Empire
Empire copied to clipboard
BC-SECURITY
[BUG] Invoke-ReflectivePEInjection C# executables crash Powershell
Empire Version
- Empire 3.2.3
OS Information (Linux flavor, Python version)
- OS:
- Python:
Describe the bug Some EXE files are not usable with Invoke-ReflectivePEInjection. In testing, it seems C# binaries are affected. Normal C binaries are able to be loaded just fine.
To Reproduce Steps to reproduce the behavior:
- Import-Module Invoke-ReflectivePEInjection
- Invoke-ReflectivePEInjection -PEPath File.exe
- if File.exe is a C# binary, Powershell crashes and EXE does not run.
- If File.exe is a C binary, Powershell does not crash, and the program runs.
Screenshots
Watson, a C# binary, crashes when loaded into Invoke-ReflectivePEInjection
Running a C/assembly binary successfully and then a C# binary crashes the loader.
Mimikatz, a C binary, loads without issue.
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Additional context Add any other context about the problem here.
This issue is closed because it does not meet our issue template. Please resubmit with the correct template.
![close-issue-app[bot] avatar](https://avatars.githubusercontent.com/in/12744?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue is closed because it does not meet our issue template. Please resubmit with the correct template.
@Invoke-Mimikatz sorry for not responding earlier this is a known bug I plan on trying to fix next week. C# is a .Net language and when you compile into an .exe it actually has a different format than a unmanaged exe (a C program). That's why one works but the other doesn't
