Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error: invalid operand in inline asm when run pezor.sh, that show errors as below,i don't know how deal with it #39

Closed
wha000tif opened this issue May 27, 2021 · 2 comments
Closed

error: invalid operand in inline asm when run pezor.sh, that show errors as below,i don't know how deal with it #39

wha000tif opened this issue May 27, 2021 · 2 comments

Comments

@wha000tif
Copy link

kali# PEzor.sh -unhook -antidebug -text -self -sleep=120 mimikatz.exe -z 2
PEzor!! v2.1.0

Read the blog posts here:
https://iwantmore.pizza/posts/PEzor.html
https://iwantmore.pizza/posts/PEzor2.html
https://iwantmore.pizza/posts/PEzor3.html
Based on:
https://github.com/TheWover/donut
https://github.com/EgeBalci/sgn
https://github.com/JustasMasiulis/inline_syscall
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher

[?] Unhook enabled
[?] Anti-debug enabled
[?] Payload will be put in .text section
[?] Self-executing payload
[?] Waiting 120 seconds before executing the payload
[?] Processing mimikatz.exe
[?] PE detected: mimikatz.exe: PE32+ executable (console) x86-64, for MS Windows
[?] Building executable
[?] Executing donut

[ Donut shellcode generator v0.9.3
[ Copyright (c) 2019 TheWover, Odzhan

[ Instance type : Embedded
[ Module file : "mimikatz.exe"
[ Entropy : Random names + Encryption
[ Compressed : aPLib (Reduced by 54%)
[ File type : EXE
[ Target CPU : x86+amd64
[ AMSI/WDLP : continue
[ Shellcode : "/tmp/shellcode.bin.donut"
In file included from /home/pentest/PEzor/ApiSetMap.c:32:
In file included from /home/pentest/PEzor/ApiSetMap.h:37:
In file included from /usr/x86_64-w64-mingw32/include/windows.h:69:
In file included from /usr/x86_64-w64-mingw32/include/windef.h:8:
In file included from /usr/x86_64-w64-mingw32/include/minwindef.h:146:
In file included from /usr/x86_64-w64-mingw32/include/winnt.h:26:
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
__buildreadseg(__readgsqword, unsigned __int64, "gs")
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
9 errors generated.
clang: error: no such file or directory: '/tmp/ApiSetMap.o'
clang: error: no such file or directory: '/tmp/loader.o'
@phra
Copy link
Owner

phra commented Jul 11, 2021

weird, try on a fresh installed environment fi you get the same issues.

@phra
Copy link
Owner

phra commented Sep 15, 2023

please have a look at the new updated master branch and reopen is stil applicable.

@phra phra closed this as completed Sep 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@phra @wha000tif