BOAZ_beta icon indicating copy to clipboard operation
BOAZ_beta copied to clipboard
verified publisher icon thomasxm

C0000005, EXCEPTION_ACCESS_VIOLATION

Open hawaii67 opened this issue 11 months ago • 2 comments

Hello, first of all, thanks for sharing this interesting project.

I generated a binary like this:

python3 Boaz.py -f ../payload.bin -t donut -l 1 -c mingw -e uuid -g

Upon reaching the shellcode, I get this error:

2025-01-04 14_29_39-

Changing the rights of the memory section from

2025-01-04 14_30_02-pXnAf8 exe - PID_ 25536 - Thread_ 19380 (switched from Main Thread) - x64dbg

to

2025-01-04 14_30_54-pXnAf8 exe - PID_ 25536 - Thread_ 19380 (switched from Main Thread) - x64dbg

during running the binary solves the problem - the shellcode fires. The rights of the memory section have to be set to execute/read/write after writing the shellcode to that section.

I wonder if anybody else has this problem since it doesn't look like a personal issue. Please check. Thank you.

hawaii67 avatar Jan 04 '25 13:01 hawaii67

The loader 1 is essentially a classic process injection called by custom syscall stubs. As shown in the screenshot, in NtAllocVirtualMemory call, it changes the memory protection to RWX therefore it should be RWX not R only.

Image

thomasxm avatar Mar 17 '25 10:03 thomasxm

Thanks for your answer. I really wonder why the memory protection is R only in my binary.

hawaii67 avatar Mar 17 '25 11:03 hawaii67