error: invalid operand in inline asm when run pezor.sh, that show errors as below，i don't know how deal with it

Question

error: invalid operand in inline asm when run pezor.sh, that show errors as below，i don't know how deal with it

wha000tif opened this issue 3 years ago · comments

kali# PEzor.sh -unhook -antidebug -text -self -sleep=120 mimikatz.exe -z 2
PEzor!! v2.1.0

Read the blog posts here:
https://iwantmore.pizza/posts/PEzor.html
https://iwantmore.pizza/posts/PEzor2.html
https://iwantmore.pizza/posts/PEzor3.html
Based on:
https://github.com/TheWover/donut
https://github.com/EgeBalci/sgn
https://github.com/JustasMasiulis/inline_syscall
https://github.com/CylanceVulnResearch/ReflectiveDLLRefresher

[?] Unhook enabled
[?] Anti-debug enabled
[?] Payload will be put in .text section
[?] Self-executing payload
[?] Waiting 120 seconds before executing the payload
[?] Processing mimikatz.exe
[?] PE detected: mimikatz.exe: PE32+ executable (console) x86-64, for MS Windows
[?] Building executable
[?] Executing donut

[ Donut shellcode generator v0.9.3
[ Copyright (c) 2019 TheWover, Odzhan

[ Instance type : Embedded
[ Module file : "mimikatz.exe"
[ Entropy : Random names + Encryption
[ Compressed : aPLib (Reduced by 54%)
[ File type : EXE
[ Target CPU : x86+amd64
[ AMSI/WDLP : continue
[ Shellcode : "/tmp/shellcode.bin.donut"
In file included from /home/pentest/PEzor/ApiSetMap.c:32:
In file included from /home/pentest/PEzor/ApiSetMap.h:37:
In file included from /usr/x86_64-w64-mingw32/include/windows.h:69:
In file included from /usr/x86_64-w64-mingw32/include/windef.h:8:
In file included from /usr/x86_64-w64-mingw32/include/minwindef.h:146:
In file included from /usr/x86_64-w64-mingw32/include/winnt.h:26:
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
__buildreadseg(__readgsqword, unsigned __int64, "gs")
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:625:1: error: invalid operand in inline asm: 'mov$(${0:z} %gs:$1, $0 $| $0, %gs:$1$)'
/usr/x86_64-w64-mingw32/include/psdk_inc/intrin-impl.h:145:14: note: expanded from macro '__buildreadseg'
asm ("mov{%z[ret] %%" z ":%[offset], %[ret] | %[ret], %%" z ":%[offset]}"
^
9 errors generated.
clang: error: no such file or directory: '/tmp/ApiSetMap.o'
clang: error: no such file or directory: '/tmp/loader.o'

Francesco Soncina · Answer 1 · Mon Jul 12 2021 06:25:22 GMT+0800 (China Standard Time)

weird, try on a fresh installed environment fi you get the same issues.

Francesco Soncina · Answer 2 · Sat Sep 16 2023 00:36:53 GMT+0800 (China Standard Time)

please have a look at the new updated master branch and reopen is stil applicable.

error: invalid operand in inline asm when run pezor.sh, that show errors as below，i don't know how deal with it

kali# PEzor.sh -unhook -antidebug -text -self -sleep=120 mimikatz.exe -z 2 PEzor!! v2.1.0

kali# PEzor.sh -unhook -antidebug -text -self -sleep=120 mimikatz.exe -z 2
PEzor!! v2.1.0