search

hasherezade / masm_shc

A helper utility for creating shellcodes. Cleans MASM file generated by MSVC, gives refactoring hints.
MIT License
156 stars 30 forks source link

memory access violation with knock.cpp at function rot13 #6

Closed Frago9876543210 closed 2 years ago

Frago9876543210 commented 2 years ago 
cl /c /GS- /FA knock.cpp
masm_shc.exe knock.asm knock_cleaned_file.asm
ml64 knock_cleaned_file.asm /link /entry:main

E:\masm_shc\demos>.\knock_cleaned_file.exe || echo %errorlevel%
-1073741819

>>> hex(-1073741819 & 0xff_ff_ff_ff)
'0xc0000005'

UPD:

7FF704DC1486: The instruction at 0x7FF704DC1486 referenced memory at 0x7FF704DC11FC. The memory could not be written -> 00007FF704DC11FC (exc.code c0000005, tid 13788)

.text:00007FF704DC1486 mov     [rcx], al
; Line 162
    mov rax, QWORD PTR i$1[rsp]
    mov rcx, QWORD PTR str$[rsp]
    add rcx, rax
    mov rax, rcx
    movsx   eax, BYTE PTR [rax]
    sub eax, 13
    mov rcx, QWORD PTR i$1[rsp]
    mov rdx, QWORD PTR str$[rsp]
    add rdx, rcx
    mov rcx, rdx
    mov BYTE PTR [rcx], al
Frago9876543210 commented 2 years ago

looks like exe memory is only r-x, fixed with /section flag

cl /c /GS- /FA knock.cpp
masm_shc.exe knock.asm knock_cleaned_file.asm
ml64 knock_cleaned_file.asm /link /entry:main /section:.text,ERW