Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Shellcode Injection VirtualProtectEx Returns Error #28

Closed
2 tasks done
Ne0nd0g opened this issue Jun 10, 2023 · 0 comments
Closed
2 tasks done

Shellcode Injection VirtualProtectEx Returns Error #28

Ne0nd0g opened this issue Jun 10, 2023 · 0 comments

Comments

@Ne0nd0g
Copy link
Owner

Ne0nd0g commented Jun 10, 2023

Prerequisite

  • I have searched the opened & closed issues
  • I have searched the WIKI and its FAQ page

Environment Data

  • Merlin Version: v1.6.3
  • Merlin Build:
  • Go Version: 1.19
  • Operating System: Microsoft Windows [Version 10.0.19045.2965]

The CreateThread, RtlCreateUserThread, and QueueUserAPC shellcode injection methods use the VirtualProtectEx call without enough arguments causing the error: Invalid access to memory location. The call takes 5 arguments but only 3 are provided. Additionally, the error is not returned to server.

BOOL VirtualProtectEx(
  [in]  HANDLE hProcess,
  [in]  LPVOID lpAddress,
  [in]  SIZE_T dwSize,
  [in]  DWORD  flNewProtect,
  [out] PDWORD lpflOldProtect
);

merlin-agent/commands/exec_windows.go

Line 193 in e58a788

_, _, errVirtualProtectEx := VirtualProtectEx.Call(uintptr(pHandle), addr, uintptr(len(shellcode)), PAGE_EXECUTE)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ne0nd0g