Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error using syscalls #22

Closed
hawaii67 opened this issue Dec 1, 2020 · 9 comments · Fixed by #24
Closed

Error using syscalls #22

hawaii67 opened this issue Dec 1, 2020 · 9 comments · Fixed by #24
Labels
regression

Comments

@hawaii67
Copy link

hawaii67 commented Dec 1, 2020

This is the command I use :

PEzor.sh -sgn -unhook -antidebug -text -syscalls -sleep=120 mimikatz.exe -z 2

and I get these errors:

In file included from /root/scripts/_AV/PEzor/inject.cpp:7: In file included from /root/scripts/_AV/PEzor/deps/inline_syscall/include/in_memory_init.hpp:20: /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:35:27: error: no type named 'uint32_t' in namespace 'std' inline constexpr std::uint32_t hash(const char* str) noexcept ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:37:14: error: no type named 'uint32_t' in namespace 'std' std::uint32_t value = 2166136261; ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:45:38: error: no type named 'uint32_t' in namespace 'std' value = static_cast<std::uint32_t>((value ^ c) * 16777619ull); ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:49:15: error: use of undeclared identifier 'syscall_entry_full' constexpr syscall_entry_full::syscall_entry_full(std::uint32_t hash_) noexcept ^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:49:68: error: use of undeclared identifier 'hash_'; did you mean 'hash'? constexpr syscall_entry_full::syscall_entry_full(std::uint32_t hash_) noexcept ^~~~~ hash /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:35:36: note: 'hash' declared here inline constexpr std::uint32_t hash(const char* str) noexcept ^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:58:23: error: no type named 'uint32_t' in namespace 'std' template<std::uint32_t Hash> ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:61:42: error: unknown type name 'JM_INLINE_SYSCALL_ENTRY_TYPE' "_sysc")]] inline static JM_INLINE_SYSCALL_ENTRY_TYPE entry{ Hash }; ^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:77:9: error: no type named 'int32_t' in namespace 'std' JM_INLINE_SYSCALL_STUB(std::uint32_t id) ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:30:40: note: expanded from macro 'JM_INLINE_SYSCALL_STUB' JM_INLINE_SYSCALL_FORCEINLINE std::int32_t syscall(__VA_ARGS__) noexcept ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:77:37: error: no type named 'uint32_t' in namespace 'std' JM_INLINE_SYSCALL_STUB(std::uint32_t id) ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:30:56: note: expanded from macro 'JM_INLINE_SYSCALL_STUB' JM_INLINE_SYSCALL_FORCEINLINE std::int32_t syscall(__VA_ARGS__) noexcept ^~~~~~~~~~~ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:87:18: error: no type named 'int32_t' in namespace 'std' std::int32_t status; ~~~~~^ /root/scripts/_AV/PEzor/deps/inline_syscall/include/inline_syscall.hpp:102:9: error: no type named 'int32_t' in namespace 'std' JM_INLINE_SYSCALL_STUB(std::uint32_t id, T1 _1) . . . .

Can anybody help please?
@hawaii67
Copy link
Author

hawaii67 commented Dec 2, 2020

Ok, I found that inline_syscall.hpp seems to be the culprit.
It has been modified 11 days ago. With an old version it seems to work (I took a backuped copy of the deps directory).
So running install.sh now should cause the same problem.
Can anybody confirm please?

@Grem25
Copy link

Grem25 commented Dec 7, 2020

@hawaii67 I can confirm you that using the old inline_syscall.hpp file from his original repo located there

https://github.com/JustasMasiulis/inline_syscall/blob/master/include/inline_syscall.hpp

It's working well.

@hawaii67
Copy link
Author

hawaii67 commented Dec 7, 2020

Thank you Grem25 !

@phra phra mentioned this issue Dec 9, 2020
Closed
phra added a commit that referenced this issue Dec 9, 2020
@phra
lock to last working inline_syscall commit
5310956 
will fix #22
will fix #23
@phra phra mentioned this issue Dec 9, 2020
Merged
@phra
Copy link
Owner

phra commented Dec 9, 2020

i have sent this PR #24, can you check that it works for you?

@phra phra added the regression label Dec 9, 2020
@hawaii67
Copy link
Author

Sorry, not working.

git checkout 24238544b510d8f85ca38de3a43bc41fa8cfe380 brings this error mesage:

fatal: reference is not a tree: 24238544b510d8f85ca38de3a43bc41fa8cfe380

@phra
Copy link
Owner

phra commented Dec 10, 2020
edited

delete the deps/inline_syscall folder before re-running the script.

@hawaii67
Copy link
Author

Beleive me, I did:

./install.sh

Hit:1 http://dl.google.com/linux/chrome/deb stable InRelease
Hit:2 https://linux.teamviewer.com/deb stable InRelease
Hit:3 https://deb.nodesource.com/node_8.x jessie InRelease
Hit:4 https://download.docker.com/linux/debian buster InRelease
Get:5 https://packages.microsoft.com/ubuntu/16.04/prod xenial InRelease [4,003 B]
Hit:6 https://packages.microsoft.com/repos/microsoft-debian-stretch-prod stretch InRelease
Hit:8 https://download.sublimetext.com apt/stable/ InRelease
Get:7 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease [30.5 kB]
Get:10 https://packages.microsoft.com/ubuntu/16.04/prod xenial/main amd64 Packages [175 kB]
Hit:9 https://packagecloud.io/firstlookmedia/code/debian bullseye InRelease
Get:11 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main amd64 Packages [17.0 MB]
Get:12 http://ftp.halifax.rwth-aachen.de/kali kali-rolling/main i386 Packages [16.9 MB]
Fetched 34.1 MB in 5s (7,354 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
24 packages can be upgraded. Run 'apt list --upgradable' to see them.
Reading package lists... Done
Building dependency tree
Reading state information... Done
autotools-dev is already the newest version (20180224.1).
build-essential is already the newest version (12.8).
clang is already the newest version (1:9.0-49.1).
cmake is already the newest version (3.18.4-1).
cowsay is already the newest version (3.03+dfsg2-8).
git is already the newest version (1:2.29.2-1).
golang is already the newest version (2:1.15~1).
libcapstone-dev is already the newest version (4.0.1+really+3.0.5-2+b1).
libssl-dev is already the newest version (1.1.1h-1).
mingw-w64 is already the newest version (8.0.0-1).
mono-devel is already the newest version (6.8.0.105+dfsg-3).
unzip is already the newest version (6.0-25).
wget is already the newest version (1.20.3-1+b3).
0 upgraded, 0 newly installed, 0 to remove and 24 not upgraded.
Cloning into 'inline_syscall'...
remote: Enumerating objects: 8, done.
remote: Counting objects: 100% (8/8), done.
remote: Compressing objects: 100% (8/8), done.
remote: Total 85 (delta 3), reused 0 (delta 0), pack-reused 77
Receiving objects: 100% (85/85), 26.80 KiB | 784.00 KiB/s, done.
Resolving deltas: 100% (42/42), done.
fatal: reference is not a tree: 24238544b510d8f85ca38de3a43bc41fa8cfe380
`

@phra
Copy link
Owner

phra commented Dec 10, 2020

cd inline_syscall was missing.

@hawaii67
Copy link
Author

Perfect. It Works. Thank you.

@phra phra closed this as completed in #24 Dec 11, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
regression
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Lock to last working inline_syscall commit phra/PEzor
3 participants
@phra @hawaii67 @Grem25