phra
commented
3 years ago i am trying to debug the issue but on linux but I am having some difficulties to generate a debug build of the loader with mingw (after generating the debug loader and transform it to a C header file with exe2h, I could not get any output at all when injected)
to debug it I have initially used the following executable to inject and to confirm that the command line was not updating after the first injection:
#include <windows.h>
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE prevInstance, LPSTR lpCmdLine, int nShowCmd)
{
LPWSTR *szArgList;
int argCount;
szArgList = CommandLineToArgvW(GetCommandLine(), &argCount);
if (szArgList == NULL)
{
MessageBox(NULL, L"Unable to parse command line", L"Error", MB_OK);
return 10;
}
for(int i = 0; i < argCount; i++)
{
MessageBox(NULL, szArgList[i], L"Arglist contents", MB_OK);
}
LocalFree(szArgList);
return 0;
}
Hello, I am doing some experiments with donut and reflective execution. I noticed in my tests that if you inject multiple times a payload with a different command line, only the first invocation of SetCommandLineW seems to work while the later ones seem to not have any effect at all. For example, if I inject mimikatz with the options '"coffee" "exit"' and run it I would get the correct output, but if I regenerate the payload with '"answer" "exit"' and re-inject it in the very same process I would still get the coffee ascii picture. Of course, if I inject the payload in different, untouched process, I would get the correct 42 answer. Any idea of what can cause its behaviour and how to eventually fix it?
Thanks!