search

phra / PEzor

Open-Source Shellcode & PE Packer
https://iwantmore.pizza/posts/PEzor.html
GNU General Public License v3.0
1.81k stars 320 forks source link

Fix compilation issue #46

Closed phra closed 3 years ago

phra commented 3 years ago

see #45

iambajiraomastani commented 2 years ago

I am still facing this issue with latest version.

root@attacker-kali:/tools/PEzor-b1d1cb8871cbc3893ab3654cebe23a6fd2eaeb7d# PEzor -unhook -sgn -text /root/tweet_test/beacon.bin PEzor!! v3.0.3

Read the blog posts here: https://iwantmore.pizza/posts/PEzor.html https://iwantmore.pizza/posts/PEzor2.html https://iwantmore.pizza/posts/PEzor3.html https://iwantmore.pizza/posts/PEzor4.html Based on: https://github.com/TheWover/donut https://github.com/EgeBalci/sgn https://github.com/JustasMasiulis/inline_syscall https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher

[?] Unhook enabled [?] Final shellcode will be encoded with sgn [?] Payload will be put in .text section [?] Processing /root/tweet_test/beacon.bin [?] PE detected: /root/tweet_test/beacon.bin: PE32+ executable (DLL) (GUI) x86-64, for MS Windows [?] Building executable [?] Executing donut

[ Donut shellcode generator v0.9.3 (built Oct 6 2021 06:03:07) [ Copyright (c) 2019-2021 TheWover, Odzhan

[ Error : File is invalid. [?] Executing sgn

/ / () /__ / / _ ____ __ () (-</ \/ / '/ / __/ _/ / `/ / / _ \/ _/ / ///////_\_,/_/_,/ _, /_,/ ////_,// ========[Author:-Ege-Balcı-]====//=======v2.0.0========= ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻ (ノ ゜Д゜)ノ ︵ 仕方がない

2021/10/06 08:12:45 [MAIN] ERROR: open /tmp/shellcode.bin.donut: no such file or directory od: /tmp/shellcode.bin: No such file or directory /tools/PEzor/loader.c:437:10: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char ') [-Wpointer-to-int-cast] if (((DWORD)lpProcName & 0xFFFF0000) == 0x00000000) ^~~~~ /tools/PEzor/loader.c:443:43: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char ') [-Wpointer-to-int-cast] uiAddressArray += ((IMAGE_ORDINAL((DWORD)lpProcName) - pExportDirectory->Base) * sizeof(DWORD)); ^~~~~ /usr/x86_64-w64-mingw32/include/winnt.h:7220:48: note: expanded from macro 'IMAGE_ORDINAL'

define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)

                                           ^~~~~~~

/usr/x86_64-w64-mingw32/include/winnt.h:7191:35: note: expanded from macro 'IMAGE_ORDINAL64'

define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffffull)

                              ^~~~~~~

2 warnings generated. [!] Done! Check /root/tweet_test/beacon.bin.packed.exe: PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows

phra commented 2 years ago

@iambajiraomastani try -shellcode command line option instead.