search

TheWover / donut

Generates x86, x64, or AMD64+x86 position-independent shellcode that loads .NET Assemblies, PE files, and other Windows payloads from memory and runs them with parameters
BSD 3-Clause "New" or "Revised" License
3.61k stars 637 forks source link

Shellcode from Rust binaries do not work very well. #75

Closed trickster0 closed 3 years ago

trickster0 commented 4 years ago

Hello,

So i have been trying to make shellcode from rust binaries, but unfortunately it acts quite weird. I have tried all options about changing arch, adding or removing entropy or add -z but it results in these weird issues where even a simple hello world application will not work. It might work partially sometimes and then crash like show below from cmd. To clarify the below attempts are from EXACTLY the same shellcode file, i did not generate it with different options for every time i ran it below. If you need any help for compiling in rust or anything hit me up in twitter @trickster012

C:\Users\test\Desktop>f:\runsc.exe -f C:\Users\test\Desktop\test.bin -x

[ run shellcode v0.2 [ reading code from C:\Users\test\Desktop\test.bin [ executing code...thread panicked while processing panic. aborting.

C:\Users\test\Desktop>f:\runsc.exe -f C:\Users\test\Desktop\test.bin -x

[ run shellcode v0.2 [ reading code from C:\Users\test\Desktop\test.bin [ executing code...Hello, world!

C:\Users\test\Desktop>f:\runsc.exe -f C:\Users\test\Desktop\test.bin -x

[ run shellcode v0.2 [ reading code from C:\Users\test\Desktop\test.bin [ executing code...thread panicked while processing panic. aborting.

C:\Users\test\Desktop>f:\runsc.exe -f C:\Users\test\Desktop\test.bin -x

[ run shellcode v0.2 [ reading code from C:\Users\test\Desktop\test.bin [ executing code...thread panicked while processing panic. aborting.

TheWover commented 3 years ago

To be clear, this is the same shellcode from the same binary every time?

I am not very familiar with Rust. Does it use a runtime / VM? If you are getting different results every time you run the shellcode maybe it is because something in the runtime is doing some multi-threaded logic that has a race condition, etc.

trickster0 commented 3 years ago

Yes this is the same shellcode. There is really no easy answer to this. Google though says "Does Rust have a runtime? Not in the typical sense used by languages such as Java, but parts of the Rust standard library can be considered a “runtime”, providing a heap, backtraces, unwinding, and stack guards. There is a small amount of initialization code that runs before the user's main function."

I am quite the beginner in rust, so i don't know much about its internals.

halrick13 commented 1 year ago

i am a bit late, but got the solution : you need to put whole rust code in unsafe( ) mode

Hello-xBugs commented 1 year ago

May I ask how you solved it in x64 rust binary

lovelyjuice commented 1 month ago

Use windows-gnu instead of msvc. https://github.com/hasherezade/pe_to_shellcode/issues/38#issuecomment-1620432184