Closed 2Trepidatious closed 2 months ago
hi @2Trepidatious ! Thank you for sharing, I will look into it as soon as I get some free time.
I have been unable to successfully run a PIC executable compiled to x86. This includes my own code as well as the example code provided at the end of the documentation.
@2Trepidatious - I just checked quickly my example code, and TBH I didn't have any problems running it. My system is Windows 10 Enterprise (10.0.19045). The resulting shellcode (plus the executable) that I've got is attached below:
And this is how it looks in action. The Python script knocks to the ports in a particular order, and the shellcode does exactly what it is supposed to, sending the expected response, and exiting upon the sequence completion:
As I understood you have problems with this particular demo, right? So please check it out and let me know if it works for you. I will check your code soon, and let you know.
@2Trepidatious - ok. so I refactored your code a bit - mostly the initialization of the functions (I tried not to interfere in it more than necessarily). Here is the snippet: https://gist.github.com/hasherezade/26f3ae0316337cf97e04bd0b578cea50 Check it out, it should work now. I tested it and it worked for me.
Attaching the shellcode: issue32_A.zip
Thank you. That works.
Developing on a windows 10 VM and following the instructions as closely as I am able, I have been unable to successfully run a PIC executable compiled to x86. This includes my own code as well as the example code provided at the end of the documentation. While the example code doesn't run at all for me, I have been able to run my executable, but the
send()
function fails with error10045 WSAEOPNOTSUPP
. The non-pic version of the executable runs just fine, as well as when I compile the executable to x64 without any changes to the source code. I've taken apart the exe in a disassembler and can see where the path of execution diverges within thesend()
function as a result of a single value saved to the stack not being0
. Manually setting this value to0
causes the function to execute as expected. I have yet to trace the stack frames back far enough to find out where this value is coming from, but I was hoping posting here would allow me to get a second pair of eyes on my code and compilation process.Below is my own simple server code that I am trying to compile to x86. I have tried both WINAPI and PASCAL FAR for the calling conventions of the networking functions.
I compile the code as below, using the x86 version of the VCVars bat file loaded into my environment:
The output from my code being executed is below:
I'm building masm_shc as so: