phra
commented
2 years ago @Kucharskov can you try to force 64-bit architecture with -64 option and see if it works?
Closed Kucharskov closed 12 months ago
phra
commented
2 years ago @Kucharskov can you try to force 64-bit architecture with -64 option and see if it works?
Kucharskov
commented
2 years ago Thanks for response. I also forced 64-bit architesture as you suggested but still, the created .exe wont work:
C:\Users\M.Kucharskov\Desktop\Wymiana>test.exe
Starting notepad.exe
C:\Users\M.Kucharskov\Desktop\Wymiana>test.exe.packed.exe
C:\Users\M.Kucharskov\Desktop\Wymiana>test.exe.packed64.exeDo you have any other suggestions? Im not expert but i suggest you, to try install PEzor using install.sh on clear VM and check if it works for you.
phra
commented
2 years ago @Kucharskov it should be quite easy to update the cpp source with debug statements in order to find out what is going wrong (allocation going fine, thread created, etc)
Kucharskov
commented
2 years ago Strange... @phra. I just add #define _DEBUG_ in all .h or .hpp files (cus i cannot find another way to enable already DEGUB lines) and i still didnt get any output. Could you a little lead me where and how i should debug these problem?
I found a way to got standard DEBUG output by setting DEBUG=true in .sh file. Thats the default output: https://pastebin.com/dVs73tnE
After analyze it it looks like these log didnt contain any problem. Still trying to find someting usefull but it looks like PEzor works okay... but crated packed.exe doesnt :/
Kucharskov
commented
2 years ago Temporary sollution: Im suggesting to use the https://hub.docker.com/r/thekingofduck/pezor docker image which have working wersion of PEzor with all at-that-time dependencies correctly installed. This version is a little bit old but thats ONLY PEzor docker image which works for me.
foxhaunt
commented
2 years ago Temporary sollution: Im suggesting to use the https://hub.docker.com/r/thekingofduck/pezor docker image which have working wersion of PEzor with all at-that-time dependencies correctly installed. This version is a little bit old but thats ONLY PEzor docker image which works for me.
How it works? Shoud I start the docker with a volume and interactive?
Kucharskov
commented
2 years ago Hi @foxhaunt! Just start the docker interactive with mapped volume, like:
sudo docker run -v /directory/on/host:/directory/on/docker -it thekingofduck/pezor /bin/bash
Then you can use PEzor.sh from /opt or /PEzor (i didint remember, just check)
foxhaunt
commented
2 years ago Hi @foxhaunt! Just start the docker interactive with mapped volume, like:
sudo docker run -v /directory/on/host:/directory/on/docker -it thekingofduck/pezor /bin/bashThen you can use PEzor.sh from /opt or /PEzor (i didint remember, just check)
Yes I did it like that. You were right. Docker version is the only version which works well. I had the same problem like you. The packed exe didn't work and harm my testing VM. Thanks.
ghost
commented
2 years ago Hi! As i mentioned in #73 im trying to fix PEzor because it will be the main tool which i want to use in my master thesis ;)
I already fix:
* Problem with installation by changing 37line in install.sh to: `go install github.com/EgeBalci/sgn@latest &&` * Problem with SYSCALLS Type Conversion Error using fix from [SYSCALLS Type Conversion Error #64](https://github.com/phra/PEzor/issues/64)After that i created a small C# app which just starts notepad.exe:
using System; using System.Diagnostics; namespace ConsoleApp1 { class Program { static void Main(string[] args) { Console.WriteLine("Starting notepad.exe"); Process.Start("notepad.exe"); } } }Then im trying to use PEzor to obfuscate it:
┌──(root💀kali)-[/home/kali/Tools/PEzor] └─# ./PEzor.sh -sgn -unhook -antidebug -text -sleep=1 test.exe -z 2 (logo stripped) [?] Final shellcode will be encoded with sgn [?] Unhook enabled [?] Anti-debug enabled [?] Payload will be put in .text section [?] Waiting 1 seconds before executing the payload [?] Processing test.exe [?] PE detected: test.exe: PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows [?] Building executable [?] Executing donut [ Donut shellcode generator v0.9.3 (built Apr 13 2022 10:17:43) [ Copyright (c) 2019-2021 TheWover, Odzhan [ Instance type : Embedded [ Module file : "test.exe" [ Entropy : Random names + Encryption [ Compressed : aPLib (Reduced by 58%) [ File type : .NET EXE [ Target CPU : x86+amd64 [ AMSI/WDLP : continue [ PE Headers : overwrite [ Shellcode : "/tmp/tmp.HKc29PdaD7/shellcode.bin.donut" [ Exit : Thread [?] Executing sgn __ _ __ __ _ ___ / / (_) /_____ _/ /____ _ ___ ____ _ ___ ___ _(_) (_-</ _ \/ / '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ / /___/_//_/_/_/\_\\_,_/\__/\_,_/ \_, /\_,_/ /_//_/\_,_/_/ ========[Author:-Ege-Balcı-]====/___/=======v2.0.0========= ┻━┻ ︵ヽ(`Д´)ノ︵ ┻━┻ (ノ ゜Д゜)ノ ︵ 仕方がない [*] Input: /tmp/tmp.HKc29PdaD7/shellcode.bin.donut [*] Input Size: 29526 [*] Outfile: /tmp/tmp.HKc29PdaD7/shellcode.bin [+] Final size: 29680 [+] All done \(^O^)/ /home/kali/Tools/PEzor/inject.cpp:257:17: warning: cast between incompatible calling conventions 'cdecl' and 'stdcall'; calls through this pointer may abort at runtime [-Wcast-calling-convention] (LPTHREAD_START_ROUTINE)executor, ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /home/kali/Tools/PEzor/inject.cpp:71:6: note: consider defining 'executor' with the 'stdcall' calling convention void executor(void (*shellcode)(void)) { ^ __attribute__((stdcall)) 1 warning generated. [!] Done! Check test.exe.packed.exe: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS WindowsUnless after trying to run created test.exe.packed.exe theres no output and notepad.exe wont show. Maybe im using it wrong? Its very strange that my friend have old installation of PEzor and the same app with the same command after obfuscation works properely.
Im assume that due chagnes in sgn, go and other dependencies fresh installation of (even fixed) PEzor is broken. Lets talk @phra how to fix it. Please, do not close my issue too fast. I want to use exactly that tool in my master thesis :)
Regards!
i have a problem error inject.cpp too
phra
commented
12 months ago please have a look at the updated master branch that should work on latest kali. if not, feel free to reopen this.
Hi! As i mentioned in #73 im trying to fix PEzor because it will be the main tool which i want to use in my master thesis ;)
I already fix:
go install github.com/EgeBalci/sgn@latest &&After that i created a small C# app which just starts notepad.exe:
Then im trying to use PEzor to obfuscate it:
Unless after trying to run created test.exe.packed.exe theres no output and notepad.exe wont show. Maybe im using it wrong? Its very strange that my friend have old installation of PEzor and the same app with the same command after obfuscation works properely.
Im assume that due chagnes in sgn, go and other dependencies fresh installation of (even fixed) PEzor is broken. Lets talk @phra how to fix it. Please, do not close my issue too fast. I want to use exactly that tool in my master thesis :)
Regards!