search

phra / PEzor

Open-Source Shellcode & PE Packer
https://iwantmore.pizza/posts/PEzor.html
GNU General Public License v3.0
1.81k stars 320 forks source link

Error with syscalls #72

Closed hawaii67 closed 2 years ago

hawaii67 commented 2 years ago

If I run

./PEzor.sh -sgn -unhook -antidebug -text -syscalls Payload.raw

I get the following error message:

PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void *, unsigned long, _OBJECT_ATTRIBUTES , void , void , void , unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST )>')

Version: < PEzor!! v3.1.2 >

Without the syscalls option it works fine.

Full error messages:

[] Input: /tmp/tmp.88gcJlbCLQ/shellcode.bin.donut [] Input Size: 715 [] Outfile: /tmp/tmp.88gcJlbCLQ/shellcode.bin [+] Final size: 818 [+] All done \(^O^)/ PEzor/loader.c:437:10: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char ') [-Wpointer-to-int-cast] if (((DWORD)lpProcName & 0xFFFF0000) == 0x00000000) ^~~~~ PEzor/loader.c:443:43: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char ') [-Wpointer-to-int-cast] uiAddressArray += ((IMAGE_ORDINAL((DWORD)lpProcName) - pExportDirectory->Base) sizeof(DWORD)); ^~~~~ /usr/x86_64-w64-mingw32/include/winnt.h:7286:48: note: expanded from macro 'IMAGE_ORDINAL'

define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)

                                           ^~~~~~~

/usr/x86_64-w64-mingw32/include/winnt.h:7257:35: note: expanded from macro 'IMAGE_ORDINAL64'

define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffffull)

                              ^~~~~~~

2 warnings generated.

PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void *, unsigned long, _OBJECT_ATTRIBUTES , void , void , void , unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST )>') status = INLINE_SYSCALL(NtCreateThreadEx)( ^~~~~~~~ PEzor/deps/inline_syscall/include/inline_syscall.hpp:26:5: note: expanded from macro 'INLINE_SYSCALL' INLINE_SYSCALL_MANUAL( \ ^~~~~~~~~~ PEzor/deps/inline_syscall/include/inline_syscall.hpp:44:5: note: expanded from macro 'INLINE_SYSCALL_MANUAL' ::jm::syscall_function<decltype(function_pointer)> { syscall_id } ^~~~~~~~~~~~~~~~~ PEzor/deps/inline_syscall/include/inline_syscall.hpp:70:18: note: candidate function not viable: no known conversion from 'void (void ()())' to 'void ' for 5th argument inline R operator()(Args... args) const noexcept; ^ 1 error generated.

phra commented 2 years ago

it seems related to https://github.com/JustasMasiulis/inline_syscall project.

implementing https://github.com/phra/PEzor/issues/26 would solve the issue.

phra commented 2 years ago

duplicate of #70