86)/Go/src/runtime/mgc.go:179 +0x27 fp=0x11449ff0 sp=0x11449fe8 pc=0x9646f7 runtime.goexit() C:/Program Files (x86)/Go/src/runtime/asm_386.s:1326 +0x1 fp=0x11449ff4 sp=0x11449ff0 pc=0x9ad1d1 created by runtime.gcenable C:/Program Files (x86)/Go/src/runtime/mgc.go:179 +0xc1 goroutine 5 [finalizer wait]: runtime.gopark(0xa1d4c8, 0xae5dc4, 0x10, 0x14, 0x1) C:/Program Files (x86)/Go/src/runtime/proc.go:363 +0xff fp=0x11446f90 sp=0x11446f7c pc=0x987cbf runtime.goparkunlock(...) C:/Program Files (x86)/Go/src/runtime/proc.go:369 runtime.runfinq() C:/Program Files (x86)/Go/src/runtime/mfinal.go:180 +0xfb fp=0x11446ff0 sp=0x11446f90 pc=0x96398b runtime.goexit() C:/Program Files (x86)/Go/src/runtime/asm_386.s:1326 +0x1 fp=0x11446ff4 sp=0x11446ff0 pc=0x9ad1d1 created by runtime.createfing C:/Program Files (x86)/Go/src/runtime/mfinal.go:157 +0x54 eax 0xb ebx 0xac06d0 ecx 0xffffffff edx 0x1146dd6c edi 0x6ffa5c esi 0x696e6977 ebp 0xef000a esp 0x6ffa3c eip 0xef00db eflags 0x10296 cs 0x23 fs 0x53 gs 0x2b exit status 2C.
一直在运行中,能确认解密后的message与原payload一致。
可能是因为你选的payload问题,需要勾选x64,另外在cs的profile当中勾选二次下载,你试试这样行不
loseyourself1
你好师傅,我在尝试运行时发生错误: shellcode:使用cs4.5生成,c和python版本,未选择x64.
环境 win10虚拟机 + go version go1.20.5 windows/amd64 win11 + go version go1.19.5 windows/386 均报错或无法正常执行。
尝试: 1.重启电脑,重启虚拟机 2.清除关掉杀软 3.尝试 Base85+XOR+RC4+hex/decodecs.go 与 参数加载/decode.go 以上尝试均失败
以上的尝试生成了三种错误,错误原因均定位到syscall.Syscall 请问应该如何解决或排查问题,谢谢?
详细错误信息 A.
B.
C.
一直在运行中,能确认解密后的message与原payload一致。