Closed nemesis7331 closed 2 years ago
Hi @brn7331, in this case it's not related to the obfuscator as you're not using it. Have you run the update-config? Can you provide me with the config.ini file generated by the tool?
Hi @klezVirus, I ran update-config.py, which generated the config.ini with the following content:
[COMPILERS]
vcvarsall =
clx86_compiler =
clx64_compiler =
masmx86_compiler =
masmx64_compiler =
cscx86_compiler = C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
cscx64_compiler = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
clangx86_compiler =
clangx64_compiler =
llvmx86_compiler = C:\Users\test\Downloads\interceptor\inceptor\inceptor\obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
llvmx64_compiler = C:\Users\test\Downloads\interceptor\inceptor\inceptor\obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
msbuildx86_compiler = C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
msbuildx64_compiler = C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
libx64_compiler =
libx86_compiler =
[SIGNERS]
signtool_x86 =
signtool_x64 =
[DUMPERS]
dumpbin_x86 =
dumpbin_x64 =
[DIRECTORIES]
artifacts = artifacts
templates = templates\${MISC:release}
bypass = ${TEMPLATES}\amsi
antidebug = nodebug
powershell = ${TEMPLATES}\powershell
writer = temp
certificates = certs
native = ${TEMPLATES}\cpp
dotnet = ${TEMPLATES}\csharp
test = ${TEMPLATES}\testers
dll = ${TEMPLATES}\cpp\code_execution
obfuscators = obfuscators
syscalls = syscalls
syscalls_x86 = syscalls\syswhispersv2_x86\x86
encoders = encoders\implementations\${MISC:release}
libs = libs\public
modules = engine\modules
[OBFUSCATORS]
powershell = ${DIRECTORIES:obfuscators}\powershell
dotnet = ${DIRECTORIES:obfuscators}\dotnet
native = ${DIRECTORIES:obfuscators}\native
[SIGNING]
domain = www.microsoft.com
[PLACEHOLDERS]
shellcode = ####SHELLCODE####
code = //####CODE####
call = //####CALL####
using = //####USING####
define = //####DEFINE####
bypass = //####BYPASS####
antidebug = //####ANTIDEBUG####
unhook = //####UNHOOK####
args = //####ARGS####
delay = //####DELAY####
find_process = //####FIND_PROCESS####
shellcode_variable = encoded
[SYSCALLS]
syswhispers = 2
[MISC]
logo = 0
bypass_mode = 100
release = public
[DEBUG]
encoders = 1
compilers = 1
syswhispers = 1
obfuscators = 1
loaders = 1
utilities = 1
signers = 1
writer = 1
thanks
Yep, it seems that the tool cannot detect the location of the cl.exe
compiler. Where you have it installed? It should be shipped by VS by default. So, the questions I need an answer to are:
python update-config.py
, you get any error?I do not have a file named cl.exe
on my system, I checked with the following command:
C:\>dir /s cl.exe
Volume in drive C has no label.
Volume Serial Number is 2ACA-784F
File Not Found
answering to your questions:
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE
[*] Identified multiple VS Installations
[*] Choose the Visual Studio Version:
0: C:\Program Files (x86)\Microsoft Visual Studio\2019\
> 0
C:\Program Files (x86)\Microsoft Visual Studio\2019\
[*] Checking requirements
[+] .NET Framework is installed
[*] Checking Windows Build Tools
[+] Located MSBUILD.EXE (32-bit) at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
[+] Located MSBUILD.EXE (64-bit) at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
[+] Setting COMPILERS.MSBUILDx86_COMPILER to C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
[+] Setting COMPILERS.MSBUILDx64_COMPILER to C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
[-] Windows Clang compiler not installed. Opening Microsoft Download site...
[*] Checking LLVM Obfuscate Toolchains
[+] Located CLANG.EXE (LLVM-Obfuscate) at obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
[*] Checking Windows Code Signing Tools
[-] Windows Signing Tools not installed
[*] Checking Dumpbin
[-] Windows Dumpbin not installed
[*] Which logo would you like to see?
[*] Which logo would you like to see?
0: No logo
1: Name-only logo
2: Not-so-cool logo
3: Original logo
> 0
[+] Finished!
So, if you miss CL.EXE
, it probably means you've configured VS for .NET development but not for C/C++ development. This means you won't be able to compile anything with the default compiler, and should always use the LLVM compiler. This can be done by manually specifying the LLVM clang compiler -C llvm
, or by setting the -O
option (obfuscate). In alternative, you can run again the VS installer and add C/C++ toolchains.
Example:
python inceptor.py native HookDetector45.exe -o interceptor_test01.exe -C llvm
or
python inceptor.py native HookDetector45.exe -o interceptor_test01.exe -O
Describe the bug Permission denied error when run
To Reproduce Steps to reproduce the behavior:
Debug Info: as mentioned in issue#29 i already tried this
running with DEBUG=1
Thanks a lot!