itm4n
commented
4 years ago Hello,
I reproduced the conditions of your tests in my lab environement. I'm using Windows 10 Pro 64 bits + Office 2010 64 bits (only Word tested). All my tests were successfull:
- Macro in Main document +
cmd.exe-> OK - Macro in Main document +
powershell.exe-> OK - Macro in Module +
cmd.exe-> OK - Macro in Module +
powershell.exe-> OK
Issue 1: Invalid NT headers
This first issue is really weird, I've never encountered this before. The two initial checks are very simple. They consist in verifying a few magic bytes in the file to see if it's a PE.
Therefore I have no solution for you.
Issue 2: The "GetThreadContext()" issue
I'm well aware of this issue and implemented a workaround that seems to work quite reliably accross the diffrerent platforms I tested it on.
The problem is that, according to your screenshosts, you are not using the latest version of the macro.
So please retry after updating and let me know if there is any problem. If so, please enable the VERBOSE flag inside the macro before sending any output.
If you want to know more about the issue, please read the "Known issues" section of the README.
Hi, While trying VBA-RunPE, I've encountered these two issues:
Issue I) Invalid NT Headers When setting strSrcFile to "C:\Windows\System32\cmd.exe", the program displayed
Invalid NT Headerserror.Issue I) Then I decided to set strSrcFile to "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe", but this time I've got
Couldn't get thread context example codeerror.Environment: default windows 10 x64, Microsoft Word 2010 64 bits