zblwtf
commented
8 months ago metoo
Open IgorAkimenk opened 8 months ago
zblwtf
commented
8 months ago metoo
IgorAkimenk
commented
8 months ago @zblwtf Any idea how to solve this? Why is this happening?
zblwtf
commented
7 months ago @IgorAkimenk When I was writing a meterpreter extension for the metasploit framework, I discovered that the latest version of meterpreter x86 uses ReflectiveLoader and also uses SysCall. It has similar ideas to SysWhispers3.
So you can take a look at the latest code base of metasploit framework to see the SysCall used by their latest ReflectiveLoader. The specific relevant code is in GateTrampoline32.asm DirectSyscall.c ReflectiveLoader.c.
zblwtf
commented
6 months ago it's okay just don't debug
klezVirus
commented
6 months ago Hi @zblwtf , @IgorAkimenk. I'm seeing this just now, may I have a command line to reproduce?
Si0uL
commented
3 weeks ago Hello, same issue here on W11 + VS 2022 / 143, I used the following command for generation:
py C:\tools\SysWhispers3\syswhispers.py --functions NtProtectVirtualMemory,NtWriteVirtualMemory,NtAllocateVirtualMemory --arch x86 --wow64 -o ..\syswhispers\syscalls_mem_x86Note that exact same code compiles on a Windows 10 machine.
klezVirus
commented
3 weeks ago Hi everyone, thanks for this. Going to test this out in the upcoming days
violation of access rights during execution at address 0x00000000