Error with syscalls
hawaii67 opened this issue · comments
If I run
./PEzor.sh -sgn -unhook -antidebug -text -syscalls Payload.raw
I get the following error message:
PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void **, unsigned long, _OBJECT_ATTRIBUTES *, void *, void *, void *, unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST *)>')
Version:
< PEzor!! v3.1.2 >
Without the syscalls option it works fine.
Full error messages:
[] Input: /tmp/tmp.88gcJlbCLQ/shellcode.bin.donut
[] Input Size: 715
[*] Outfile: /tmp/tmp.88gcJlbCLQ/shellcode.bin
[+] Final size: 818
[+] All done \(^O^)/
PEzor/loader.c:437:10: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char *') [-Wpointer-to-int-cast]
if (((DWORD)lpProcName & 0xFFFF0000) == 0x00000000)
^~~~~~~~~~~~~~~~~
PEzor/loader.c:443:43: warning: cast to smaller integer type 'DWORD' (aka 'unsigned long') from 'PCHAR' (aka 'char *') [-Wpointer-to-int-cast]
uiAddressArray += ((IMAGE_ORDINAL((DWORD)lpProcName) - pExportDirectory->Base) * sizeof(DWORD));
^~~~~~~~~~~~~~~~~
/usr/x86_64-w64-mingw32/include/winnt.h:7286:48: note: expanded from macro 'IMAGE_ORDINAL'
#define IMAGE_ORDINAL(Ordinal) IMAGE_ORDINAL64(Ordinal)
^~~~~~~
/usr/x86_64-w64-mingw32/include/winnt.h:7257:35: note: expanded from macro 'IMAGE_ORDINAL64'
#define IMAGE_ORDINAL64(Ordinal) (Ordinal & 0xffffull)
^~~~~~~
2 warnings generated.PEzor/inject.cpp:232:22: error: no matching function for call to object of type '::jm::syscall_function<decltype(NtCreateThreadEx)>' (aka 'syscall_function<long (void **, unsigned long, _OBJECT_ATTRIBUTES *, void *, void *, void *, unsigned long, unsigned long long, unsigned long long, unsigned long long, _PS_ATTRIBUTE_LIST )>')
status = INLINE_SYSCALL(NtCreateThreadEx)(
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:26:5: note: expanded from macro 'INLINE_SYSCALL'
INLINE_SYSCALL_MANUAL(
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:44:5: note: expanded from macro 'INLINE_SYSCALL_MANUAL'
::jm::syscall_function<decltype(function_pointer)> { syscall_id }
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
PEzor/deps/inline_syscall/include/inline_syscall.hpp:70:18: note: candidate function not viable: no known conversion from 'void (void ()())' to 'void *' for 5th argument
inline R operator()(Args... args) const noexcept;
^
1 error generated.
it seems related to https://github.com/JustasMasiulis/inline_syscall project.
implementing #26 would solve the issue.
duplicate of #70