Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with syscalls #72

Closed
hawaii67 opened this issue Mar 30, 2022 · 2 comments
Closed

Error with syscalls #72

hawaii67 opened this issue Mar 30, 2022 · 2 comments

Comments

@hawaii67
Copy link

hawaii67 commented Mar 30, 2022
edited

If I run

./PEzor.sh -sgn -unhook -antidebug -text -syscalls Payload.raw

I get the following error message:

PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void **, unsigned long, _OBJECT_ATTRIBUTES *, void *, void *, void *, unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST *)>')

Version:
< PEzor!! v3.1.2 >

Without the syscalls option it works fine.

Full error messages:

[] Input: /tmp/tmp.88gcJlbCLQ/shellcode.bin.donut
[] Input Size: 715
[*] Outfile: /tmp/tmp.88gcJlbCLQ/shellcode.bin
[+] Final size: 818
[+] All done \(^O^)/
PEzor/loader.c:437:10: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char *') [-Wpointer-to-int-cast]
if (((DWORD)lpProcName & 0xFFFF0000) == 0x00000000)
^~~~~~~~~~~~~~~~~
PEzor/loader.c:443:43: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char *') [-Wpointer-to-int-cast]
uiAddressArray += ((IMAGE_ORDINAL((DWORD)lpProcName) - pExportDirectory->Base) * sizeof(DWORD));
^~~~~~~~~~~~~~~~~
/usr/x86_64-w64-mingw32/include/winnt.h:7286:48: note: expanded from macro 'IMAGE_ORDINAL'
#define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)
^~~~~~~
/usr/x86_64-w64-mingw32/include/winnt.h:7257:35: note: expanded from macro 'IMAGE_ORDINAL64'
#define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffffull)
^~~~~~~
2 warnings generated.

PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void **, unsigned long, _OBJECT_ATTRIBUTES *, void *, void *, void *, unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST )>')
status = INLINE_SYSCALL(NtCreateThreadEx)(
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:26:5: note: expanded from macro 'INLINE_SYSCALL'
INLINE_SYSCALL_MANUAL(
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:44:5: note: expanded from macro 'INLINE_SYSCALL_MANUAL'
::jm::syscall_function<decltype(function_pointer)> { syscall_id }
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:70:18: note: candidate function not viable: no known conversion from 'void (void ()())' to 'void *' for 5th argument
inline R operator()(Args... args) const noexcept;
^
1 error generated.
@phra
Copy link
Owner

phra commented Apr 1, 2022

it seems related to https://github.com/JustasMasiulis/inline_syscall project.

implementing #26 would solve the issue.

@phra
Copy link
Owner

phra commented Apr 1, 2022

duplicate of #70

@phra phra closed this as completed Apr 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phra @hawaii67