SYSCALLS Type Conversion Error

Klendath commented 2 years ago

Function inject_shellcode_self in inject.cpp doesn't properly call NtCreateThreadEx when SYSCALLS is defined.

ERROR:

PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void *, unsigned long, _OBJECT_ATTRIBUTES , void , void , void , unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST )>')

FIX:

    #elif SYSCALLS
        status = INLINE_SYSCALL(NtCreateThreadEx)(
            phThread,
            THREAD_ALL_ACCESS,
            nullptr,
            (HANDLE)-1,
            (void*)executor,   //<----------------CHANGE THIS LINE (Cast to void  pointer)
            allocation,
            THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER,
            0,
            0,
            0,
            nullptr);

        if (NT_FAIL(status) || !*phThread)
        {
            #ifdef _DEBUG_
            wprintf(L"ERROR: NtCreateThreadEx = 0x%x\n", status);
            #endif
            return NULL;
        }

phra commented 2 years ago

hello! thanks for the comment, do you mind sending a PR with the fix? thanks!

Klendath commented 2 years ago

Thanks for the reply. PR submitted.

On Fri, Apr 22, 2022 at 11:23 AM Francesco Soncina @.***> wrote:

hello! thanks for the comment, do you mind sending a PR with the fix? thanks!

— Reply to this email directly, view it on GitHub https://github.com/phra/PEzor/issues/64#issuecomment-1106670959, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMYXLWGL7YGLFSBZR3Z5VNTVGLG77ANCNFSM5G7LP22Q . You are receiving this because you authored the thread.Message ID: @.***>

phra commented 12 months ago

please have a look at the new updated master branch and reopen is stil applicable.

phra / PEzor

SYSCALLS Type Conversion Error #64