kyleavery
commented
2 years ago Can you tell me more about the test environment? OS, architecture, loaded CNA scripts, loader implementation (how is memory allocated, written, executed).
Closed timwhitez closed 2 years ago
kyleavery
commented
2 years ago Can you tell me more about the test environment? OS, architecture, loaded CNA scripts, loader implementation (how is memory allocated, written, executed).
timwhitez
commented
2 years ago win10, cs4.7, x64, example.profile, only load aceldr.cna, use runshc64.exe from https://github.com/hasherezade/pe_to_shellcode/releases/tag/v1.1 to execute the stageless bin
kyleavery
commented
2 years ago The problem is here: https://github.com/hasherezade/pe_to_shellcode/blob/4badc3b769ce7c1ceb6f2d098516bfca82ecd94d/loader_v2/peloader.cpp#L174
This loader appears to cast the shellcode as a function pointer, executes it, and then returns. As stated in the readme, AceLdr is not compatible with loaders that rely on the shellcode thread staying alive. Try adding a WaitForSingleObject((HANDLE)-1,INFINITE); below that line to keep the loader from exiting.
timwhitez
commented
2 years ago i will try later, thank you so much!
timwhitez
commented
2 years ago it works well. btw, i can't build the raw petoshellcode project, but i build a new shellcode loader by golang to test this
execute the stageless shellcode and just exit