search

hasherezade / pe_to_shellcode

Converts PE into a shellcode
https://www.youtube.com/watch?v=WQCiM0X11TA
BSD 2-Clause "Simplified" License
2.39k stars 433 forks source link

runshc #7

Closed moaeddy closed 4 years ago

moaeddy commented 5 years ago

your pe coverter has limitations but i was able to get from https://github.com/daVinci13/Exe2shell . when testing converted with runshc to check converted PE it keep crashing but showing

[] Reading module from: shell.txt [] Running the shellcode:

any idea why this happened?

hasherezade commented 5 years ago

hi! I am not sure if I understand you correctly, so just let me recap:

  1. you wanted to convert some executable into a shellcode (which one?)
  2. pe2shc refused to convert (what error did it show? did it crash? please paste a screenshot)
  3. since the pe2shc has failed, you tried to do the conversion with the help of another application: Exe2shellc, which, in your opinion, was supposed to have analogical functionality to pe2shc
  4. you tried to run the output from Exe2shell with the help of runshc from pe_to_shellcode package, and you got a crash

It seems to me that there was a misunderstanding on your side: Exe2shell does NOT have analogical functionality to pe2shc. What Exe2shell does, is just encoding any supplied file into hex (check this script - it is extremely simple). In contrast, pe2shc does not convert anything to hex - it just alters the functionality of the PE file: adding the stub that can load the PE as a shellcode. Due to this conditions, when you supplied the hex file to runshc, it just loaded this file and redirected execution to this. The file started executing - but it has no sense, so it crashed. The crash was not in the runshc - this application did what it was supposed to, just the input was garbage. Summing up, it is not a bug, it is just a misunderstanding of the functionality.

moaeddy commented 5 years ago

pe2shc doesn't support .Net and it request a native file to have relocations before can be converted which kinda hard to get. and thank you for such explanation

hasherezade commented 5 years ago

Yes, it is true that the .NET files are not supported. They are different than native executables, so they cannot be loaded in the same way. They may be supported in the future, but it will require additional work. Regarding files without relocations - they will never be supported, just because of the way they work. A file without relocations has just too big limitations - it can be loaded only at its predefined base address. A shellcode that cannot be injected at any random base does not make much sense.

rudytruyens commented 4 years ago

I'm trying to get it compiled first using cmake and then make on a windows 10 machine. Get one error after another.

for now i'm stuck here: [100%] Building CXX object CMakeFiles/pe2shc.dir/main.cpp.obj << was unexpected at this time. mingw32-make.exe[2]: [CMakeFiles\pe2shc.dir\main.cpp.obj] Error 255 mingw32-make.exe[1]: [CMakeFiles\pe2shc.dir\all] Error 2 mingw32-make.exe: *** [all] Error 2

Total Build Time: 00:00:01

I don't know what i'm doing wrong. can you put a VS sollution on github?

hasherezade commented 4 years ago

@rudytruyens - please make a new issue for a new problem, rather than writing in the existing issue that is irrelevant. BTW - it seems that you just configured it wrongly with the CMake.