Comments (31)
the error code is returned by i added GetLastError()
from libpeconv.
can you describe more about when exactly do you get this error?
is it at compilation time? which file is missing?
or is it when you deploy run_pe.exe
with the paths to the target and to the payload?
please attach screenshots illustrating the problem.
from libpeconv.
from libpeconv.
This is not a compilation error, it may be an error related to the access to the file, or related with fact that it uses ANSI paths.
Try to check if the normal CreateFileA
can open the same file.
Compile and test this snippet and tell me what output it gives you:
https://gist.github.com/hasherezade/78747fc724e68f055630882600eecc2b#file-main-cpp
from libpeconv.
from libpeconv.
and when i use the snippet, it always output "OK" although the file is not exist, i don't know why, and i add a function GetFileSize in suitable place, i return -1, below is the screenshot
from libpeconv.
the system what i use is commando from fireeye, it is a little different from win10, but i have tested on a normal win10, it still remain me "Cannot open the file! (3)"
from libpeconv.
sorry, I forgot to add a check for attributes. please try to run the new version of the snippet: https://gist.github.com/hasherezade/78747fc724e68f055630882600eecc2b#file-main-cpp
from libpeconv.
it also always output "Can't open: .\xxx.exe : INVALID_FILE_ATTRIBUTES" whether the file exist or not, below are the screenshots
the abc.exe and the putty_x64.exe are in the same dir with the ConsoleApplication1.exe
from libpeconv.
i have adjusted the params of the CreateFileA() to the other normal form, but it also have the same output
from libpeconv.
ok. Can you try a unicode version?
https://gist.github.com/hasherezade/78747fc724e68f055630882600eecc2b#file-wmain-cpp
Maybe the path encoding is the problem.
from libpeconv.
yes, it's correct this time
when the files are not exist, it return
"Can't open: .\hello.exe : INVALID_FILE_ATTRIBUTES
Can't open: .\world.exe : INVALID_FILE_ATTRIBUTES"
when the files are exist, it return
"OK: ., attributes: 20
OK: .\putty_x64.exe, attributes: 20"
but the payload_path name only be read the first character when the file is exist
below is the screen
the current dir only have putty_x64.exe and abc.exe
from libpeconv.
i also have a problem, why the run_pe64.exe that you provided is valid, but the run_pe64.exe that i compiled is invalid, is it because my compile method?
from libpeconv.
Please check if the recent patch fixed the problem. If not, please check if those builds work for you:
run_pe32_64.zip
from libpeconv.
i download the latest code, compile it, it output "Incompatibile target subsystem!" this time, the subsystem of my payload is console, and the subsystem of this loader is also console
from libpeconv.
i try to commented the below code in run_pe.cpp
/*
if (payload_subs != IMAGE_SUBSYSTEM_WINDOWS_GUI //only a payload with GUI subsystem can be run by both GUI and CLI
&& target_subs != payload_subs)
{
printf("Incompatibile target subsystem!\n");
return false;
}
*/
but it will popup
from libpeconv.
and those builds you did recently also output "Incompatibile target subsystem!", but once again, the original builds can work correctly
from libpeconv.
You should not comment out this code! It is an important compatibility check! It is here for a valid purpose. If it passed to this stage, it means the original issue of not opening file is solved.
The "Incompatibile target subsystem!" is not a bug. It is just an info that your payload is incompatible with your target. You must use a payload with a GUI subsystem if you want to inject into a target with a GUI subsystem (such as calc). For checking a subsystem use a PE viewer such as PE-bear.
Check the Optional Header -> Subsystem in both payload and a target (the default target is calc):
If the subsystem of the payload is "Windows console", it just cannot be injected into target with subsystem "Windows GUI". The check that you commented out is meant to inform you about it, and prevent from further problems.
from libpeconv.
In some cases, you can enforce payload to be still injected, just by changing its subsystem in the header. In the past my loader was doing it, but it was causing problems in some cases, so I removed it. If you really want to try, you can change the target's subsystem manually in the PE editor (such as PE-bear) and it should work. Just change the value from 3 to 2. But only if you are sure that you want it.
In general is better to choose a different target instead.
from libpeconv.
BTW if you read the line that you commented out, you will find the same explanation as above:
//only a payload with GUI subsystem can be run by both GUI and CLI
from libpeconv.
i read the explanation, so i commented it, what i understand is "a GUI subsystem can be run by both GUI and CLI, and a CLI subsystem can only be run by CLI subsytem" :)
i was a little foolish...
Is it only the GUI subsystem can be inject to both GUI and CLI subsystem, the CLI subsystem can't be inject to either GUI or CLI subsystem?
from libpeconv.
thank you very much really for your help so far :)
from libpeconv.
Unfortunately it is not transitive. Payload with with GUI subsystem has lesser limitations, and can be injected to both GUI and CLI.
So:
GUI payload -> GUI or CLI target
CLI payload -> CLI target (only)
from libpeconv.
i have change my payload from console to GUI, and it can be inject successfully, thank you again brother
from libpeconv.
I'm glad that it worked, and thank you for reporting an issue with file opening! And input like yours is invaluable to make my tools better, so, thanks! :)
from libpeconv.
before i commented the below code
/*
if (payload_subs != IMAGE_SUBSYSTEM_WINDOWS_GUI //only a payload with GUI subsystem can be run by both GUI and CLI
&& target_subs != payload_subs)
{
printf("Incompatibile target subsystem!\n");
return false;
}
*/
and i choose svchost.exe as the target (i think it's console subsystem, because it has no GUI)
it also failed
but now i know the svchost.exe is GUI subsystem
thanks for your tool PE-bear
from libpeconv.
is there any windows utility is console subsystem?
from libpeconv.
is there any windows utility is console subsystem?
Try: C:\Windows\bfsvc.exe
from libpeconv.
Also:
C:\Windows\System32\PATHPING.exe
C:\Windows\System32\PING.exe
C:\Windows\System32\print.exe
C:\Windows\System32\qprocess.exe
There are some. PE-bear will help you to find more ;)
from libpeconv.
thanks a lot, my payload can be inject to c:\windows\bfsvc.exe successfully
from libpeconv.
cool! so, if all is sorted out, I think it's time to close this topic.
from libpeconv.
Related Issues (20)
- Compiler error when building with MinGW (2) HOT 2
- Import table with empty blocks interpreted as wrong
- issue with load_pe_module HOT 6
- Compiling on Linux HOT 6
- pe_unmapper Drag & Drop menu bat wrapper
- Can't use library HOT 2
- A .NET file is invalidly detected as mapped
- Tls Callbacks HOT 2
- Import table with no relaction blocks are seen as "status": -1 HOT 8
- Manual mapping a DLL in another process HOT 1
- initterm crash when loading unreal engine binaries HOT 1
- Process hiving - stripped relocs. HOT 1
- Start windows 7 notepad.exe fail HOT 2
- Enable logs HOT 3
- Greek_To_me.bin? HOT 2
- [Bug] Access Violation bugs & Integer Overflows HOT 3
- Provide builds of pe_unmapper via GitHub releases HOT 3
- Problem loading some built-in Windows PEs HOT 1
- What is the state of the library? HOT 4
- Loading an EXE from a DLL HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libpeconv.