SysWhispers3 icon indicating copy to clipboard operation
SysWhispers3 copied to clipboard
verified publisher icon klezVirus

Windows 11 wow64 error : 0xC0000005

Open IgorAkimenk opened this issue 1 year ago • 8 comments

violation of access rights during execution at address 0x00000000 image

IgorAkimenk avatar Mar 09 '24 20:03 IgorAkimenk

metoo

zblwtf avatar Mar 12 '24 07:03 zblwtf

@zblwtf Any idea how to solve this? Why is this happening?

IgorAkimenk avatar Mar 12 '24 18:03 IgorAkimenk

@IgorAkimenk When I was writing a meterpreter extension for the metasploit framework, I discovered that the latest version of meterpreter x86 uses ReflectiveLoader and also uses SysCall. It has similar ideas to SysWhispers3.

So you can take a look at the latest code base of metasploit framework to see the SysCall used by their latest ReflectiveLoader. The specific relevant code is in GateTrampoline32.asm DirectSyscall.c ReflectiveLoader.c.

image image

zblwtf avatar Mar 16 '24 01:03 zblwtf

it's okay just don't debug

zblwtf avatar Apr 17 '24 01:04 zblwtf

Hi @zblwtf , @IgorAkimenk. I'm seeing this just now, may I have a command line to reproduce?

klezVirus avatar Apr 17 '24 07:04 klezVirus