Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FileNotFoundException in RewriteModuleIAT #12

Open
rasta-mouse opened this issue Nov 26, 2020 · 4 comments
Open

FileNotFoundException in RewriteModuleIAT #12

rasta-mouse opened this issue Nov 26, 2020 · 4 comments
Assignees
@TheWover
Labels
bug Something isn't working resolved This issue has been resolved and will be merged soon
Milestone
1.1

Comments

@rasta-mouse
Copy link

I think this is meant to work?

using DInvoke.DynamicInvoke;
using DInvoke.ManualMap;
using Data = DInvoke.Data;

using System;

namespace DInvokeTest
{
    class Program
    {
        static void Main(string[] args)
        {
            var pid = int.Parse(args[0]);

            var map = Overload.OverloadModule(@"C:\Windows\System32\kernel32.dll");

            var paramaters = new object[]
            {
                Data.Win32.Kernel32.ProcessAccessFlags.PROCESS_ALL_ACCESS,
                false,
                pid
            };

            var hProcess = (IntPtr)Generic.CallMappedDLLModuleExport(map.PEINFO, map.ModuleBase, "OpenProcess",
                typeof(Win32.Delegates.OpenProcess), paramaters);

            Console.WriteLine("Handle => 0x" + string.Format("{0:X}", hProcess.ToInt64()));
        }
    }
}
Unhandled Exception: System.IO.FileNotFoundException: api-ms-win-core-processthreads-l1-1-0.dll, unable to find the specified file.
   at DInvoke.ManualMap.Map.RewriteModuleIAT(PE_META_DATA PEINFO, IntPtr ModuleMemoryBase)
   at DInvoke.ManualMap.Map.MapModuleToMemory(IntPtr pModule, IntPtr pImage, PE_META_DATA PEINFO)
   at DInvoke.ManualMap.Overload.OverloadModule(Byte[] Payload, String DecoyModulePath, Boolean LegitSigned)
   at DInvokeTest.Program.Main(String[] args)

Probably a duplicate of cobbr/SharpSploit#58
@TheWover
Copy link
Owner

I think you're right. It works on my machine, but if it is actually a flaw with API Set resolution, then that could happen if you and I have different versions of Windows / APIs.

Thanks for finally finding a test case for this bug! I've marked this as a bug to fix for the next minor version.

@TheWover TheWover added this to the 1.1 milestone Nov 30, 2020
@TheWover TheWover added the bug Something isn't working label Nov 30, 2020
@TheWover TheWover self-assigned this Nov 30, 2020
@rasta-mouse
Copy link
Author

Let me know if there's any more information from my end that would be useful.

@TheWover
Copy link
Owner

I think I know what the issue is. If I can't reproduce the error (or simulate it) on my end, I'll ping you later to see if you can test a fix.

TheWover added a commit that referenced this issue Dec 1, 2020
@TheWover
Fixed #12 and #13
af9f869
@TheWover
Copy link
Owner

TheWover commented Dec 1, 2020

Fixed in af9f869 Will be merged with v1.1.

@TheWover TheWover added the resolved This issue has been resolved and will be merged soon label Jan 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TheWover TheWover

Labels
bug Something isn't working resolved This issue has been resolved and will be merged soon
Projects
None yet
Milestone
1.1
Development

No branches or pull requests
2 participants
@rasta-mouse @TheWover