PermissionError: [WinError 5] Access is denied

[nemesis7331]

Describe the bug Permission denied error when run

To Reproduce Steps to reproduce the behavior:

inceptor.py native HookDetector45.exe -o interceptor_test01.exe

[+] Native Artifact Generator Started At 2022-01-11 21:23:59.140182
[*] Phase 0: Loading...
[*] Phase 1: Converting binary into shellcode
  [>] Transformer: Donut
[*] Phase 2: Encoding
[*] Phase 3: Generating source files using CLASSIC
  [>] Phase 3.1: Writing CPP file in .\temp\tmpjm9e2zib.cpp
[*] Phase 4: EXE compilation and Signing
  [>] Phase 4.1: Compiling EXE...
Traceback (most recent call last):
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 249, in generate
    self.generate_wrapped()
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 292, in generate_wrapped
    self.compile_exe(shellcode)
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 201, in compile_exe
    status = self.compiler.compile([self.exe_writer.outfile] + self.obj_files)
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\compilers\Compiler.py", line 66, in compile
    output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 420, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 501, in run
    with Popen(*popenargs, **kwargs) as process:
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 966, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 1435, in _execute_child
    hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
PermissionError: [WinError 5] Access is denied

Debug Info: as mentioned in issue#29 i already tried this

.\obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
clang-cl: error: no input files

running with DEBUG=1

inceptor.py native messagebox_shellcode.raw -o int_msg.exe

[+] Native Artifact Generator Started At 2022-01-11 21:41:27.491180
[*] Phase 0: Loading...
[*] Phase 1: Converting binary into shellcode
  [>] Transformer: Loader
[*] Phase 2: Encoding
[*] Phase 3: Generating source files using CLASSIC
  [>] Phase 3.1: Writing CPP file in .\temp\tmptayar5px.cpp
[*] Phase 4: EXE compilation and Signing
  [>] Phase 4.1: Compiling EXE...
"C:\Users\test\Downloads\interceptor\inceptor\inceptor" x64 & ""  /permissive- /Bt+ /GS /W3 /Gy /Zi /Gm- /O2i /sdl /Zc:inline /Zc:wchar_t /fp:precise /D "NDEBUG" /D "_CONSOLE" /D "_UNICODE" /D "UNICODE" /errorReport:prompt /WX- /Zc:forScope /Gd /MD /FC /EHsc /nologo /diagnostics:column /Fe:"C:\Users\test\Downloads\interceptor\inceptor\inceptor\temp\int_msg-temp.exe"  "C:\Users\test\Downloads\interceptor\inceptor\inceptor\temp\tmptayar5px.cpp" /link
Traceback (most recent call last):
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 249, in generate
    self.generate_wrapped()
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 292, in generate_wrapped
    self.compile_exe(shellcode)
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\generators\NativeArtifactGenerator.py", line 201, in compile_exe
    status = self.compiler.compile([self.exe_writer.outfile] + self.obj_files)
  File "C:\Users\test\Downloads\interceptor\inceptor\inceptor\compilers\Compiler.py", line 66, in compile
    output = subprocess.check_output(cmd, stderr=subprocess.STDOUT)
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 420, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 501, in run
    with Popen(*popenargs, **kwargs) as process:
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 966, in __init__
    self._execute_child(args, executable, preexec_fn, close_fds,
  File "C:\Users\test\AppData\Local\Programs\Python\Python310\lib\subprocess.py", line 1435, in _execute_child
    hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
PermissionError: [WinError 5] Access is denied

Thanks a lot!

[klezVirus]

Hi @brn7331, in this case it's not related to the obfuscator as you're not using it. Have you run the update-config? Can you provide me with the config.ini file generated by the tool?

[nemesis7331]

Hi @klezVirus, I ran update-config.py, which generated the config.ini with the following content:

[COMPILERS]
vcvarsall = 
clx86_compiler = 
clx64_compiler = 
masmx86_compiler = 
masmx64_compiler = 
cscx86_compiler = C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
cscx64_compiler = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
clangx86_compiler = 
clangx64_compiler = 
llvmx86_compiler = C:\Users\test\Downloads\interceptor\inceptor\inceptor\obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
llvmx64_compiler = C:\Users\test\Downloads\interceptor\inceptor\inceptor\obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
msbuildx86_compiler = C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
msbuildx64_compiler = C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
libx64_compiler = 
libx86_compiler = 

