Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

how to implement "-mwindows" for wclang #7

Open
Fankaren opened this issue Mar 28, 2022 · 3 comments
Open

how to implement "-mwindows" for wclang #7

Fankaren opened this issue Mar 28, 2022 · 3 comments

Comments

@Fankaren
Copy link

Fankaren commented Mar 28, 2022
edited
Loading

Hi!
Could you please tell me how to implement "-mwindows" for wclang? I wanna get x64 executable file instead of x86.
image
image

Thanks.
@icyguider
Copy link
Owner

Hi @Fankaren. While I'm not too familiar with that particular flag, I assume you are trying to get the ollvm compiled pe stub to run without the console, correct? To try and replicate your issue, I modified line 1221 of the mimcrypt.nim source code, changing "--app=console" to "--app=gui". I then recompiled Nimcrypt2 and ran the following command with a x64 Cobalt Strike beacon exe:

./nimcrypt -f beacon.exe -t pe -l

The output of this command showed me the same warning from wclang that you received, however it didn't seem to make any difference in regards to the output binary working as expected. I checked the output file using the "file" command and that confirmed to me that it was a x64 exe, not x86. I then copied it over to a windows system, confirmed that it was the ollvm compiled exe based on it's size, and executed it successfully with no console output. See the below screenshot:

help

I know you are having other issues/errors so maybe this one is related? If you did something different than I did above, feel free to add more details and maybe I'll be able to replicate then. Otherwise, I'm not too sure what's going on. I definitely appreciate you trying out the tool and letting me know of your issues though. I'm hoping at some point we'll be able to figure out what's going on to help make it better!

@Simon-Davies to give you a quick answer, I used the llvm-5.0 branch. Compiling it took me multiple tries as I had to run the make command more than a few times for it to reach 100% build status. I did see the issue you opened and if you still need the step-by-step commands I used for Kali I will try to provide them at some point in the future. It will probably take at least a few days unfortunately as I'm a bit busy, but with a little perseverance I'm sure you can figure it out before then. Good luck!

@Simon-Davies
Copy link

Thank you @icyguider

@Fankaren
Copy link
Author

Fankaren commented Mar 31, 2022
edited
Loading

Hi @Simon-Davies.
I test stage payload(x64 Windows Executable file), stageless payload(x64 Windows Executable file) and raw type shellcode(x64).

./nimcrypt -f artifact.exe -t pe -l                # -> stage.exe
./nimcrypt -f beacon.exe -t raw -l              # -> stageless.exe
./nimcrypt -f payload.bin -t raw -l             # -> sc.exe

The raw type shellcode can execute successfully eventually.
image

1648690460(1)

@lazermann111 lazermann111 mentioned this issue Sep 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Simon-Davies @Fankaren @icyguider