chvancooten / osep-code-snippets Goto Github PK

There is a not handle exception System.ArgumentOutOfRangeException:. Index is out of range.

The issue is on the line 169 "uint rva = BitConverter.ToUInt32(dataBuf, (int)rvaOffset);"

Can you take a look when you have a chance please?

Hello! Thank you for posting the code snippets. They are a great learning resource. The project builds successfully however I get the following error after running the executable and after the DEBUG: RVA offset value is successfully displayed in the console.

Unhandled Exception: System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: startIndex
at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
at System.BitConverter.ToUInt32(Byte[] value, Int32 startIndex)
at ProcessHollowing.Program.Main(String[] args)

Based on what I can see, the UInt32 Offset value (under section 4) must be returning a 0 value and I am not sure why? Any thoughts on what I might be missing? Thank you in advance.

Hi there,

while studying for OSEP I stumbled across your SimpleShellcodeLoader for Linux and gave it a shot. Unfortunately running it causes a Segfault on my end and this page explains why I guess. The compiler flag -execstack didnt work on my client (current Kali build). In the second part of his blog he shows how to fix those issues, but the code will differ from your "simpler" version (basically easy copy paste, I tested it and it works really good). Just wanted to provide the info in case someone else gets stuck here :)

all the link to tools/techniques are outlined in the [REDACTED] PDF

Code for deriving lobstr address

I followed the instructions for the process hollowing code present in this repo, but when triggering my malware, I get the following error:

.\meter.hollow.exe                                                                                 in pwsh at 00:57:21
Started 'svchost.exe' in a suspended state with PID 31644. Success: True.
Got process information and located PEB address of process at 0x866010. Success: True.
DEBUG: Executable base address: 0x720000.
DEBUG: e_lfanew offset: 0x7204c8.
DEBUG: RVA offset: 0x7204f0.

Unhandled Exception: System.ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: startIndex
   at System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource)
   at System.BitConverter.ToUInt32(Byte[] value, Int32 startIndex)
   at ProcessHollowing.Program.Main(String[] args)

Any help would be welcome!