[SIGNERS]
signtool_x86 = 
signtool_x64 = 

[DUMPERS]
dumpbin_x86 = 
dumpbin_x64 = 

[DIRECTORIES]
artifacts = artifacts
templates = templates\${MISC:release}
bypass = ${TEMPLATES}\amsi
antidebug = nodebug
powershell = ${TEMPLATES}\powershell
writer = temp
certificates = certs
native = ${TEMPLATES}\cpp
dotnet = ${TEMPLATES}\csharp
test = ${TEMPLATES}\testers
dll = ${TEMPLATES}\cpp\code_execution
obfuscators = obfuscators
syscalls = syscalls
syscalls_x86 = syscalls\syswhispersv2_x86\x86
encoders = encoders\implementations\${MISC:release}
libs = libs\public
modules = engine\modules

[OBFUSCATORS]
powershell = ${DIRECTORIES:obfuscators}\powershell
dotnet = ${DIRECTORIES:obfuscators}\dotnet
native = ${DIRECTORIES:obfuscators}\native

[SIGNING]
domain = www.microsoft.com

[PLACEHOLDERS]
shellcode = ####SHELLCODE####
code = //####CODE####
call = //####CALL####
using = //####USING####
define = //####DEFINE####
bypass = //####BYPASS####
antidebug = //####ANTIDEBUG####
unhook = //####UNHOOK####
args = //####ARGS####
delay = //####DELAY####
find_process = //####FIND_PROCESS####
shellcode_variable = encoded

[SYSCALLS]
syswhispers = 2

[MISC]
logo = 0
bypass_mode = 100
release = public

[DEBUG]
encoders = 1
compilers = 1
syswhispers = 1
obfuscators = 1
loaders = 1
utilities = 1
signers = 1
writer = 1

thanks

[klezVirus]

Yep, it seems that the tool cannot detect the location of the cl.exe compiler. Where you have it installed? It should be shipped by VS by default. So, the questions I need an answer to are:

1. Do you have Visual Studio istalled?
2. Is Visual Studio installed in the default location?
3. What is the version of Visual Studio installed?
4. While running python update-config.py, you get any error?

[nemesis7331]

I do not have a file named cl.exe on my system, I checked with the following command:

C:\>dir /s cl.exe
 Volume in drive C has no label.
 Volume Serial Number is 2ACA-784F
File Not Found

answering to your questions:

1. I have Visual Studio installed
2. Visual Studio is installed in the default location to my knowledge: C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\Common7\IDE
3. It is Visual Studio 2019, as the latest version (2022) had some issue during my tests
4. No errors, i ran it again, the output is below

[*] Identified multiple VS Installations
[*] Choose the Visual Studio Version:
  0: C:\Program Files (x86)\Microsoft Visual Studio\2019\
> 0
C:\Program Files (x86)\Microsoft Visual Studio\2019\
[*] Checking requirements
[+] .NET Framework is installed
[*] Checking Windows Build Tools
  [+] Located MSBUILD.EXE (32-bit) at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
  [+] Located MSBUILD.EXE (64-bit) at C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
[+] Setting COMPILERS.MSBUILDx86_COMPILER to C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\amd64\MSBuild.exe
[+] Setting COMPILERS.MSBUILDx64_COMPILER to C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Current\Bin\MSBuild.exe
[-] Windows Clang compiler not installed. Opening Microsoft Download site...
[*] Checking LLVM Obfuscate Toolchains
  [+] Located CLANG.EXE (LLVM-Obfuscate) at obfuscators\native\llvm-clang\llvm-clang\clang-cl.exe
[*] Checking Windows Code Signing Tools
[-] Windows Signing Tools not installed
[*] Checking Dumpbin
[-] Windows Dumpbin not installed
[*] Which logo would you like to see?
[*] Which logo would you like to see?
  0: No logo
  1: Name-only logo
  2: Not-so-cool logo
  3: Original logo
  > 0
[+] Finished!

[klezVirus]

So, if you miss CL.EXE, it probably means you've configured VS for .NET development but not for C/C++ development. This means you won't be able to compile anything with the default compiler, and should always use the LLVM compiler. This can be done by manually specifying the LLVM clang compiler -C llvm, or by setting the -O option (obfuscate). In alternative, you can run again the VS installer and add C/C++ toolchains.

Example:

python inceptor.py native HookDetector45.exe -o interceptor_test01.exe -C llvm

or

python inceptor.py native HookDetector45.exe -o interceptor_test01.exe -O